aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/dmaap/components/dmaap-dr-prov
diff options
context:
space:
mode:
authorefiacor <fiachra.corcoran@est.tech>2019-09-27 16:54:36 +0100
committerefiacor <fiachra.corcoran@est.tech>2019-10-10 17:41:08 +0100
commite62958b4f1d99fbe1df7a32ff6c4be74e9c6c536 (patch)
treeedefd846ed6dc3575fd4fefefc45ba99225b8885 /kubernetes/dmaap/components/dmaap-dr-prov
parent55b95ec89e68c41614730a61b491967bdcbf7ffe (diff)
AAF cert dist for DMaaP DR
Change-Id: I0bca8c7a16f8b19a266d9961715b8a04971d7b73 Signed-off-by: efiacor <fiachra.corcoran@est.tech> Issue-ID: DMAAP-1269
Diffstat (limited to 'kubernetes/dmaap/components/dmaap-dr-prov')
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-prov/resources/config/drProvCadi.properties23
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties11
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml87
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-prov/templates/post-install-job.yaml2
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-prov/templates/pv.yaml41
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-prov/templates/pvc.yaml45
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml2
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-prov/values.yaml60
8 files changed, 192 insertions, 79 deletions
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/drProvCadi.properties b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/drProvCadi.properties
deleted file mode 100644
index 79abe22a6a..0000000000
--- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/drProvCadi.properties
+++ /dev/null
@@ -1,23 +0,0 @@
-cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
-cadi_keyfile=/opt/app/datartr/aaf_certs/org.onap.dmaap-dr.keyfile
-cadi_keystore=/opt/app/datartr/aaf_certs/org.onap.dmaap-dr.jks
-cadi_keystore_password=FZNkU,B%NJzcT1v7;^v]M#ZX
-cadi_key_password=FZNkU,B%NJzcT1v7;^v]M#ZX
-cadi_alias=dmaap-dr-prov@dmaap-dr.onap.org
-cadi_truststore=/opt/app/datartr/aaf_certs/org.onap.dmaap-dr.trust.jks
-cadi_truststore_password=+mzf@J.D^;3!![*Xr.z$c#?b
-
-aaf_env=DEV
-aaf_locate_url=https://aaf-locate:8095
-aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.1/introspect
-aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.1/token
-aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.1
-cadi_protocols=TLSv1.1,TLSv1.2
-cm_url=https://AAF_LOCATE_URL/AAF_NS.cm:2.1
-fs_url=https://AAF_LOCATE_URL/AAF_NS.fs.2.1
-gui_url=https://AAF_LOCATE_URL/AAF_NS.gui.2.1
-
-cadi_latitude=53.423
-cadi_longitude=7.940
-
-cadi_loglevel=INFO \ No newline at end of file
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties
index 210fb7c75f..c7714d33a4 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties
@@ -27,12 +27,8 @@ org.onap.dmaap.datarouter.provserver.http.port = {{.Values.config.dmaa
org.onap.dmaap.datarouter.provserver.https.port = {{.Values.config.dmaapDrProv.internalPort2}}
org.onap.dmaap.datarouter.provserver.https.relaxation = true
-org.onap.dmaap.datarouter.provserver.keymanager.password = FZNkU,B%NJzcT1v7;^v]M#ZX
-org.onap.dmaap.datarouter.provserver.keystore.type = jks
-org.onap.dmaap.datarouter.provserver.keystore.path = /opt/app/datartr/aaf_certs/org.onap.dmaap-dr.jks
-org.onap.dmaap.datarouter.provserver.keystore.password = FZNkU,B%NJzcT1v7;^v]M#ZX
-org.onap.dmaap.datarouter.provserver.truststore.path = /opt/app/datartr/aaf_certs/org.onap.dmaap-dr.trust.jks
-org.onap.dmaap.datarouter.provserver.truststore.password = +mzf@J.D^;3!![*Xr.z$c#?b
+org.onap.dmaap.datarouter.provserver.aafprops.path = /opt/app/osaaf/local/org.onap.dmaap-dr.props
+
org.onap.dmaap.datarouter.provserver.accesslog.dir = /opt/app/datartr/logs
org.onap.dmaap.datarouter.provserver.spooldir = /opt/app/datartr/spool
org.onap.dmaap.datarouter.provserver.dbscripts = /opt/app/datartr/etc/misc
@@ -61,6 +57,3 @@ org.onap.dmaap.datarouter.provserver.aaf.instance = legacy
org.onap.dmaap.datarouter.provserver.aaf.action.publish = publish
org.onap.dmaap.datarouter.provserver.aaf.action.subscribe = subscribe
-# AAF URL to connect to AAF server
-org.onap.dmaap.datarouter.provserver.cadi.aaf.url = https://aaf-locate:8095
-
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
index 98ad9a373e..a1d148d88b 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
@@ -31,20 +31,59 @@ spec:
spec:
hostname: {{ .Values.global.dmaapDrProvName }}
initContainers:
- - command:
- - /root/ready.py
- args:
- - --container-name
- - {{ .Values.config.dmaapDrDb.mariadbContName }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
+ - name: {{ include "common.name" . }}-readiness
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - {{ .Values.config.dmaapDrDb.mariadbContName }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ {{- if .Values.global.aafEnabled }}
+ - name: {{ include "common.name" . }}-dr-prov-aaf-config
+ image: "{{ include "common.repository" . }}/{{ .Values.global.aafAgentImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["bash","-c","exec /opt/app/aaf_config/bin/agent.sh"]
+ volumeMounts:
+ - mountPath: {{ .Values.persistence.aafCredsPath }}
+ name: {{ include "common.fullname" . }}-aaf-config-vol
+ env:
+ - name: APP_FQI
+ value: "{{ .Values.aafConfig.fqi }}"
+ - name: aaf_locate_url
+ value: "https://aaf-locate.{{ .Release.Namespace }}:8095"
+ - name: aaf_locator_container
+ value: "{{ .Values.global.aafLocatorContainer }}"
+ - name: aaf_locator_container_ns
+ value: "{{ .Release.Namespace }}"
+ - name: aaf_locator_fqdn
+ value: "{{ .Values.aafConfig.fqdn }}"
+ - name: aaf_locator_public_fqdn
+ value: "{{.Values.aafConfig.publicFqdn}}"
+ - name: aaf_locator_app_ns
+ value: "{{ .Values.global.aafAppNs }}"
+ - name: DEPLOY_FQI
+ value: "{{ .Values.aafConfig.aafDeployFqi }}"
+ - name: DEPLOY_PASSWORD
+ value: "{{ .Values.aafConfig.aafDeployPass }}"
+ - name: cadi_longitude
+ value: "{{ .Values.aafConfig.cadiLongitude }}"
+ - name: cadi_latitude
+ value: "{{ .Values.aafConfig.cadiLatitude }}"
+ - name: {{ include "common.name" . }}-permission-fixer
+ image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: {{ .Values.persistence.aafCredsPath }}
+ name: {{ include "common.fullname" . }}-aaf-config-vol
+ command: ["chown","-Rf","1000:1001", "/opt/app/"]
+ {{ end }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -64,22 +103,23 @@ spec:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
+ {{- if .Values.global.aafEnabled }}
+ - mountPath: {{ .Values.persistence.aafCredsPath }}
+ name: {{ include "common.fullname" . }}-aaf-config-vol
+ {{- end }}
- mountPath: /etc/localtime
name: localtime
readOnly: false
- mountPath: /opt/app/datartr/etc/provserver.properties
name: {{ include "common.fullname" . }}-config
subPath: provserver.properties
- - mountPath: /opt/app/datartr/etc/drProvCadi.properties
- name: {{ include "common.fullname" . }}-config
- subPath: drProvCadi.properties
- mountPath: /opt/app/datartr/etc/logback.xml
name: {{ include "common.fullname" . }}-log-conf
subPath: logback.xml
- mountPath: {{ .Values.global.loggingDirectory }}
name: {{ include "common.fullname" . }}-logs
resources:
-{{ include "common.resources" . | indent 12 }}
+{{ include "common.resources" . }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
@@ -87,8 +127,8 @@ spec:
{{- if .Values.affinity }}
affinity:
{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- # Filebeat sidecar container
+ {{- end -}}
+ # Filebeat sidecar container
- name: {{ include "common.name" . }}-filebeat-onap
image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
@@ -110,8 +150,6 @@ spec:
items:
- key: provserver.properties
path: provserver.properties
- - key: drProvCadi.properties
- path: drProvCadi.properties
- name: {{ include "common.fullname" . }}-log-conf
configMap:
name: {{ include "common.fullname" . }}-log
@@ -122,5 +160,10 @@ spec:
emptyDir: {}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
+ {{- if .Values.global.aafEnabled }}
+ - name: {{ include "common.fullname" . }}-aaf-config-vol
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}-aaf-props
+ {{ end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/post-install-job.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/post-install-job.yaml
index 7b71bb03a2..acf87b81a9 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/post-install-job.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/post-install-job.yaml
@@ -39,12 +39,10 @@ spec:
{{ end }}
- name: REQUESTID
value: "{{.Chart.Name}}-post-install"
-
volumeMounts:
- mountPath: /etc/localtime
name: localtime
readOnly: true
-
# NOTE: on the following several configMaps, careful to include / at end
# since there may be more than one file in each mountPath
# NOTE: the basename of the subdirectory is important - it matches the DBCL API URI
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/pv.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/pv.yaml
new file mode 100644
index 0000000000..b82e67673a
--- /dev/null
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/pv.yaml
@@ -0,0 +1,41 @@
+{{/*
+ # ============LICENSE_START=======================================================
+ # Copyright (C) 2019 Nordix Foundation.
+ # ================================================================================
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ #
+ # SPDX-License-Identifier: Apache-2.0
+ # ============LICENSE_END=========================================================
+*/}}
+{{- if .Values.global.aafEnabled }}
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}-aaf-props
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}-aaf-props
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+ name: {{ include "common.fullname" . }}-aaf-props
+spec:
+ capacity:
+ storage: {{ .Values.persistence.aafCredsSize}}
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ storageClassName: "{{ include "common.fullname" . }}-aaf-props-stcl"
+ persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
+ hostPath:
+ path: {{ .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.aafCredsMountSubPath }}
+{{ end -}}
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/pvc.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/pvc.yaml
new file mode 100644
index 0000000000..6ff9e6d615
--- /dev/null
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/pvc.yaml
@@ -0,0 +1,45 @@
+{{/*
+ # ============LICENSE_START=======================================================
+ # Copyright (C) 2019 Nordix Foundation.
+ # ================================================================================
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ #
+ # SPDX-License-Identifier: Apache-2.0
+ # ============LICENSE_END=========================================================
+*/}}
+{{- if .Values.global.aafEnabled }}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}-aaf-props
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+{{- if .Values.persistence.annotations }}
+ annotations:
+{{ toYaml .Values.persistence.annotations | indent 4 }}
+{{- end }}
+spec:
+ selector:
+ matchLabels:
+ name: {{ include "common.fullname" . }}-aaf-props
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ storageClassName: "{{ include "common.fullname" . }}-aaf-props-stcl"
+ resources:
+ requests:
+ storage: {{ .Values.persistence.aafCredsSize }}
+{{ end -}} \ No newline at end of file
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml
index 7a94fdb2cd..734ab72c03 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml
@@ -38,7 +38,7 @@ metadata:
spec:
type: {{ .Values.config.dmaapDrProv.servicetype }}
ports:
- {{if eq .Values.config.dmaapDrProv.servicetype "NodePort" -}}
+ {{- if eq .Values.config.dmaapDrProv.servicetype "NodePort" -}}
{{- if .Values.global.allow_http }}
- port: {{ .Values.global.dmaapDrProvExtPort }}
targetPort: {{ .Values.config.dmaapDrProv.internalPort }}
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
index 195bcb47be..8c81f1ef43 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
@@ -23,7 +23,7 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/dmaap/datarouter-prov:2.1.2
+image: onap/dmaap/datarouter-prov:2.1.3
pullPolicy: Always
# flag to enable debugging - application support required
@@ -52,31 +52,17 @@ readiness:
## Persist data to a persitent volume
persistence:
- enabled: false
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteOnce
+ mountPath: /dockerdata-nfs
+
+ aafCredsMountSubPath: data-router/dr-prov/aaf-props
+ aafCredsSize: 10M
+ aafCredsPath: /opt/app/osaaf/local
ingress:
enabled: false
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 2000m
- memory: 4Gi
- requests:
- cpu: 500m
- memory: 1Gi
- large:
- limits:
- cpu: 4000m
- memory: 8Gi
- requests:
- cpu: 1000m
- memory: 2Gi
- unlimited: {}
-
config:
# dr provisioning server configuration
dmaapDrProv:
@@ -111,3 +97,33 @@ mariadb:
size: 1Gi
mountSubPath: data-router/dr-db-data
disableNfsProvisioner: true
+
+#AAF local config
+aafConfig:
+ aafDeployFqi: dmaap-dr@dmaap-dr.onap.org
+ aafDeployPass: demo123456!
+ fqdn: dmaap-dr-prov
+ fqi: dmaap-dr-prov@dmaap-dr.onap.org
+ publicFqdn: dmaap-dr.onap.org
+ cadiLatitude: 0.0
+ cadiLongitude: 0.0
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 2000m
+ memory: 4Gi
+ requests:
+ cpu: 500m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4000m
+ memory: 8Gi
+ requests:
+ cpu: 1000m
+ memory: 2Gi
+ unlimited: {} \ No newline at end of file