summaryrefslogtreecommitdiffstats
path: root/kubernetes/policy
diff options
context:
space:
mode:
authorjhh <jorge.hernandez-herrero@att.com>2020-07-10 13:14:58 -0500
committerjhh <jorge.hernandez-herrero@att.com>2020-07-16 15:19:44 -0500
commit8e9f8bda5bac4ea122f130de6a20fd3e179bb2b2 (patch)
tree74d95c7f22c6a020982c79e9667a77293cbb040a /kubernetes/policy
parent6f84e8b16401337d93f25833ad6ed8cb3db182d2 (diff)
[POLICY] tomcat security upgrade legacy components
Cert stores password support for APEX component in frankfurt (POLICY-2633). Issue-ID: POLICY-2678 Signed-off-by: jhh <jorge.hernandez-herrero@att.com> Change-Id: Ic7bda77f0ecc59109bc0263eeb1d7c630d326128 Signed-off-by: jhh <jorge.hernandez-herrero@att.com>
Diffstat (limited to 'kubernetes/policy')
-rw-r--r--kubernetes/policy/charts/brmsgw/values.yaml2
-rw-r--r--kubernetes/policy/charts/pdp/values.yaml2
-rw-r--r--kubernetes/policy/charts/policy-apex-pdp/resources/config/config.json64
-rw-r--r--kubernetes/policy/charts/policy-apex-pdp/templates/statefulset.yaml9
-rw-r--r--kubernetes/policy/charts/policy-apex-pdp/values.yaml17
-rw-r--r--kubernetes/policy/values.yaml2
6 files changed, 21 insertions, 75 deletions
diff --git a/kubernetes/policy/charts/brmsgw/values.yaml b/kubernetes/policy/charts/brmsgw/values.yaml
index 70a2e3e855..70bea2c028 100644
--- a/kubernetes/policy/charts/brmsgw/values.yaml
+++ b/kubernetes/policy/charts/brmsgw/values.yaml
@@ -56,7 +56,7 @@ secrets:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.6.4
+image: onap/policy-pe:1.6.5
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/charts/pdp/values.yaml b/kubernetes/policy/charts/pdp/values.yaml
index 8921eabf81..f33a736c80 100644
--- a/kubernetes/policy/charts/pdp/values.yaml
+++ b/kubernetes/policy/charts/pdp/values.yaml
@@ -51,7 +51,7 @@ secrets:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.6.4
+image: onap/policy-pe:1.6.5
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/charts/policy-apex-pdp/resources/config/config.json b/kubernetes/policy/charts/policy-apex-pdp/resources/config/config.json
deleted file mode 100644
index 5df0a26596..0000000000
--- a/kubernetes/policy/charts/policy-apex-pdp/resources/config/config.json
+++ /dev/null
@@ -1,64 +0,0 @@
-# ============LICENSE_START=======================================================
-# Copyright (C) 2018 Ericsson. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-{
- "javaProperties" : [
- ["javax.net.ssl.trustStore", "/opt/app/policy/apex-pdp/etc/ssl/policy-truststore"],
- ["javax.net.ssl.trustStorePassword", "${TRUSTSTORE_PASSWORD_BASE64}"]
- ],
- "engineServiceParameters": {
- "name": "MyApexEngine",
- "version": "0.0.1",
- "id": 45,
- "instanceCount": 4,
- "deploymentPort": 12345,
- "policyModelFileName": "examples/models/SampleDomain/SamplePolicyModelJAVASCRIPT.json",
- "engineParameters": {
- "executorParameters": {
- "JAVASCRIPT": {
- "parameterClassName": "org.onap.policy.apex.plugins.executor.javascript.JavascriptExecutorParameters"
- }
- }
- }
- },
- "eventOutputParameters": {
- "FirstProducer": {
- "carrierTechnologyParameters": {
- "carrierTechnology": "FILE",
- "parameters": {
- "standardIo": true
- }
- },
- "eventProtocolParameters": {
- "eventProtocol": "JSON"
- }
- }
- },
- "eventInputParameters": {
- "FirstConsumer": {
- "carrierTechnologyParameters": {
- "carrierTechnology": "FILE",
- "parameters": {
- "standardIo": true
- }
- },
- "eventProtocolParameters": {
- "eventProtocol": "JSON"
- }
- }
- }
-}
diff --git a/kubernetes/policy/charts/policy-apex-pdp/templates/statefulset.yaml b/kubernetes/policy/charts/policy-apex-pdp/templates/statefulset.yaml
index 35f8aacb40..2e6a08c487 100644
--- a/kubernetes/policy/charts/policy-apex-pdp/templates/statefulset.yaml
+++ b/kubernetes/policy/charts/policy-apex-pdp/templates/statefulset.yaml
@@ -1,5 +1,6 @@
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright (C) 2020 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -43,10 +44,8 @@ spec:
- sh
args:
- -c
- - "export TRUSTSTORE_PASSWORD_BASE64=`echo -n ${TRUSTSTORE_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
env:
- - name: TRUSTSTORE_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-pass" "key" "password") | indent 10 }}
- name: RESTSERVER_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
- name: RESTSERVER_PASSWORD
@@ -84,6 +83,10 @@ spec:
env:
- name: REPLICAS
value: "{{ .Values.replicaCount }}"
+ - name: KEYSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-pass" "key" "password") | indent 12 }}
+ - name: TRUSTSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-pass" "key" "password") | indent 12 }}
volumeMounts:
- mountPath: /etc/localtime
name: localtime
diff --git a/kubernetes/policy/charts/policy-apex-pdp/values.yaml b/kubernetes/policy/charts/policy-apex-pdp/values.yaml
index 9d52812f91..0959a77a5d 100644
--- a/kubernetes/policy/charts/policy-apex-pdp/values.yaml
+++ b/kubernetes/policy/charts/policy-apex-pdp/values.yaml
@@ -1,6 +1,7 @@
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright (C) 2019-2020 AT&T Intellectual Property.
+# Modifications Copyright (C) 2020 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -35,9 +36,14 @@ secrets:
password: '{{ .Values.restServer.password }}'
- uid: truststore-pass
type: password
- externalSecret: '{{ tpl (default "" .Values.truststore.passwordExternalSecret) . }}'
- password: '{{ .Values.truststore.password }}'
- policy: required
+ externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.trustStorePassword }}'
+ passwordPolicy: required
+ - uid: keystore-pass
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.keyStorePassword }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
@@ -55,8 +61,9 @@ debugEnabled: false
restServer:
user: healthcheck
password: zb!XztG34
-truststore:
- password: Pol1cy_0nap
+certStores:
+ keyStorePassword: Pol1cy_0nap
+ trustStorePassword: Pol1cy_0nap
# default number of instances
replicaCount: 1
diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml
index 4de13eee2d..a136b0ad46 100644
--- a/kubernetes/policy/values.yaml
+++ b/kubernetes/policy/values.yaml
@@ -67,7 +67,7 @@ secrets:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.6.4
+image: onap/policy-pe:1.6.5
mariadb_image: library/mariadb:10
pullPolicy: Always