diff options
author | Krzysztof Gajewski <krzysztof.gajewski@nokia.com> | 2020-10-15 20:33:34 +0200 |
---|---|---|
committer | Krzysztof Gajewski <krzysztof.gajewski@nokia.com> | 2020-10-29 14:14:10 +0000 |
commit | cd2e66f770d8778dbd5c95a73fa810b9ee0ee779 (patch) | |
tree | 2ae935051ea2ff955dcf7efc6c5dd2dca1fe3cd2 /kubernetes/so/components/so-monitoring/templates/deployment.yaml | |
parent | 3ed223d7f77b43033fa97d584246db4a386d6b0c (diff) |
[SO] Enable SO-Monitoring - use HTTPS and certInitializer
- SO-Monitoring service exposed as NodePort
- Certs are retrieved dynamically using certInitializer
Issue-ID: SO-2920
Signed-off-by: Krzysztof Gajewski <krzysztof.gajewski@nokia.com>
Change-Id: I04e6556bcddc3c67afc2a76c5b4fecb59a134911
Diffstat (limited to 'kubernetes/so/components/so-monitoring/templates/deployment.yaml')
-rw-r--r-- | kubernetes/so/components/so-monitoring/templates/deployment.yaml | 27 |
1 files changed, 24 insertions, 3 deletions
diff --git a/kubernetes/so/components/so-monitoring/templates/deployment.yaml b/kubernetes/so/components/so-monitoring/templates/deployment.yaml index f5969738f6..9463b28271 100644 --- a/kubernetes/so/components/so-monitoring/templates/deployment.yaml +++ b/kubernetes/so/components/so-monitoring/templates/deployment.yaml @@ -1,5 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright © 2020 Nokia # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -42,7 +43,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} - name: so-chown image: alpine:3.6 volumeMounts: @@ -55,6 +56,21 @@ spec: - name: {{ include "common.name" . }} image: {{ include "common.repository" . }}/{{ .Values.image }} resources: {{ include "common.resources" . | nindent 12 }} + command: + - /bin/sh + args: + - -c + - | + export SO_MONITORING_PASSWORD=`htpasswd -bnBC 10 "" $SO_MON_PASS | tr -d ':\n' | sed 's/\$2y/\$2a/'` + {{- if .Values.global.aafEnabled }} + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/org.onap.so.cred.props | xargs -0) + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export KEYSTORE=file://$cadi_keystore + export KEYSTORE_PASSWORD=$cadi_keystore_password_p12 + export TRUSTSTORE=file://$cadi_truststore + export TRUSTSTORE_PASSWORD=$cadi_truststore_password + {{- end }} + /app/start-app.sh env: - name: DB_HOST valueFrom: @@ -74,11 +90,16 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} - name: DB_ADMIN_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} + - name: SO_MONITORING_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "login") | indent 10 }} + - name: SO_MON_PASS + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "password") | indent 10 }} + envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} - name: logs mountPath: /app/logs - name: config @@ -101,7 +122,7 @@ spec: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP - volumes: + volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - name: logs emptyDir: {} - name: config |