[OOM] Use cert-initializer truststore instead of hard-coded ONAP Root CA

By adding the certInitializer directives in cds blueprint processor deployment, we get access to the AAF ONAP Root CA, instead of static file. Issue-ID: CCSDK-3356 Signed-off-by: Abdelmuhaimen Seaudi <abdelmuhaimen.seaudi@orange.com> Change-Id: Ifc3d1797905868b268cbfd06237866bf8dc3d3f5
author: Abdelmuhaimen Seaudi <abdelmuhaimen.seaudi@orange.com> 2021-09-04 11:08:36 +0200
committer: Abdelmuhaimen Seaudi <abdelmuhaimen.seaudi@orange.com> 2021-09-16 23:43:40 +0200
commit: 822eb097fc30cd687de96a1fe78b2dab24332e39 (patch)
tree: c5e1b5939b087420bf926dbb82a1c24bac5634b7 /kubernetes/cds/components/cds-blueprints-processor
parent: 3980a8cbeb63c885b123ac50033e32ed996bb39a (diff)
3 files changed, 31 insertions, 4 deletions
diff --git a/kubernetes/cds/components/cds-blueprints-processor/requirements.yaml b/kubernetes/cds/components/cds-blueprints-processor/requirements.yaml
index 7a3a920087..baf1a760ab 100755
--- a/kubernetes/cds/components/cds-blueprints-processor/requirements.yaml
+++ b/kubernetes/cds/components/cds-blueprints-processor/requirements.yaml
@@ -22,3 +22,7 @@ dependencies:
   - name: serviceAccount
     version: ~8.x-0
     repository: '@local'
+  - name: certInitializer
+    version: ~8.x-0
+    repository: '@local'
+
diff --git a/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml
index fd5265d2ce..d92f09a4c8 100755
--- a/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml
+++ b/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml
@@ -48,7 +48,7 @@ spec:
         app: {{ include "common.name" . }}
         release: {{ include "common.release" . }}
     spec:
-      initContainers:
+      initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
       - command:
         - sh
         args:
@@ -113,6 +113,8 @@ spec:
             value: {{ if (gt (int (.Values.replicaCount)) 2) }} {{ .Values.cluster.enabled | quote }} {{ else }} "false" {{ end }}
           - name: CLUSTER_ID
             value: {{ .Values.cluster.clusterName }}
+          - name: AAF_CREDSPATH
+            value: {{ .Values.certInitializer.credsPath }}
           - name: CLUSTER_NODE_ID
             valueFrom:
               fieldRef:
@@ -157,7 +159,7 @@ spec:
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
             timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
-          volumeMounts:
+          volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
@@ -191,7 +193,7 @@ spec:
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
       serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
-      volumes:
+      volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
         - name: localtime
           hostPath:
             path: /etc/localtime
diff --git a/kubernetes/cds/components/cds-blueprints-processor/values.yaml b/kubernetes/cds/components/cds-blueprints-processor/values.yaml
index 829bb220cd..d21598a4ba 100755
--- a/kubernetes/cds/components/cds-blueprints-processor/values.yaml
+++ b/kubernetes/cds/components/cds-blueprints-processor/values.yaml
@@ -48,10 +48,31 @@ secrets:
     passwordPolicy: required
 
 #################################################################
+# AAF part
+#################################################################
+certInitializer:
+  nameOverride: cds-blueprints-processor-initializer
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  # aafDeployCredsExternalSecret: some secret
+  fqdn: sdnc-cds
+  fqi: sdnc-cds@sdnc-cds.onap.org
+  public_fqdn: sdnc-cds.onap.org
+  cadi_longitude: "0.0"
+  cadi_latitude: "0.0"
+  app_ns: org.osaaf.aaf
+  credsPath: /opt/app/osaaf/local
+  fqi_namespace: org.onap.sdnc-cds
+  aaf_add_config: >
+    /opt/app/aaf_config/bin/agent.sh;
+    /opt/app/aaf_config/bin/agent.sh local showpass
+    {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
+
+#################################################################
 # Application configuration defaults.
 #################################################################
 # application image
-image: onap/ccsdk-blueprintsprocessor:1.1.5
+image: onap/ccsdk-blueprintsprocessor:1.2.0
 pullPolicy: Always
 
 # flag to enable debugging - application support required
author	Abdelmuhaimen Seaudi <abdelmuhaimen.seaudi@orange.com>	2021-09-04 11:08:36 +0200
committer	Abdelmuhaimen Seaudi <abdelmuhaimen.seaudi@orange.com>	2021-09-16 23:43:40 +0200
commit	822eb097fc30cd687de96a1fe78b2dab24332e39 (patch)
tree	c5e1b5939b087420bf926dbb82a1c24bac5634b7 /kubernetes/cds/components/cds-blueprints-processor
parent	3980a8cbeb63c885b123ac50033e32ed996bb39a (diff)