Deploy dmaap-bc with downloaded certs

This fixes the charts to properly install new SSL artifacts from AAF. And we use the newest container version that uses cadi library to read these artifacts. Issue-ID: DMAAP-1401 Signed-off-by: Dominic Lunanuova <dgl@research.att.com> Change-Id: I4d70716220a7f3e629762d3bef2149e3b0147133
author: Dominic Lunanuova <dgl@research.att.com> 2020-03-12 16:36:09 +0000
committer: Dominic Lunanuova <dgl@research.att.com> 2020-03-13 23:18:08 +0000
commit: de7a02b8315cd614e8fe277675423872d490fbb6 (patch)
tree: fd29f266479e6735752d9d616ddc94b79e42c14d /kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml
parent: 367b492a7fab6170e726b24e39fe82d0c19358ae (diff)
1 files changed, 26 insertions, 8 deletions
diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml
index 3e08185a20..ea2720f9ce 100644
--- a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml
+++ b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml
@@ -48,7 +48,7 @@ spec:
         command: ["bash","-c","exec /opt/app/aaf_config/bin/agent.sh"]
         volumeMounts:
         - mountPath: {{ .Values.persistence.aafCredsPath }}
-          name: {{ include "common.name" . }}-aaf-config
+          name: {{ include "common.name" . }}-aaf-config-vol
         env:
         - name: APP_FQI
           value: "{{ .Values.aafConfig.fqi }}"
@@ -75,6 +75,26 @@ spec:
           value: "{{ .Values.aafConfig.cadiLongitude }}"
         - name: cadi_latitude
           value: "{{ .Values.aafConfig.cadiLatitude }}"
+      - name: {{ include "common.name" . }}-permission-fixer
+        image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        volumeMounts:
+        - mountPath: {{ .Values.persistence.aafCredsPath }}
+          name: {{ include "common.name" . }}-aaf-config-vol
+        command: ["chown","-Rf","1000:1001", "/opt/app/"]
+#       See AAF-425 for explanation of why this is needed.
+#       This artifact is provisioned in AAF for both pks12 and jks format and apparently
+#       the cadi library is not using the jks password on the jks keystore.
+#       So, this attempts to "fix" the credential property file until this is fixed properly.
+      - name: {{ include "common.name" . }}-cred-fixer
+        image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        volumeMounts:
+        - mountPath: {{ .Values.persistence.aafCredsPath }}
+          name: {{ include "common.name" . }}-aaf-config-vol
+        command: ["/bin/sh"]
+        args: [ "-c", "sed -i -e '/cadi_keystore_password=/d' -e '/cadi_keystore_password_jks/p' -e 's/cadi_keystore_password_jks/cadi_keystore_password/' -e 's/dmaap-bc.p12/dmaap-bc.jks/' /opt/app/osaaf/local/org.onap.dmaap-bc.cred.props" ]
+
 {{- end }}
 {{- if .Values.PG.enabled }}
       - name: {{ include "common.name" . }}-postgres-readiness
@@ -95,7 +115,7 @@ spec:
 {{- end }}
       containers:
         - name: {{ include "common.name" . }}
-          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+          image: "{{ .Values.repository }}/{{ .Values.image }}"
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports: {{ include "common.containerPorts" . | nindent 10  }}
           {{ if eq .Values.liveness.enabled true -}}
@@ -118,13 +138,12 @@ spec:
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
+          - mountPath: {{ .Values.persistence.aafCredsPath }}
+            name: {{ include "common.name" . }}-aaf-config-vol
 # NOTE: on the following several configMaps, careful to include / at end
 #       since there may be more than one file in each mountPath
           - name: {{ include "common.name" . }}-config
             mountPath: /opt/app/config/conf/
-          - name: {{ include "common.name" . }}-aaf-config
-            mountPath: /opt/app/dmaapbc/etc/org.onap.dmaap-bc.props
-            subPath: org.onap.dmaap-bc.props
           resources: {{ include "common.resources" . | nindent 12 }}
         {{- if .Values.nodeSelector }}
         nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
@@ -139,8 +158,7 @@ spec:
         - name: {{ include "common.name" . }}-config
           configMap:
             name: {{ include "common.fullname" . }}-config
-        - name: {{ include "common.name" . }}-aaf-config
-          configMap:
-            name: {{ include "common.fullname" . }}-aaf-config
+        - name: {{ include "common.name" . }}-aaf-config-vol
+          emptyDir: {}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
author	Dominic Lunanuova <dgl@research.att.com>	2020-03-12 16:36:09 +0000
committer	Dominic Lunanuova <dgl@research.att.com>	2020-03-13 23:18:08 +0000
commit	de7a02b8315cd614e8fe277675423872d490fbb6 (patch)
tree	fd29f266479e6735752d9d616ddc94b79e42c14d /kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml
parent	367b492a7fab6170e726b24e39fe82d0c19358ae (diff)