diff options
author | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2020-11-02 18:21:11 +0100 |
---|---|---|
committer | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2021-02-16 08:49:17 +0100 |
commit | 55af648d55ec228006bd44928e812bbdd52fb1cf (patch) | |
tree | 2d381615730bcf5908307da7d603dd7a8af41743 /kubernetes/msb | |
parent | ef766403ef1436c9462c2c00da83a8b29fca3b53 (diff) |
[MSB] Use certInitializer for MSB
MSB is currently using an hardcoded certificate. In order to follow
SECOMMON requirements, let's use a freshly generated certificate instead
Issue-ID: MSB-521
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I157e44a6e30391c36c0142acfa08604c37b79cc4
Diffstat (limited to 'kubernetes/msb')
18 files changed, 186 insertions, 177 deletions
diff --git a/kubernetes/msb/components/msb-eag/requirements.yaml b/kubernetes/msb/components/msb-eag/requirements.yaml index c59eb6fdf9..fe552019cc 100644 --- a/kubernetes/msb/components/msb-eag/requirements.yaml +++ b/kubernetes/msb/components/msb-eag/requirements.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 Amdocs, Bell Canada , ZTE +# Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,4 +18,7 @@ dependencies: repository: '@local' - name: repositoryGenerator version: ~7.x-0 - repository: '@local'
\ No newline at end of file + repository: '@local' + - name: certInitializer + version: ~7.x-0 + repository: '@local' diff --git a/kubernetes/msb/components/msb-eag/resources/config/log/logback.xml b/kubernetes/msb/components/msb-eag/resources/config/log/logback.xml deleted file mode 100644 index 680cb7357a..0000000000 --- a/kubernetes/msb/components/msb-eag/resources/config/log/logback.xml +++ /dev/null @@ -1,40 +0,0 @@ -<!--# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. --> -<?xml version="1.0" encoding="UTF-8"?> -<configuration debug="true" scan="true" scanPeriod="3 seconds"> - <!--<jmxConfigurator /> --> - <!-- specify the base path of the log directory --> - <property name="logDir" value="/var/log/onap" /> - <!-- specify the component name --> - <property name="componentName" value="msb" /> - <!-- specify the sub component name --> - <property name="subComponentName" value="discovery" /> - <!-- The directories where logs are written --> - <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" /> - <property name="pattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" /> - <!-- log file names --> - <property name="errorLogName" value="error" /> - <property name="metricsLogName" value="metrics" /> - <property name="auditLogName" value="audit" /> - <property name="debugLogName" value="debug" /> - <property name="queueSize" value="256" /> - <property name="maxFileSize" value="50MB" /> - <property name="maxHistory" value="30" /> - <property name="totalSizeCap" value="10GB" /> - <!-- Example evaluator filter applied against console appender --> - <appender class="ch.qos.logback.core.ConsoleAppender" name="STDOUT"> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - </appender> diff --git a/kubernetes/msb/components/msb-eag/resources/config/nginx/msbhttps.conf b/kubernetes/msb/components/msb-eag/resources/config/nginx/msbhttps.conf new file mode 100644 index 0000000000..70125753ed --- /dev/null +++ b/kubernetes/msb/components/msb-eag/resources/config/nginx/msbhttps.conf @@ -0,0 +1,28 @@ +{{/* +# +# Copyright (C) 2017-2018 ZTE, Inc. and others. All rights reserved. (ZTE) +# Copyright © 2021 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +*/}} +server { + listen 443 ssl; + ssl_certificate {{ .Values.certInitializer.credsPath }}/certs/cert.crt; + ssl_certificate_key {{ .Values.certInitializer.credsPath }}/certs/cert.key; + ssl_protocols TLSv1.1 TLSv1.2; + ssl_dhparam ../ssl/dh-pubkey/dhparams.pem; + include ../msb-enabled/location-default/msblocations.conf; + # Add below settings for making SDC to work + underscores_in_headers on; +}
\ No newline at end of file diff --git a/kubernetes/msb/components/msb-eag/templates/configmap.yaml b/kubernetes/msb/components/msb-eag/templates/configmap.yaml index 33c77e5eae..30c0a80209 100644 --- a/kubernetes/msb/components/msb-eag/templates/configmap.yaml +++ b/kubernetes/msb/components/msb-eag/templates/configmap.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada , ZTE +# Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,3 +21,11 @@ metadata: namespace: {{ include "common.namespace" . }} data: {{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-nginx + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/nginx/*").AsConfig . | indent 2 }} diff --git a/kubernetes/msb/components/msb-eag/templates/deployment.yaml b/kubernetes/msb/components/msb-eag/templates/deployment.yaml index 36cb13dc52..113a174eb6 100644 --- a/kubernetes/msb/components/msb-eag/templates/deployment.yaml +++ b/kubernetes/msb/components/msb-eag/templates/deployment.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada , ZTE +# Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -38,6 +39,7 @@ spec: spec: serviceAccountName: msb initContainers: + {{ include "common.certInitializer.initContainer" . | indent 6 | trim }} - command: - /app/ready.py args: @@ -83,19 +85,15 @@ spec: - name: ROUTE_LABELS value: {{ .Values.config.routeLabels }} volumeMounts: + {{ include "common.certInitializer.volumeMount" . | indent 10 | trim }} - mountPath: /etc/localtime name: localtime readOnly: true - - name: {{ include "common.fullname" . }}-cert - mountPath: /usr/local/openresty/nginx/ssl/cert/cert.crt - readOnly: true - subPath: "cert.crt" - - name: {{ include "common.fullname" . }}-cert - mountPath: /usr/local/openresty/nginx/html/cert/ca.crt - readOnly: true - subPath: "ca.crt" - mountPath: /usr/local/apiroute-works/logs name: {{ include "common.fullname" . }}-logs + - mountPath: /usr/local/openresty/nginx/msb-enabled/msbhttps.conf + name: {{ include "common.fullname" . }}-nginx-conf + subPath: msbhttps.conf resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -122,12 +120,13 @@ spec: name: {{ include "common.fullname" . }}-log-conf subPath: logback.xml volumes: - - name: {{ include "common.fullname" . }}-cert - secret: - secretName: {{ include "common.release" . }}-msb-https-cert + {{ include "common.certInitializer.volumes" . | indent 8 | trim }} - name: {{ include "common.fullname" . }}-log-conf configMap: name: {{ include "common.fullname" . }}-log + - name: {{ include "common.fullname" . }}-nginx-conf + configMap: + name: {{ include "common.fullname" . }}-nginx - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ include "common.release" . }}-msb-filebeat-configmap diff --git a/kubernetes/msb/components/msb-eag/values.yaml b/kubernetes/msb/components/msb-eag/values.yaml index b8813b8f1a..ff158b592c 100644 --- a/kubernetes/msb/components/msb-eag/values.yaml +++ b/kubernetes/msb/components/msb-eag/values.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 Amdocs, Bell Canada , ZTE +# Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,6 +19,45 @@ global: nodePortPrefix: 302 ################################################################# +# AAF part +################################################################# +certInitializer: + nameOverride: msb-eag-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: msb-eag + fqi: msb-eag@msb-eag.onap.org + fqi_namespace: org.onap.msb-eag + public_fqdn: msb-eag.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + aaf_add_config: | + echo "*** retrieving passwords for certificates" + export $(/opt/app/aaf_config/bin/agent.sh local showpass \ + {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c') + if [ -z "$cadi_keystore_password_p12" ] + then + echo " /!\ certificates retrieval failed" + exit 1 + else + mkdir -p {{ .Values.credsPath }}/certs + echo "*** retrieve certificate from pkcs12" + openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \ + -out {{ .Values.credsPath }}/certs/cert.crt -nokeys \ + -passin pass:$cadi_keystore_password_p12 \ + -passout pass:$cadi_keystore_password_p12 + echo "*** copy key to relevant place" + cp {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key {{ .Values.credsPath }}/certs/cert.key + echo "*** change ownership and read/write attributes" + chown -R 1000 {{ .Values.credsPath }}/certs + chmod 600 {{ .Values.credsPath }}/certs/cert.crt + chmod 600 {{ .Values.credsPath }}/certs/cert.key + fi + +################################################################# # Application configuration defaults. ################################################################# # application image diff --git a/kubernetes/msb/components/msb-iag/requirements.yaml b/kubernetes/msb/components/msb-iag/requirements.yaml index 467a52ab21..fe552019cc 100644 --- a/kubernetes/msb/components/msb-iag/requirements.yaml +++ b/kubernetes/msb/components/msb-iag/requirements.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 Amdocs, Bell Canada , ZTE +# Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,3 +19,6 @@ dependencies: - name: repositoryGenerator version: ~7.x-0 repository: '@local' + - name: certInitializer + version: ~7.x-0 + repository: '@local' diff --git a/kubernetes/msb/components/msb-iag/resources/config/log/logback.xml b/kubernetes/msb/components/msb-iag/resources/config/log/logback.xml deleted file mode 100644 index 680cb7357a..0000000000 --- a/kubernetes/msb/components/msb-iag/resources/config/log/logback.xml +++ /dev/null @@ -1,40 +0,0 @@ -<!--# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. --> -<?xml version="1.0" encoding="UTF-8"?> -<configuration debug="true" scan="true" scanPeriod="3 seconds"> - <!--<jmxConfigurator /> --> - <!-- specify the base path of the log directory --> - <property name="logDir" value="/var/log/onap" /> - <!-- specify the component name --> - <property name="componentName" value="msb" /> - <!-- specify the sub component name --> - <property name="subComponentName" value="discovery" /> - <!-- The directories where logs are written --> - <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" /> - <property name="pattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" /> - <!-- log file names --> - <property name="errorLogName" value="error" /> - <property name="metricsLogName" value="metrics" /> - <property name="auditLogName" value="audit" /> - <property name="debugLogName" value="debug" /> - <property name="queueSize" value="256" /> - <property name="maxFileSize" value="50MB" /> - <property name="maxHistory" value="30" /> - <property name="totalSizeCap" value="10GB" /> - <!-- Example evaluator filter applied against console appender --> - <appender class="ch.qos.logback.core.ConsoleAppender" name="STDOUT"> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - </appender> diff --git a/kubernetes/msb/components/msb-iag/resources/config/nginx/msbhttps.conf b/kubernetes/msb/components/msb-iag/resources/config/nginx/msbhttps.conf new file mode 100644 index 0000000000..70125753ed --- /dev/null +++ b/kubernetes/msb/components/msb-iag/resources/config/nginx/msbhttps.conf @@ -0,0 +1,28 @@ +{{/* +# +# Copyright (C) 2017-2018 ZTE, Inc. and others. All rights reserved. (ZTE) +# Copyright © 2021 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +*/}} +server { + listen 443 ssl; + ssl_certificate {{ .Values.certInitializer.credsPath }}/certs/cert.crt; + ssl_certificate_key {{ .Values.certInitializer.credsPath }}/certs/cert.key; + ssl_protocols TLSv1.1 TLSv1.2; + ssl_dhparam ../ssl/dh-pubkey/dhparams.pem; + include ../msb-enabled/location-default/msblocations.conf; + # Add below settings for making SDC to work + underscores_in_headers on; +}
\ No newline at end of file diff --git a/kubernetes/msb/components/msb-iag/templates/configmap.yaml b/kubernetes/msb/components/msb-iag/templates/configmap.yaml index 33c77e5eae..30c0a80209 100644 --- a/kubernetes/msb/components/msb-iag/templates/configmap.yaml +++ b/kubernetes/msb/components/msb-iag/templates/configmap.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada , ZTE +# Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,3 +21,11 @@ metadata: namespace: {{ include "common.namespace" . }} data: {{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-nginx + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/nginx/*").AsConfig . | indent 2 }} diff --git a/kubernetes/msb/components/msb-iag/templates/deployment.yaml b/kubernetes/msb/components/msb-iag/templates/deployment.yaml index 00dc6b69b3..7bae325b1e 100644 --- a/kubernetes/msb/components/msb-iag/templates/deployment.yaml +++ b/kubernetes/msb/components/msb-iag/templates/deployment.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada , ZTE +# Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -38,6 +39,7 @@ spec: spec: serviceAccountName: msb initContainers: + {{ include "common.certInitializer.initContainer" . | indent 6 | trim }} - command: - /app/ready.py args: @@ -83,19 +85,15 @@ spec: - name: ROUTE_LABELS value: {{ .Values.config.routeLabels }} volumeMounts: + {{ include "common.certInitializer.volumeMount" . | indent 10 | trim }} - mountPath: /etc/localtime name: localtime readOnly: true - - name: {{ include "common.fullname" . }}-cert - mountPath: /usr/local/openresty/nginx/ssl/cert/cert.crt - readOnly: true - subPath: "cert.crt" - - name: {{ include "common.fullname" . }}-cert - mountPath: /usr/local/openresty/nginx/html/cert/ca.crt - readOnly: true - subPath: "ca.crt" - mountPath: /usr/local/apiroute-works/logs name: {{ include "common.fullname" . }}-logs + - mountPath: /usr/local/openresty/nginx/msb-enabled/msbhttps.conf + name: {{ include "common.fullname" . }}-nginx-conf + subPath: msbhttps.conf resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -122,12 +120,13 @@ spec: name: {{ include "common.fullname" . }}-log-conf subPath: logback.xml volumes: - - name: {{ include "common.fullname" . }}-cert - secret: - secretName: {{ include "common.release" . }}-msb-https-cert + {{ include "common.certInitializer.volumes" . | indent 8 | trim }} - name: {{ include "common.fullname" . }}-log-conf configMap: name: {{ include "common.fullname" . }}-log + - name: {{ include "common.fullname" . }}-nginx-conf + configMap: + name: {{ include "common.fullname" . }}-nginx - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ include "common.release" . }}-msb-filebeat-configmap diff --git a/kubernetes/msb/components/msb-iag/values.yaml b/kubernetes/msb/components/msb-iag/values.yaml index b91ddcae1b..51e78e1de3 100644 --- a/kubernetes/msb/components/msb-iag/values.yaml +++ b/kubernetes/msb/components/msb-iag/values.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 Amdocs, Bell Canada , ZTE +# Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,6 +19,45 @@ global: nodePortPrefix: 302 ################################################################# +# AAF part +################################################################# +certInitializer: + nameOverride: msb-iag-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: msb-iag + fqi: msb-iag@msb-iag.onap.org + fqi_namespace: org.onap.msb-iag + public_fqdn: msb-iag.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + aaf_add_config: | + echo "*** retrieving passwords for certificates" + export $(/opt/app/aaf_config/bin/agent.sh local showpass \ + {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c') + if [ -z "$cadi_keystore_password_p12" ] + then + echo " /!\ certificates retrieval failed" + exit 1 + else + mkdir -p {{ .Values.credsPath }}/certs + echo "*** retrieve certificate from pkcs12" + openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \ + -out {{ .Values.credsPath }}/certs/cert.crt -nokeys \ + -passin pass:$cadi_keystore_password_p12 \ + -passout pass:$cadi_keystore_password_p12 + echo "*** copy key to relevant place" + cp {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key {{ .Values.credsPath }}/certs/cert.key + echo "*** change ownership and read/write attributes" + chown -R 1000 {{ .Values.credsPath }}/certs + chmod 600 {{ .Values.credsPath }}/certs/cert.crt + chmod 600 {{ .Values.credsPath }}/certs/cert.key + fi + +################################################################# # Application configuration defaults. ################################################################# # application image diff --git a/kubernetes/msb/requirements.yaml b/kubernetes/msb/requirements.yaml index c52bec4944..b335bfaf2b 100644 --- a/kubernetes/msb/requirements.yaml +++ b/kubernetes/msb/requirements.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 Amdocs, Bell Canada , ZTE +# Copyright © 2020 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/kubernetes/msb/resources/config/certificates/ca.crt b/kubernetes/msb/resources/config/certificates/ca.crt deleted file mode 100644 index 62da777a58..0000000000 --- a/kubernetes/msb/resources/config/certificates/ca.crt +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDkjCCAnoCCQCHtNgoWafiHzANBgkqhkiG9w0BAQsFADCBijELMAkGA1UEBhMC -Q04xETAPBgNVBAgMCHNpY2h1YW5nMRAwDgYDVQQHDAdjaGVuZ2R1MQwwCgYDVQQK -DAN6dGUxDjAMBgNVBAsMBXplbmFwMTgwNgYDVQQDDC9aVEUgT3BlblBhbGV0dGUg -Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxNzAeFw0xNzAzMTcwMTU2MjBa -Fw0yNzAzMTUwMTU2MjBaMIGKMQswCQYDVQQGEwJDTjERMA8GA1UECAwIc2ljaHVh -bmcxEDAOBgNVBAcMB2NoZW5nZHUxDDAKBgNVBAoMA3p0ZTEOMAwGA1UECwwFemVu -YXAxODA2BgNVBAMML1pURSBPcGVuUGFsZXR0ZSBSb290IENlcnRpZmljYXRlIEF1 -dGhvcml0eSAyMDE3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA23LK -Eq56pVzsRbYJ6NMdk82QfLjnp+f7KzdQ46SfwldG3gmipasPwDXV9jT9FvUlX8s/ -mRphOyuZ7vDzL2QjlS/FBATTWrJ2VCJmBVlzVu4STZ6YrxpQrSAalGkiYd9uT2Yt -2quNUPCsZSlJ8qJCYs098bJ2XTsK0JBby94j3nTdvNWhhErrheWdG/CHje32sKog -6BxN4GzMeZ2fUd0vKsqBs89M0pApdjpRMqEGHg+Lri4iiE9kKa/Y8S3V6ggJZjbp -7xs7N0miy/paeosjfFe5U6mhumUSZPFy8ueAgGxqBkwvLJwCY3HYcrsFGaXTu+c3 -p2q1Adygif1h43HrvQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAb/cgmsCxvQmvu -5e4gpn5WEMo0k7F6IAghd8139i9vmtQ88reYZvfiVsp/5ZjNnNj75lLbjjexDkPA -bdnAiJfRKOrMaPqY6Bem4v8lPu1B/kj1umn4BXOCC1kpcH/2JCmvI8uh49SSlT9J -wUSKWw8Qhy9XKN692y02QZke9Xp2HoFvMUlntglmQUIRO5eBYLQCSWpfv/iyMs6w -ar7Tk1p2rURpRh02P7WFQ5j5fxXEOrkMT7FX80EB3AddSthstj2iDlUcqfG3jXH/ -FA5r1q45kMUaMYxV9WIE67Vt0RaxrUJYWDR2kDSSox7LR5GpjWiSlPAfcLCeVuA3 -3lR7lW/J ------END CERTIFICATE----- diff --git a/kubernetes/msb/resources/config/certificates/cert.crt b/kubernetes/msb/resources/config/certificates/cert.crt deleted file mode 100644 index e718c8d166..0000000000 --- a/kubernetes/msb/resources/config/certificates/cert.crt +++ /dev/null @@ -1,23 +0,0 @@ ------BEGIN CERTIFICATE----- -MIID0TCCArmgAwIBAgIJAOQWcdss4QvKMA0GCSqGSIb3DQEBCwUAMIGKMQswCQYD -VQQGEwJDTjERMA8GA1UECAwIc2ljaHVhbmcxEDAOBgNVBAcMB2NoZW5nZHUxDDAK -BgNVBAoMA3p0ZTEOMAwGA1UECwwFemVuYXAxODA2BgNVBAMML1pURSBPcGVuUGFs -ZXR0ZSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDE3MB4XDTIwMDUxMzAy -MjIyN1oXDTIyMDUxMzAyMjIyN1owgYwxCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdT -aWNodWFuMRAwDgYDVQQHDAdDaGVuZ2R1MQ0wCwYDVQQKDARPTkFQMQwwCgYDVQQL -DANNU0IxEDAOBgNVBAMMB21zYi1pYWcxKjAoBgkqhkiG9w0BCQEWG29uYXAtZGlz -Y3Vzc0BsaXN0cy5vbmFwLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBAMa1YlTIL8APcmASbxrD7Q9BhWL9Hwi+FKO4HsIrSiJj/A/FLVe3kV2axA7b -5wdv44P0qQnh3pc0djlnZ47Fgli3lhEZ33+j5vrXHCjEFKiZZVeO+y/p+OcZVMNi -L+MPJNTNgMkPoaljs/U6fn6fFyAgMMIqqigxHJaNvz7IH+UpqbWWzZo7+JqClBi8 -t5ZIDk18/3cPQWXIne+3MoYULdEayAS8/4wYoJANH1knmSG+J07f9uCXniiz4zFF -ngMGHm4kuKXJCAl5E6S5fPzsLKqtwbbn9kJNyWoNFDuc7zW5dPfqPVckHHQ8Dx0q -2111UgrzrBZMW1RKmcwB+1YXip8CAwEAAaM2MDQwMgYDVR0RBCswKYIHbXNiLWlh -Z4IHbXNiLWVhZ4IVKi5zaW1wbGVkZW1vLm9uYXAub3JnMA0GCSqGSIb3DQEBCwUA -A4IBAQC9KKJ5x+EBHfdODbMIAufYinlbNRQ4xdG7tlRk0cRXnZoWi6yObQXmZuHV -56M2ZIylKNab2Z0VBluQqoLJvByAHQJO1r+qsAMG/LXBRC1x3y5344vtEPbikpMs -GHtxHomAu/JtSAlSL1Wvj7co3OUgVH/yNbccysVtqxxrfPrBhLfH/yDrFehmQ00T -P8mmJG3qeOUII0pgUjBkGL52+YMN0qy0SgryBx86fR9Y1bQLdWNfsM1CUXE2q9xs -FmU5Ry1pemTo68THSJs4wOnjLZ4kWTseTcEmQ6X2lfah8Ch0ffd3tttguNXnT1Xc -axgwv2Cypja3bPbq9t8kfJhbDrYO ------END CERTIFICATE----- diff --git a/kubernetes/msb/templates/secrets.yaml b/kubernetes/msb/templates/secrets.yaml deleted file mode 100644 index 7dcec5a303..0000000000 --- a/kubernetes/msb/templates/secrets.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{/* -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.release" . }}-msb-https-cert - labels: {{ include "common.labels" . | nindent 4 }} - app: {{ include "common.name" . }} - chart: {{ include "common.chart" . }} - release: {{ include "common.release" . }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/config/certificates/*").AsSecrets . | indent 2 }} diff --git a/kubernetes/msb/templates/serviceaccout.yaml b/kubernetes/msb/templates/serviceaccount.yaml index 3248a0f12c..50cbebf984 100644 --- a/kubernetes/msb/templates/serviceaccout.yaml +++ b/kubernetes/msb/templates/serviceaccount.yaml @@ -16,8 +16,8 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: msb - namespace: {{ include "common.namespace" . }} + name: msb + namespace: {{ include "common.namespace" . }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/kubernetes/msb/values.yaml b/kubernetes/msb/values.yaml index 739fcea9d2..5d3ffe0d6c 100644 --- a/kubernetes/msb/values.yaml +++ b/kubernetes/msb/values.yaml @@ -23,4 +23,3 @@ global: config: logstashServiceName: log-ls logstashPort: 5044 - |