summaryrefslogtreecommitdiffstats
path: root/kubernetes/so/components
diff options
context:
space:
mode:
authorKrzysztof Gajewski <krzysztof.gajewski@nokia.com>2020-10-15 20:33:34 +0200
committerKrzysztof Gajewski <krzysztof.gajewski@nokia.com>2020-10-29 14:14:10 +0000
commitcd2e66f770d8778dbd5c95a73fa810b9ee0ee779 (patch)
tree2ae935051ea2ff955dcf7efc6c5dd2dca1fe3cd2 /kubernetes/so/components
parent3ed223d7f77b43033fa97d584246db4a386d6b0c (diff)
[SO] Enable SO-Monitoring - use HTTPS and certInitializer
- SO-Monitoring service exposed as NodePort - Certs are retrieved dynamically using certInitializer Issue-ID: SO-2920 Signed-off-by: Krzysztof Gajewski <krzysztof.gajewski@nokia.com> Change-Id: I04e6556bcddc3c67afc2a76c5b4fecb59a134911
Diffstat (limited to 'kubernetes/so/components')
-rwxr-xr-xkubernetes/so/components/so-monitoring/requirements.yaml4
-rw-r--r--kubernetes/so/components/so-monitoring/resources/config/overrides/override.yaml18
-rw-r--r--kubernetes/so/components/so-monitoring/templates/deployment.yaml27
-rw-r--r--kubernetes/so/components/so-monitoring/templates/service.yaml7
-rw-r--r--kubernetes/so/components/so-monitoring/values.yaml51
5 files changed, 89 insertions, 18 deletions
diff --git a/kubernetes/so/components/so-monitoring/requirements.yaml b/kubernetes/so/components/so-monitoring/requirements.yaml
index 2eb32d00ed..29f9a9fcd0 100755
--- a/kubernetes/so/components/so-monitoring/requirements.yaml
+++ b/kubernetes/so/components/so-monitoring/requirements.yaml
@@ -1,4 +1,5 @@
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2020 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -18,3 +19,6 @@ dependencies:
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: soHelpers
+ version: ~6.x-0
+ repository: 'file://../soHelpers'
diff --git a/kubernetes/so/components/so-monitoring/resources/config/overrides/override.yaml b/kubernetes/so/components/so-monitoring/resources/config/overrides/override.yaml
index c2e6ad06f3..cf54fa43f8 100644
--- a/kubernetes/so/components/so-monitoring/resources/config/overrides/override.yaml
+++ b/kubernetes/so/components/so-monitoring/resources/config/overrides/override.yaml
@@ -1,8 +1,17 @@
server:
port: {{ index .Values.containerPort }}
+ {{- if .Values.global.aafEnabled }}
+ ssl:
+ keyStore: ${KEYSTORE}
+ keyStorePassword: ${KEYSTORE_PASSWORD}
+ trustStore: ${TRUSTSTORE}
+ trustStorePassword: ${TRUSTSTORE_PASSWORD}
+ {{- end }}
tomcat:
max-threads: 50
+ {{- if not .Values.global.aafEnabled }}
ssl-enable: false
+ {{- end }}
camunda:
rest:
api:
@@ -15,3 +24,12 @@ mso:
api:
url: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083/infraActiveRequests/
auth: Basic YnBlbDpwYXNzd29yZDEk
+spring:
+ main:
+ allow-bean-definition-overriding: true
+ security:
+ usercredentials:
+ -
+ username: ${SO_MONITORING_USERNAME}
+ password: ${SO_MONITORING_PASSWORD}
+ role: GUI-Client
diff --git a/kubernetes/so/components/so-monitoring/templates/deployment.yaml b/kubernetes/so/components/so-monitoring/templates/deployment.yaml
index f5969738f6..9463b28271 100644
--- a/kubernetes/so/components/so-monitoring/templates/deployment.yaml
+++ b/kubernetes/so/components/so-monitoring/templates/deployment.yaml
@@ -1,5 +1,6 @@
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright © 2020 Nokia
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -42,7 +43,7 @@ spec:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- name: so-chown
image: alpine:3.6
volumeMounts:
@@ -55,6 +56,21 @@ spec:
- name: {{ include "common.name" . }}
image: {{ include "common.repository" . }}/{{ .Values.image }}
resources: {{ include "common.resources" . | nindent 12 }}
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - |
+ export SO_MONITORING_PASSWORD=`htpasswd -bnBC 10 "" $SO_MON_PASS | tr -d ':\n' | sed 's/\$2y/\$2a/'`
+ {{- if .Values.global.aafEnabled }}
+ export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/org.onap.so.cred.props | xargs -0)
+ export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export KEYSTORE=file://$cadi_keystore
+ export KEYSTORE_PASSWORD=$cadi_keystore_password_p12
+ export TRUSTSTORE=file://$cadi_truststore
+ export TRUSTSTORE_PASSWORD=$cadi_truststore_password
+ {{- end }}
+ /app/start-app.sh
env:
- name: DB_HOST
valueFrom:
@@ -74,11 +90,16 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+ - name: SO_MONITORING_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "login") | indent 10 }}
+ - name: SO_MON_PASS
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "password") | indent 10 }}
+
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
@@ -101,7 +122,7 @@ spec:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
- volumes:
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
diff --git a/kubernetes/so/components/so-monitoring/templates/service.yaml b/kubernetes/so/components/so-monitoring/templates/service.yaml
index c4c2ae9d13..660ddb8125 100644
--- a/kubernetes/so/components/so-monitoring/templates/service.yaml
+++ b/kubernetes/so/components/so-monitoring/templates/service.yaml
@@ -1,5 +1,6 @@
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications © 2020 Nokia
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -27,9 +28,13 @@ metadata:
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
+ {{if .Values.global.aafEnabled -}}
type: {{ .Values.service.type }}
+ {{- else -}}
+ type: ClusterIP
+ {{- end }}
ports:
- {{if eq .Values.service.type "NodePort" -}}
+ {{if and (eq .Values.service.type "NodePort") (.Values.global.aafEnabled) -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
name: {{ .Values.service.portName }}
diff --git a/kubernetes/so/components/so-monitoring/values.yaml b/kubernetes/so/components/so-monitoring/values.yaml
index e746baf1bb..9ba1d7b7d8 100644
--- a/kubernetes/so/components/so-monitoring/values.yaml
+++ b/kubernetes/so/components/so-monitoring/values.yaml
@@ -1,6 +1,7 @@
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
# Copyright (C) 2020 Huawei
+# Modifications Copyright © 2020 Nokia
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -27,8 +28,15 @@ global:
readinessImage: onap/oom/readiness:3.0.1
aafAgentImage: onap/aaf/aaf_agent:2.1.20
envsubstImage: dibi/envsubst
+ aafEnabled: true
persistence:
mountPath: /dockerdata-nfs
+ security:
+ aaf:
+ enabled: true
+ aaf:
+ auth:
+ header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
#################################################################
# Secrets metaconfig
@@ -46,25 +54,21 @@ secrets:
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
+ - uid: app-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.server.monitoring.soMonitoringCredsExternalSecret) . }}'
+ login: '{{ .Values.server.monitoring.username }}'
+ password: '{{ .Values.server.monitoring.password }}'
#secretsFilePaths: |
# - 'my file 1'
# - '{{ include "templateThatGeneratesFileName" . }}'
#################################################################
-# AAF part
-#################################################################
-soHelpers:
- nameOverride: so-monitoring-cert-init
- certInitializer:
- nameOverride: so-monitoring-cert-init
- credsPath: /opt/app/osaaf/local
-
-#################################################################
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/so-monitoring:1.6.4
+image: onap/so/so-monitoring:1.7.7
pullPolicy: Always
db:
@@ -77,15 +81,34 @@ db:
replicaCount: 1
minReadySeconds: 10
-containerPort: 9091
+containerPort: &containerPort 9091
logPath: app/logs/
app: so-monitoring
+
+#################################################################
+# soHelpers part
+#################################################################
+soHelpers:
+ nameOverride: so-monitoring-cert-init
+ certInitializer:
+ nameOverride: so-monitoring-cert-init
+ credsPath: /opt/app/osaaf/local
+ cadi:
+ apiEnforcement: org.onap.so.monitoringPerm
+ containerPort: *containerPort
+
+server:
+ monitoring:
+ username: demo
+ # password: demo123456!
+ # soMonitoringCredsExternalSecret: some secret
+
service:
#Since this is a feature for monitoring the service type is changed to internal, users can change it to NodePort on need basis...
- type: ClusterIP
+ type: NodePort
nodePort: 24
- internalPort: 9091
- externalPort: 9091
+ internalPort: *containerPort
+ externalPort: *containerPort
portName: so-monitor-port
updateStrategy:
type: RollingUpdate