summaryrefslogtreecommitdiffstats
path: root/kubernetes/aai/components/aai-graphadmin
diff options
context:
space:
mode:
authorefiacor <fiachra.corcoran@est.tech>2023-03-23 12:10:50 +0000
committerefiacor <fiachra.corcoran@est.tech>2023-03-29 21:59:15 +0100
commitd12c16773174e0cdd1fcdd861c7b93ae05de1bc9 (patch)
tree84d8b5e17d0c5520c59f81a4a41d47da695b8bca /kubernetes/aai/components/aai-graphadmin
parent11e85382bc62797ea511a42b1bd647772129c0d7 (diff)
[AAI] Remove AAF/TLS config from charts
Remove aaf and tls config from aai charts Signed-off-by: efiacor <fiachra.corcoran@est.tech> Change-Id: Ibb26e7ae00eb6b5a65ec2263b8f57ad6fb345892 Issue-ID: OOM-3111
Diffstat (limited to 'kubernetes/aai/components/aai-graphadmin')
-rw-r--r--kubernetes/aai/components/aai-graphadmin/Chart.yaml8
-rw-r--r--kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties15
-rw-r--r--kubernetes/aai/components/aai-graphadmin/resources/config/application.properties33
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml55
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml55
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml55
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml104
-rw-r--r--kubernetes/aai/components/aai-graphadmin/values.yaml57
8 files changed, 33 insertions, 349 deletions
diff --git a/kubernetes/aai/components/aai-graphadmin/Chart.yaml b/kubernetes/aai/components/aai-graphadmin/Chart.yaml
index 239bcad749..646be46337 100644
--- a/kubernetes/aai/components/aai-graphadmin/Chart.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/Chart.yaml
@@ -4,7 +4,7 @@
# ================================================================================
# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2021-2023 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -27,12 +27,6 @@ version: 12.0.0
dependencies:
- name: common
version: ~12.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
- - name: certInitializer
- version: ~12.x-0
repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties
index f768338d99..8f63ac85ab 100644
--- a/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties
+++ b/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties
@@ -5,6 +5,7 @@
# ================================================================================
# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2021 Orange
+# Modifications Copyright © 2023 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -24,16 +25,9 @@ aai.config.checktime=1000
# this could come from siteconfig.pl?
aai.config.nodename=AutomaticallyOverwritten
-
-{{ if ( include "common.needTLS" .) }}
-aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/
-aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/
-aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/
-{{ else }}
aai.server.url.base=http://aai.{{ include "common.namespace" . }}/aai/
aai.server.url=http://aai.{{ include "common.namespace" . }}/aai/{{ .Values.global.config.schema.version.api.default }}/
aai.global.callback.url=http://aai.{{ include "common.namespace" . }}/aai/
-{{ end }}
{{ if or (.Values.global.config.basic.auth.enabled) ( include "common.onServiceMesh" .) }}
aai.tools.enableBasicAuth=true
@@ -41,13 +35,6 @@ aai.tools.username={{ .Values.global.config.basic.auth.username }}
aai.tools.password={{ .Values.global.config.basic.auth.passwd }}
{{ end }}
-{{ if ( include "common.needTLS" .) }}
-aai.truststore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
-aai.truststore.passwd.x=${TRUSTSTORE_PASSWORD}
-aai.keystore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
-aai.keystore.passwd.x=${KEYSTORE_PASSWORD}
-{{ end }}
-
aai.notification.current.version={{ .Values.global.config.schema.version.api.default }}
aai.notificationEvent.default.status=UNPROCESSED
aai.notificationEvent.default.eventType={{ .Values.global.config.notification.eventType }}
diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties
index 6e64fd8400..37d02a0629 100644
--- a/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties
+++ b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties
@@ -5,6 +5,7 @@
# ================================================================================
# Copyright � 2018 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2021 Orange
+# Modifications Copyright © 2023 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -34,7 +35,7 @@ server.servlet.context-path=/
spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
-spring.profiles.active={{ .Values.config.profiles.active }}{{ (eq "true" (include "common.needTLS" .)) | ternary ",one-way-ssl" "" }}
+spring.profiles.active={{ .Values.config.profiles.active }}
spring.jersey.application-path=${schema.uri.base.path}
#The max number of active threads in this pool
server.tomcat.max-threads=200
@@ -49,23 +50,13 @@ server.local.startpath=/opt/app/aai-graphadmin/resources/
server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties
server.port=8449
-{{ if ( include "common.needTLS" .) }}
-server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
-server.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.jks
-server.ssl.key-store-password=password(${KEYSTORE_JKS_PASSWORD})
-server.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
-server.ssl.trust-store-password=password(${TRUSTSTORE_PASSWORD})
-server.ssl.client-auth=want
-server.ssl.key-store-type=JKS
-{{ else }}
security.require-ssl=false
server.ssl.enabled=false
-{{ end }}
# JMS bind address host port
jms.bind.address=tcp://localhost:61649
-dmaap.ribbon.listOfServers=message-router.{{.Release.Namespace}}:{{ (eq "true" (include "common.needTLS" .)) | ternary 3905 3904 }}
-dmaap.ribbon.transportType={{ include "common.scheme" . }}
+dmaap.ribbon.listOfServers=message-router.{{ include "common.namespace" . }}:3904
+dmaap.ribbon.transportType=http
# Schema related attributes for the oxm and edges
# Any additional schema related attributes should start with prefix schema
@@ -101,26 +92,14 @@ schema.service.base.url={{ include "common.scheme" . }}://aai-schema-service.{{
schema.service.nodes.endpoint=nodes?version=
schema.service.edges.endpoint=edgerules?version=
schema.service.versions.endpoint=versions
-schema.service.client={{ (eq "true" (include "common.needTLS" .)) | ternary .Values.global.config.schema.service.client "no-auth" }}
+schema.service.client=no-auth
-{{ if ( include "common.needTLS" .) }}
-schema.service.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.jks
-schema.service.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
-schema.service.ssl.key-store-password=password(${KEYSTORE_JKS_PASSWORD})
-schema.service.ssl.trust-store-password=password(${TRUSTSTORE_PASSWORD})
-{{ end }}
aperture.rdbmsname=aai_relational
-aperture.service.client={{ (eq "true" (include "common.needTLS" .)) | ternary .Values.global.config.schema.service.client "no-auth" }}
+aperture.service.client=no-auth
aperture.service.base.url=http://localhost:8457/aai/aperture
-{{ if ( include "common.needTLS" .) }}
-aperture.service.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.jks
-aperture.service.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
-aperture.service.ssl.key-store-password=password(${KEYSTORE_JKS_PASSWORD})
-aperture.service.ssl.trust-store-password=password(${TRUSTSTORE_PASSWORD})
-{{ end }}
aperture.service.timeout-in-milliseconds=300000
#To Expose the Prometheus scraping endpoint
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
index a8564b0766..033cfa02bc 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
@@ -6,6 +6,7 @@
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
# Copyright (c) 2020 Nokia Intellectual Property. All rights reserved.
# Copyright (c) 2020-2021 Orange Intellectual Property. All rights reserved.
+# Modifications Copyright © 2023 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -53,50 +54,7 @@ spec:
hostname: aai-graphadmin
terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }}
{{ if .Values.global.initContainers.enabled }}
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- {{- if .Values.global.aafEnabled }}
- - command:
- - sh
- args:
- - -c
- - |
- echo "*** retrieve Truststore and Keystore password"
- export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
- echo "*** obfuscate them "
- export JETTY_UTIL_JAR=$(find /usr/local/jetty/lib/ -regextype sed -regex ".*jetty-util-[0-9].*.jar")
- export KEYSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
- export KEYSTORE_JKS_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
- export TRUSTSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
- echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
- echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
- image: {{ include "repositoryGenerator.image.jetty" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-obfuscate
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- securityContext:
- runAsUser: {{ .Values.securityContext.user_id }}
- - command:
- - sh
- args:
- - -c
- - |
- echo "*** Set obfuscated Truststore and Keystore password into configuration file"
- export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
- cd /config-input
- for PFILE in `ls -1`
- do
- envsubst <${PFILE} >/config/${PFILE}
- done
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- - mountPath: /config-input
- name: properties-input
- - mountPath: /config
- name: properties
- image: {{ include "repositoryGenerator.image.envsubst" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
- {{- end }}
+ initContainers:
- command:
{{ if .Values.global.jobs.migration.enabled }}
- /app/ready.py
@@ -145,7 +103,7 @@ spec:
value: {{ .Values.service.internalPort2 | quote }}
- name: INTERNAL_PORT_3
value: {{ .Values.service.internalPort3 | quote }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+ volumeMounts:
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -215,7 +173,7 @@ spec:
# side car containers
{{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+ volumes:
- name: localtime
hostPath:
path: /etc/localtime
@@ -226,11 +184,6 @@ spec:
configMap:
name: {{ include "common.fullname" . }}
- name: properties
- {{- if .Values.global.aafEnabled }}
- emptyDir:
- medium: Memory
- - name: properties-input
- {{- end }}
configMap:
name: {{ include "common.fullname" . }}-properties
restartPolicy: {{ .Values.restartPolicy }}
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml
index a93c6107e7..2973245dfd 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml
@@ -6,6 +6,7 @@
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
# Copyright (c) 2020 Nokia Intellectual Property. All rights reserved.
# Copyright (c) 2020-2021 Orange Intellectual Property. All rights reserved.
+# Modifications Copyright © 2023 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -58,50 +59,7 @@ spec:
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}
spec:
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- {{- if .Values.global.aafEnabled }}
- - command:
- - sh
- args:
- - -c
- - |
- echo "*** retrieve Truststore and Keystore password"
- export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
- echo "*** obfuscate them "
- export JETTY_UTIL_JAR=$(find /usr/local/jetty/lib/ -regextype sed -regex ".*jetty-util-[0-9].*.jar")
- export KEYSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
- export KEYSTORE_JKS_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
- export TRUSTSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
- echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
- echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
- image: {{ include "repositoryGenerator.image.jetty" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-obfuscate
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- securityContext:
- runAsUser: {{ .Values.securityContext.user_id }}
- - command:
- - sh
- args:
- - -c
- - |
- echo "*** Set obfuscated Truststore and Keystore password into configuration file"
- export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
- cd /config-input
- for PFILE in `ls -1`
- do
- envsubst <${PFILE} >/config/${PFILE}
- done
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- - mountPath: /config-input
- name: properties-input
- - mountPath: /config
- name: properties
- image: {{ include "repositoryGenerator.image.envsubst" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
- {{- end }}
+ initContainers:
{{ if eq .Values.global.jobs.migration.remoteCassandra.enabled false }}
- command:
- /bin/bash
@@ -135,7 +93,7 @@ spec:
value: {{ .Values.securityContext.user_id | quote }}
- name: LOCAL_GROUP_ID
value: {{ .Values.securityContext.group_id | quote }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+ volumeMounts:
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -168,7 +126,7 @@ spec:
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+ volumes:
- name: localtime
hostPath:
path: /etc/localtime
@@ -178,11 +136,6 @@ spec:
configMap:
name: {{ include "common.fullname" . }}
- name: properties
- {{- if .Values.global.aafEnabled }}
- emptyDir:
- medium: Memory
- - name: properties-input
- {{- end }}
configMap:
name: {{ include "common.fullname" . }}-properties
- name: migration
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml
index a9349028f4..538b5aed50 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml
@@ -6,6 +6,7 @@
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
# Copyright (c) 2020 Nokia Intellectual Property. All rights reserved.
# Copyright (c) 2020-2021 Orange Intellectual Property. All rights reserved.
+# Modifications Copyright © 2023 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -53,50 +54,7 @@ spec:
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}
spec:
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- {{- if .Values.global.aafEnabled }}
- - command:
- - sh
- args:
- - -c
- - |
- echo "*** retrieve Truststore and Keystore password"
- export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
- echo "*** obfuscate them "
- export JETTY_UTIL_JAR=$(find /usr/local/jetty/lib/ -regextype sed -regex ".*jetty-util-[0-9].*.jar")
- export KEYSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
- export KEYSTORE_JKS_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
- export TRUSTSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
- echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
- echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
- image: {{ include "repositoryGenerator.image.jetty" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-obfuscate
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- securityContext:
- runAsUser: {{ .Values.securityContext.user_id }}
- - command:
- - sh
- args:
- - -c
- - |
- echo "*** Set obfuscated Truststore and Keystore password into configuration file"
- export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
- cd /config-input
- for PFILE in `ls -1`
- do
- envsubst <${PFILE} >/config/${PFILE}
- done
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- - mountPath: /config-input
- name: properties-input
- - mountPath: /config
- name: properties
- image: {{ include "repositoryGenerator.image.envsubst" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
- {{- end }}
+ initContainers:
- command:
- /app/ready.py
args:
@@ -135,7 +93,7 @@ spec:
value: {{ .Values.securityContext.user_id | quote }}
- name: LOCAL_GROUP_ID
value: {{ .Values.securityContext.group_id | quote }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+ volumeMounts:
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -166,7 +124,7 @@ spec:
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+ volumes:
- name: localtime
hostPath:
path: /etc/localtime
@@ -177,11 +135,6 @@ spec:
configMap:
name: {{ include "common.fullname" . }}
- name: properties
- {{- if .Values.global.aafEnabled }}
- emptyDir:
- medium: Memory
- - name: properties-input
- {{- end }}
configMap:
name: {{ include "common.fullname" . }}-properties
restartPolicy: Never
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml
index 10b8255c50..7e9f866d5f 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml
@@ -6,6 +6,7 @@
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
# Copyright (c) 2020 Nokia Intellectual Property. All rights reserved.
# Copyright (c) 2020-2021 Orange Intellectual Property. All rights reserved.
+# Modifications Copyright © 2023 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -58,50 +59,7 @@ spec:
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}
spec:
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- {{- if .Values.global.aafEnabled }}
- - command:
- - sh
- args:
- - -c
- - |
- echo "*** retrieve Truststore and Keystore password"
- export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
- echo "*** obfuscate them "
- export JETTY_UTIL_JAR=$(find /usr/local/jetty/lib/ -regextype sed -regex ".*jetty-util-[0-9].*.jar")
- export KEYSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
- export KEYSTORE_JKS_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
- export TRUSTSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
- echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
- echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
- image: {{ include "repositoryGenerator.image.jetty" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-obfuscate
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- securityContext:
- runAsUser: {{ .Values.securityContext.user_id }}
- - command:
- - sh
- args:
- - -c
- - |
- echo "*** Set obfuscated Truststore and Keystore password into configuration file"
- export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
- cd /config-input
- for PFILE in `ls -1`
- do
- envsubst <${PFILE} >/config/${PFILE}
- done
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- - mountPath: /config-input
- name: properties-input
- - mountPath: /config
- name: properties
- image: {{ include "repositoryGenerator.image.envsubst" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
- {{- end }}
+ initContainers:
- command:
- /app/ready.py
args:
@@ -133,7 +91,7 @@ spec:
value: {{ .Values.securityContext.user_id | quote }}
- name: LOCAL_GROUP_ID
value: {{ .Values.securityContext.group_id | quote }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+ volumeMounts:
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -180,7 +138,7 @@ spec:
value: {{ .Values.securityContext.user_id | quote }}
- name: LOCAL_GROUP_ID
value: {{ .Values.securityContext.group_id | quote }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+ volumeMounts:
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -211,7 +169,7 @@ spec:
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+ volumes:
- name: localtime
hostPath:
path: /etc/localtime
@@ -225,11 +183,6 @@ spec:
persistentVolumeClaim:
claimName: {{ include "common.fullname" . }}-migration
- name: properties
- {{- if .Values.global.aafEnabled }}
- emptyDir:
- medium: Memory
- - name: properties-input
- {{- end }}
configMap:
name: {{ include "common.fullname" . }}-properties
restartPolicy: Never
@@ -259,50 +212,7 @@ spec:
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}
spec:
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- {{- if .Values.global.aafEnabled }}
- - command:
- - sh
- args:
- - -c
- - |
- echo "*** retrieve Truststore and Keystore password"
- export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
- echo "*** obfuscate them "
- export JETTY_UTIL_JAR=$(find /usr/local/jetty/lib/ -regextype sed -regex ".*jetty-util-[0-9].*.jar")
- export KEYSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
- export KEYSTORE_JKS_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
- export TRUSTSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
- echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
- echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
- image: {{ include "repositoryGenerator.image.jetty" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-obfuscate
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- securityContext:
- runAsUser: {{ .Values.securityContext.user_id }}
- - command:
- - sh
- args:
- - -c
- - |
- echo "*** Set obfuscated Truststore and Keystore password into configuration file"
- export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
- cd /config-input
- for PFILE in `ls -1`
- do
- envsubst <${PFILE} >/config/${PFILE}
- done
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- - mountPath: /config-input
- name: properties-input
- - mountPath: /config
- name: properties
- image: {{ include "repositoryGenerator.image.envsubst" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
- {{- end }}
+ initContainers:
{{ if eq .Values.global.jobs.migration.remoteCassandra.enabled false }}
- command:
- /bin/bash
@@ -336,7 +246,7 @@ spec:
value: {{ .Values.securityContext.user_id | quote }}
- name: LOCAL_GROUP_ID
value: {{ .Values.securityContext.group_id | quote }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+ volumeMounts:
- mountPath: /etc/localtime
name: localtime
readOnly: true
diff --git a/kubernetes/aai/components/aai-graphadmin/values.yaml b/kubernetes/aai/components/aai-graphadmin/values.yaml
index ff7a7d6130..d333448f8d 100644
--- a/kubernetes/aai/components/aai-graphadmin/values.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/values.yaml
@@ -5,6 +5,7 @@
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
# Copyright (c) 2020 Nokia Intellectual Property. All rights reserved.
# Copyright (c) 2020-2021 Orange Intellectual Property. All rights reserved.
+# Modifications Copyright © 2023 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -61,7 +62,7 @@ global: # global defaults
# Specifies if the connection should be one way ssl, two way ssl or no auth
# will be set to no-auth if tls is disabled
service:
- client: one-way-ssl
+ client: no-auth
# Specifies which translator to use if it has schema-service, then it will
# make a rest request to schema service
translator:
@@ -98,51 +99,6 @@ global: # global defaults
realtime:
clients: SDNC,-1|MSO,-1|SO,-1|robot-ete,-1
-#################################################################
-# Certificate configuration
-#################################################################
-certInitializer:
- nameOverride: aai-graphadmin-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: aai
- fqi: aai@aai.onap.org
- public_fqdn: aai.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- fqi_namespace: org.onap.aai
- user_id: &user_id 1000
- group_id: &group_id 1000
- aaf_add_config: |
- echo "*** changing them into shell safe ones"
- export KEYSTORE_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- export KEYSTORE_JKS_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- export TRUSTSTORE_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- cd {{ .Values.credsPath }}
- keytool -storepasswd -new "${KEYSTORE_PLAIN_PASSWORD}" \
- -storepass "${cadi_keystore_password_p12}" \
- -keystore {{ .Values.fqi_namespace }}.p12
- keytool -storepasswd -new "${TRUSTSTORE_PLAIN_PASSWORD}" \
- -storepass "${cadi_truststore_password}" \
- -keystore {{ .Values.fqi_namespace }}.trust.jks
- keytool -storepasswd -new "${KEYSTORE_JKS_PLAIN_PASSWORD}" \
- -storepass "${cadi_keystore_password_jks}" \
- -keystore {{ .Values.fqi_namespace }}.jks
- echo "*** set key password as same password as keystore password"
- keytool -keypasswd -new "${KEYSTORE_JKS_PLAIN_PASSWORD}" \
- -keystore {{ .Values.fqi_namespace }}.jks \
- -keypass "${cadi_keystore_password_jks}" \
- -storepass "${KEYSTORE_JKS_PLAIN_PASSWORD}" -alias {{ .Values.fqi }}
- echo "*** writing passwords into prop file"
- echo "KEYSTORE_PLAIN_PASSWORD=${KEYSTORE_PLAIN_PASSWORD}" > {{ .Values.credsPath }}/mycreds.prop
- echo "KEYSTORE_JKS_PLAIN_PASSWORD=${KEYSTORE_JKS_PLAIN_PASSWORD}" >> {{ .Values.credsPath }}/mycreds.prop
- echo "TRUSTSTORE_PLAIN_PASSWORD=${TRUSTSTORE_PLAIN_PASSWORD}" >> {{ .Values.credsPath }}/mycreds.prop
- echo "*** change ownership of certificates to targeted user"
- chown -R {{ .Values.user_id }}:{{ .Values.group_id }} {{ .Values.credsPath }}
-
# application image
image: onap/aai-graphadmin:1.11.2
pullPolicy: Always
@@ -165,9 +121,8 @@ config:
# Specify the profiles for the graphadmin microservice
profiles:
- # one way ssl profile will be set unless tlsEnabled is set to false or serviceMesh is enabled and
- # serviceMesh.tls is set to tru
- active: dmaap #,one-way-ssl"
+
+ active: dmaap
# Specifies the timeout limit for the REST API requests
timeout:
@@ -318,8 +273,8 @@ metrics:
# Not fully used for now
securityContext:
- user_id: *user_id
- group_id: *group_id
+ user_id: 1000
+ group_id: 1000
#Pods Service Account
serviceAccount: