aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/aaf/components
diff options
context:
space:
mode:
authorSylvain Desbureaux <sylvain.desbureaux@orange.com>2021-02-11 18:12:46 +0100
committerSylvain Desbureaux <sylvain.desbureaux@orange.com>2021-02-12 08:20:42 +0100
commitef766403ef1436c9462c2c00da83a8b29fca3b53 (patch)
treefef447a67bbc4f23accf48c8ea12ed7a6ba6c560 /kubernetes/aaf/components
parentcf8f42f496f9f062964f0b62a4de7ba2ef0a72ee (diff)
[AAF] Give `identities.dat` to working deployments
Today, `identities.dat` is put on cassandra deployment. But this file is actually needed by "working" deployments (at least certman and service) and not by cassandra. This patch removes it from cassandra deployments and add it to the other ones form "authz" family. Issue-ID: OOM-2678 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I2a4b68f73797cd6c369060481e169525829a4217
Diffstat (limited to 'kubernetes/aaf/components')
-rw-r--r--kubernetes/aaf/components/aaf-cass/resources/cass-init-data/identities.dat82
-rw-r--r--kubernetes/aaf/components/aaf-cass/templates/configmap.yaml13
-rw-r--r--kubernetes/aaf/components/aaf-cass/templates/deployment.yaml23
-rw-r--r--kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl7
-rw-r--r--kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl10
5 files changed, 18 insertions, 117 deletions
diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-data/identities.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-data/identities.dat
deleted file mode 100644
index 7e976621df..0000000000
--- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-data/identities.dat
+++ /dev/null
@@ -1,82 +0,0 @@
-{{/*
-#
-# Sample Identities.dat
-# This file is for use with the "Default Organization". It is a simple mechanism to have a basic ILM structure to use with
-# out-of-the-box tire-kicking, or even for Small companies
-#
-# For Larger Companies, you will want to create a new class implementing the "Organization" interface, making calls to your ILM, or utilizing
-# batch feeds, as is appropriate for your company.
-#
-# Example Field Layout. note, in this example, Application IDs and People IDs are mixed. You may want to split
-# out AppIDs, choose your own status indicators, or whatever you use.
-# 0 - unique ID
-# 1 - full name
-# 2 - first name
-# 3 - last name
-# 4 - phone
-# 5 - official email
-# 6 - employment status e=employee, c=contractor, a=application, n=no longer with company
-# 7 - responsible to (i.e Supervisor for People, or AppOwner, if it's an App ID)
-#
-*/}}
-
-iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@people.osaaf.com|e|
-mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@people.osaaf.com|e|iowna
-bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.developer@people.osaaf.com|e|mmanager
-mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@people.osaaf.com|e|mmanager
-ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@people.osaaf.com|c|mmanager
-iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@people.osaaf.com|n|mmanager
-
-# Portal Identities
-portal|ONAP Portal Application|PORTAL|ONAP Application|314-123-1234|portal@people.osaaf.com|a|aaf_admin
-shi|ONAP SHI Portal Identity|shi|Portal Application|314-123-1234|shi@people.osaaf.com|a|aaf_admin
-demo|PORTAL DEMO|demo|PORTAL|DEMO|314-123-1234|demo@people.osaaf.com|e|aaf_admin
-jh0003|PORTAL ADMIN|jh|PORTAL ADMIN|314-123-1234|jh0003@people.osaaf.com|e|aaf_admin
-cs0008|PORTAL DESIGNER|cs|PORTAL DESIGNER|314-123-1234|cs0008@people.osaaf.com|e|aaf_admin
-jm0007|PORTAL TESTER|jm|PORTAL TESTER|314-123-1234|jm0007@people.osaaf.com|e|aaf_admin
-op0001|PORTAL OPS|op|PORTAL OPS|314-123-1234|op0001@people.osaaf.com|e|aaf_admin
-gv0001|GV PORTAL|gv|PORTAL|314-123-1234|gv0001@people.osaaf.com|e|aaf_admin
-pm0001|PM PORTAL|pm|PORTAL|314-123-1234|pm0001@people.osaaf.com|e|aaf_admin
-gs0001|GS PORTAL|gs|PORTAL|314-123-1234|gs0001@people.osaaf.com|e|aaf_admin
-ps0001|PS PORTAL|ps|PORTAL|314-123-1234|ps0001@people.osaaf.com|e|aaf_admin
-
-# AAF Defined Users
-aaf_admin|AAF Administrator|Mr AAF|AAF Admin|314-123-1234|aaf_admin@people.osaaf.com|e|mmanager
-deployer|Deployer|Deployer|Depoyer|314-123-1234|deployer@people.osaaf.com|e|aaf_admin
-
-# Requested Users
-portal_admin|Portal Admin|Portal|Admin|314-123-1234|portal_admin@people.osaaf.com|e|mmanager
-
-# ONAP App IDs
-aaf|AAF Application|AAF|Application|314-123-1234|no_reply@people.osaaf.com|a|aaf_admin
-aaf-sms|AAF SMS Application|AAF SMS|Application|314-123-1234|no_reply@people.osaaf.com|a|aaf_admin
-clamp|ONAP CLAMP Application|CLAMP|Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-aai|ONAP AAI Application|AAI|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-appc|ONAP APPC Application|APPC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-dcae|ONAP DCAE Application|CLAMP|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-oof|ONAP OOF Application|OOF|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-so|ONAP SO Application|SO|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-sdc|ONAP SDC Application|SDC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-sdnc|ONAP SDNC Application|SDNC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-sdnc-cds|ONAP SDNC CDS Application|SDNC-CDS|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-vfc|ONAP VFC Application|VNC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-policy|ONAP Policy Application|POLICY|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-pomba|ONAP Pomba Application|POMBA|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-holmes|ONAP Holmes Application|HOLMES|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-nbi|ONAP NBI Application|NBI|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-music|ONAP MUSIC Application|MUSIC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-# VID Identities
-vid|ONAP VID Application|VID|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-vid1|ONAP VID Application 1|VID 1|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-vid2|ONAP VID Application 2|VID 2|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-# DMAAP Identities
-dmaap-bc|ONAP DMaap BC Application|DMaap BC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-dmaap-bc-topic-mgr|ONAP DMaap BC Topic Manager|DMaap BC Topic Manager|DMaap BC|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-dmaap-bc-mm-prov|ONAP DMaap BC Provisioning Manager|DMaap BC Provision Manager|DMaap BC|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-dmaap-dr|ONAP DMaap DR|Prov|DMaap DR|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-dmaap-dr-prov|ONAP DMaap DR Prov|Prov|DMaap MR|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-dmaap-dr-node|ONAP DMaap DR Node|Node|DMaap MR|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-dmaap-mr|ONAP DMaap MR Application|DMaap MR|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-#deprecate these in El Alto
-dmaapmr|ONAP DMaap MR Application|DMaap MR|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-#dmaap.mr|ONAP DMaap MR Application|DMaap MR|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
diff --git a/kubernetes/aaf/components/aaf-cass/templates/configmap.yaml b/kubernetes/aaf/components/aaf-cass/templates/configmap.yaml
index ebf09e75c5..a10bb8a7a1 100644
--- a/kubernetes/aaf/components/aaf-cass/templates/configmap.yaml
+++ b/kubernetes/aaf/components/aaf-cass/templates/configmap.yaml
@@ -30,16 +30,3 @@ metadata:
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/cass-init-dats/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-cass-init-data
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/cass-init-data/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/aaf/components/aaf-cass/templates/deployment.yaml b/kubernetes/aaf/components/aaf-cass/templates/deployment.yaml
index e62d387a0a..4e18b3b746 100644
--- a/kubernetes/aaf/components/aaf-cass/templates/deployment.yaml
+++ b/kubernetes/aaf/components/aaf-cass/templates/deployment.yaml
@@ -31,17 +31,9 @@ spec:
args:
- -c
- |
- echo "*** input data ***"
- ls -l /config-input-data/*
- echo "*** input dats ***"
- ls -l /config-input-dats/*
- cp -L /config-input-data/* /config-data/
+ echo "*** Move files from configmap to emptyDir"
cp -L /config-input-dats/* /config-dats/
- echo "*** output data ***"
- ls -l /config-data/*
- echo "*** output dats ***"
- ls -l /config-dats/*
- chown -R 1000:1000 /config-data
+ echo "*** set righ user to the different folders"
chown -R 1000:1000 /config-dats
chown -R 1000:1000 /var/lib/cassandra
chown -R 1000:1000 /status
@@ -50,14 +42,10 @@ spec:
volumeMounts:
- mountPath: /var/lib/cassandra
name: aaf-cass-vol
- - mountPath: /config-input-data
- name: config-cass-init-data
- mountPath: /config-input-dats
name: config-cass-init-dats
- mountPath: /config-dats
name: config-cass-dats
- - mountPath: /config-data
- name: config-cass-data
- mountPath: /status
name: aaf-status
resources:
@@ -103,8 +91,6 @@ spec:
- mountPath: /etc/localtime
name: localtime
readOnly: true
- - mountPath: /opt/app/aaf/cass_init/data
- name: config-cass-data
- mountPath: /opt/app/aaf/cass_init/dats
name: config-cass-dats
- mountPath: /opt/app/aaf/status
@@ -144,12 +130,7 @@ spec:
- name: config-cass-init-dats
configMap:
name: {{ include "common.fullname" . }}-cass-init-dats
- - name: config-cass-init-data
- configMap:
- name: {{ include "common.fullname" . }}-cass-init-data
- name: config-cass-dats
emptyDir: {}
- - name: config-cass-data
- emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl b/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl
index afa5004a48..50da519a89 100644
--- a/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl
+++ b/kubernetes/aaf/components/aaf-templates/templates/_deployment.tpl
@@ -40,6 +40,8 @@ spec:
- mountPath: /opt/app/osaaf/etc/org.osaaf.aaf.log4j.props
name: aaf-log
subPath: org.osaaf.aaf.log4j.props
+ - mountPath: /opt/app/osaaf/data/
+ name: config-identity
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
@@ -68,6 +70,11 @@ spec:
- name: aaf-log
configMap:
name: {{ include "common.release" . }}-aaf-log
+ - name: config-init-identity
+ configMap:
+ name: {{ include "common.release" . }}-aaf-identity
+ - name: config-identity
+ emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
{{- end -}}
diff --git a/kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl b/kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl
index 7cdf4d072e..755315296d 100644
--- a/kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl
+++ b/kubernetes/aaf/components/aaf-templates/templates/_initContainers.tpl
@@ -15,12 +15,16 @@
*/}
{{- define "aaf.permissionFixer" -}}
-- name: fix-permission
+- name: onboard-identity-and-fix-permission
command:
- /bin/sh
args:
- -c
- |
+ echo "*** Move files from configmap to emptyDir"
+ cp -L /config-input-identity/* /config-identity/
+ echo "*** set righ user to the different folders"
+ chown -R 1000:1000 /config-identity
chown -R 1000:1000 /opt/app/aaf
chown -R 1000:1000 /opt/app/osaaf
image: {{ include "repositoryGenerator.image.busybox" . }}
@@ -28,6 +32,10 @@
volumeMounts:
- mountPath: /opt/app/osaaf
name: aaf-config-vol
+ - mountPath: /config-input-identity
+ name: config-init-identity
+ - mountPath: /config-identity
+ name: config-identity
resources:
limits:
cpu: 100m