diff options
author | Lee, Tian (tl5884) <TianL@amdocs.com> | 2019-01-11 16:52:27 +0000 |
---|---|---|
committer | Lee, Tian (tl5884) <TianL@amdocs.com> | 2019-01-31 16:59:20 +0000 |
commit | fd8e7fbf73b93b2dd302108c7a1bcebb132647cd (patch) | |
tree | fee2a3df8807052a243eed1cf995b7b747ef6e45 /kubernetes/aai/charts/aai-gizmo/templates/deployment.yaml | |
parent | de248c3afe78f01e955375dac18edd742a5943de (diff) |
Update Gizmo and Champ security config
- Update rProxy to use AAF geo-locate endpoint rather than hard coded IP
address
- Update fProxy to use separate truststore
- Restructure charts to reduce certificate duplication
Change-Id: I1e63ceb0ebabd8bb3dfacc71dac841858279b6f1
Issue-ID: AAF-718
Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>
Diffstat (limited to 'kubernetes/aai/charts/aai-gizmo/templates/deployment.yaml')
-rw-r--r-- | kubernetes/aai/charts/aai-gizmo/templates/deployment.yaml | 33 |
1 files changed, 18 insertions, 15 deletions
diff --git a/kubernetes/aai/charts/aai-gizmo/templates/deployment.yaml b/kubernetes/aai/charts/aai-gizmo/templates/deployment.yaml index 0a30388279..ba90fdc76b 100644 --- a/kubernetes/aai/charts/aai-gizmo/templates/deployment.yaml +++ b/kubernetes/aai/charts/aai-gizmo/templates/deployment.yaml @@ -32,11 +32,6 @@ spec: release: {{ .Release.Name }} spec: {{ if .Values.global.installSidecarSecurity }} - hostAliases: - - ip: {{ .Values.global.aaf.serverIp }} - hostnames: - - {{ .Values.global.aaf.serverHostname }} - initContainers: - name: {{ .Values.global.tproxyConfig.name }} image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}" @@ -154,18 +149,18 @@ spec: - name: {{ include "common.fullname" . }}-rproxy-log-config mountPath: /opt/app/rproxy/config/logback-spring.xml subPath: logback-spring.xml - - name: {{ include "common.fullname" . }}-rproxy-auth-config + - name: {{ include "common.fullname" . }}-rproxy-auth-certs mountPath: /opt/app/rproxy/config/auth/tomcat_keystore subPath: tomcat_keystore - - name: {{ include "common.fullname" . }}-rproxy-auth-config + - name: {{ include "common.fullname" . }}-rproxy-auth-certs mountPath: /opt/app/rproxy/config/auth/client-cert.p12 subPath: client-cert.p12 + - name: {{ include "common.fullname" . }}-rproxy-auth-certs + mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12 + subPath: org.onap.aai.p12 - name: {{ include "common.fullname" . }}-rproxy-auth-config mountPath: /opt/app/rproxy/config/auth/uri-authorization.json subPath: uri-authorization.json - - name: {{ include "common.fullname" . }}-rproxy-auth-config - mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks - subPath: aaf_truststore.jks - name: {{ include "common.fullname" . }}-rproxy-security-config mountPath: /opt/app/rproxy/config/security/keyfile subPath: keyfile @@ -181,6 +176,8 @@ spec: value: "/opt/app/fproxy/config" - name: KEY_STORE_PASSWORD value: {{ .Values.config.keyStorePassword }} + - name: TRUST_STORE_PASSWORD + value: {{ .Values.config.trustStorePassword }} - name: spring_profiles_active value: {{ .Values.global.fproxy.activeSpringProfiles }} volumeMounts: @@ -190,10 +187,13 @@ spec: - name: {{ include "common.fullname" . }}-fproxy-log-config mountPath: /opt/app/fproxy/config/logback-spring.xml subPath: logback-spring.xml - - name: {{ include "common.fullname" . }}-fproxy-auth-config + - name: {{ include "common.fullname" . }}-fproxy-auth-certs mountPath: /opt/app/fproxy/config/auth/tomcat_keystore subPath: tomcat_keystore - - name: {{ include "common.fullname" . }}-fproxy-auth-config + - name: {{ include "common.fullname" . }}-fproxy-auth-certs + mountPath: /opt/app/fproxy/config/auth/fproxy_truststore + subPath: fproxy_truststore + - name: {{ include "common.fullname" . }}-fproxy-auth-certs mountPath: /opt/app/fproxy/config/auth/client-cert.p12 subPath: client-cert.p12 ports: @@ -245,18 +245,21 @@ spec: - name: {{ include "common.fullname" . }}-rproxy-auth-config secret: secretName: {{ include "common.fullname" . }}-rproxy-auth-config + - name: {{ include "common.fullname" . }}-rproxy-auth-certs + secret: + secretName: aai-rproxy-auth-certs - name: {{ include "common.fullname" . }}-rproxy-security-config secret: - secretName: {{ include "common.fullname" . }}-rproxy-security-config + secretName: aai-rproxy-security-config - name: {{ include "common.fullname" . }}-fproxy-config configMap: name: {{ include "common.fullname" . }}-fproxy-config - name: {{ include "common.fullname" . }}-fproxy-log-config configMap: name: {{ include "common.fullname" . }}-fproxy-log-config - - name: {{ include "common.fullname" . }}-fproxy-auth-config + - name: {{ include "common.fullname" . }}-fproxy-auth-certs secret: - secretName: {{ include "common.fullname" . }}-fproxy-auth-config + secretName: aai-fproxy-auth-certs {{ end }} imagePullSecrets: |