aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/aai/components/aai-resources/templates
diff options
context:
space:
mode:
authorSylvain Desbureaux <sylvain.desbureaux@orange.com>2020-12-15 12:00:26 +0100
committerSylvain Desbureaux <sylvain.desbureaux@orange.com>2021-02-22 15:52:53 +0100
commitb4e038d2e2e7f39fc69a234bb132f43ff6a69712 (patch)
tree02c1f1f8f18bcf86754a02864256308064709121 /kubernetes/aai/components/aai-resources/templates
parent740de6d5e3e0744966114440583df27d141dfd03 (diff)
[AAI][RESOURCES] Remove Hardcoded certificates
Use Certinitializer in order to retrieve needed certificates. Issue-ID: OOM-2655 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ie05936be0f513c76ea4dce31b8a460056b79a4b0
Diffstat (limited to 'kubernetes/aai/components/aai-resources/templates')
-rw-r--r--kubernetes/aai/components/aai-resources/templates/configmap.yaml2
-rw-r--r--kubernetes/aai/components/aai-resources/templates/deployment.yaml71
-rw-r--r--kubernetes/aai/components/aai-resources/templates/secret.yaml6
-rw-r--r--kubernetes/aai/components/aai-resources/templates/service.yaml1
4 files changed, 30 insertions, 50 deletions
diff --git a/kubernetes/aai/components/aai-resources/templates/configmap.yaml b/kubernetes/aai/components/aai-resources/templates/configmap.yaml
index f173916104..99973565f8 100644
--- a/kubernetes/aai/components/aai-resources/templates/configmap.yaml
+++ b/kubernetes/aai/components/aai-resources/templates/configmap.yaml
@@ -18,7 +18,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
- name: {{ include "common.fullname" . }}-configmap
+ name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml
index 6fbbf1c089..7dc79a774f 100644
--- a/kubernetes/aai/components/aai-resources/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml
@@ -72,30 +72,28 @@ spec:
{{- end }}
spec:
hostname: aai-resources
- initContainers:
- - command:
- {{- if .Values.global.jobs.migration.enabled }}
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ - name: {{ include "common.name" . }}-readiness
+ command:
- /app/ready.py
args:
+ {{- if .Values.global.jobs.migration.enabled }}
- --job-name
- {{ include "common.release" . }}-aai-graphadmin-migration
- {{- else }}
- {{- if .Values.global.jobs.createSchema.enabled }}
- - /app/ready.py
- args:
+ {{- else }}
+ {{- if .Values.global.jobs.createSchema.enabled }}
- --job-name
- {{ include "common.release" . }}-aai-graphadmin-create-db-schema
- {{- else }}
- - /app/ready.py
- args:
+ {{- else }}
- --container-name
- {{- if .Values.global.cassandra.localCluster }}
+ {{- if .Values.global.cassandra.localCluster }}
- aai-cassandra
- {{- else }}
+ {{- else }}
- cassandra
- {{- end }}
+ {{- end }}
- --container-name
- aai-schema-service
+ {{- end }}
{{- end }}
env:
- name: NAMESPACE
@@ -105,20 +103,29 @@ spec:
fieldPath: metadata.namespace
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- {{- end }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ echo "*** retrieve Truststore and Keystore password"
+ export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ echo "*** actual launch of AAI Resources"
+ /bin/bash /opt/app/aai-resources/docker-entrypoint.sh
env:
- name: LOCAL_USER_ID
value: {{ .Values.global.config.userId | quote }}
- name: LOCAL_GROUP_ID
value: {{ .Values.global.config.groupId | quote }}
- name: POST_JAVA_OPTS
- value: '-Djavax.net.ssl.trustStore=/opt/app/aai-resources/resources/aaf/truststoreONAPall.jks -Djavax.net.ssl.trustStorePassword=changeit'
- volumeMounts:
+ value: '-Djavax.net.ssl.trustStore=/opt/app/aai-resources/resources/aaf/truststoreONAPall.jks -Djavax.net.ssl.trustStorePassword={{ .Values.certInitializer.truststoreAllPassword }}'
+ - name: TRUSTORE_ALL_PASSWORD
+ value: {{ .Values.certInitializer.truststoreAllPassword }}
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -142,9 +149,6 @@ spec:
- mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties
name: {{ include "common.fullname" . }}-config
subPath: realm.properties
- - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.keyfile
- name: {{ include "common.fullname" . }}-aaf-certs
- subPath: org.onap.aai.keyfile
- mountPath: /opt/app/aai-resources/resources/aaf/bath_config.csv
name: {{ include "common.fullname" . }}-aaf-certs
subPath: bath_config.csv
@@ -160,24 +164,12 @@ spec:
- mountPath: /opt/app/aai-resources/resources/cadi.properties
name: {{ include "common.fullname" . }}-aaf-properties
subPath: cadi.properties
- - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.p12
- name: {{ include "common.fullname" . }}-aaf-certs
- subPath: org.onap.aai.p12
- - mountPath: /opt/app/aai-resources/resources/aaf/truststoreONAPall.jks
- name: aai-common-aai-auth-mount
- subPath: truststoreONAPall.jks
- mountPath: /opt/app/aai-resources/resources/application.properties
name: {{ include "common.fullname" . }}-config
subPath: application.properties
- mountPath: /opt/app/aai-resources/resources/application-keycloak.properties
name: {{ include "common.fullname" . }}-config
subPath: application-keycloak.properties
- {{- $global := . }}
- {{- range $job := .Values.global.config.auth.files }}
- - mountPath: /opt/app/aai-resources/resources/etc/auth/{{ . }}
- name: {{ include "common.fullname" $global }}-auth-truststore-sec
- subPath: {{ . }}
- {{- end }}
ports:
- containerPort: {{ .Values.service.internalPort }}
- containerPort: {{ .Values.service.internalPort2 }}
@@ -215,10 +207,7 @@ spec:
- mountPath: /usr/share/filebeat/data
name: {{ include "common.fullname" . }}-filebeat
resources: {{ include "common.resources" . | nindent 12 }}
- volumes:
- - name: aai-common-aai-auth-mount
- secret:
- secretName: aai-common-aai-auth
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: localtime
hostPath:
path: /etc/localtime
@@ -231,21 +220,13 @@ spec:
emptyDir: {}
- name: {{ include "common.fullname" . }}-config
configMap:
- name: {{ include "common.fullname" . }}-configmap
+ name: {{ include "common.fullname" . }}
- name: {{ include "common.fullname" . }}-aaf-properties
configMap:
name: {{ include "common.fullname" . }}-aaf-props
- name: {{ include "common.fullname" . }}-aaf-certs
secret:
secretName: {{ include "common.fullname" . }}-aaf-keys
- - name: {{ include "common.fullname" . }}-auth-truststore-sec
- secret:
- secretName: aai-common-truststore
- items:
- {{- range $job := .Values.global.config.auth.files }}
- - key: {{ . }}
- path: {{ . }}
- {{- end }}
restartPolicy: {{ .Values.restartPolicy }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aai/components/aai-resources/templates/secret.yaml b/kubernetes/aai/components/aai-resources/templates/secret.yaml
index d24149086e..a0d8629459 100644
--- a/kubernetes/aai/components/aai-resources/templates/secret.yaml
+++ b/kubernetes/aai/components/aai-resources/templates/secret.yaml
@@ -26,6 +26,6 @@ metadata:
heritage: {{ .Release.Service }}
type: Opaque
data:
-{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.keyfile").AsSecrets . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.p12").AsSecrets . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }} \ No newline at end of file
+{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }}
+---
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/aai/components/aai-resources/templates/service.yaml b/kubernetes/aai/components/aai-resources/templates/service.yaml
index 460e0d5b93..e4f84a963d 100644
--- a/kubernetes/aai/components/aai-resources/templates/service.yaml
+++ b/kubernetes/aai/components/aai-resources/templates/service.yaml
@@ -43,4 +43,3 @@ spec:
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
- clusterIP: None