diff options
author | Alexis de Talhouƫt <alexis.de_talhouet@bell.ca> | 2017-09-13 15:27:51 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2017-09-13 15:27:51 +0000 |
commit | e6b8c84f451473fa2edc6dc44c39c055fca392d5 (patch) | |
tree | 829f2f9050e83c9da2d88cf0bb1c7ac60c48c826 /kubernetes | |
parent | d99d1d2956c3f5afac1dfc569a3389a445b179e9 (diff) | |
parent | 59ffd500ea34c201fbb3edc39e64655fa8381be0 (diff) |
Merge "moving certs and keys to k8s secrets"
Diffstat (limited to 'kubernetes')
-rw-r--r-- | kubernetes/aai/templates/data-router-deployment.yaml | 10 | ||||
-rw-r--r-- | kubernetes/aai/templates/modelloader-deployment.yaml | 5 | ||||
-rw-r--r-- | kubernetes/aai/templates/search-data-service-deployment.yaml | 5 | ||||
-rw-r--r-- | kubernetes/aai/templates/sparky-be-deployment.yaml | 15 | ||||
-rw-r--r-- | kubernetes/config/.helmignore | 3 | ||||
-rw-r--r-- | kubernetes/config/certs/aai/aai-os-cert.p12 (renamed from kubernetes/config/docker/init/src/config/aai/model-loader/appconfig/auth/aai-os-cert.p12) | bin | 4357 -> 4357 bytes | |||
-rw-r--r-- | kubernetes/config/certs/aai/client-cert-onap.p12 (renamed from kubernetes/config/docker/init/src/config/aai/data-router/appconfig/auth/client-cert-onap.p12) | bin | 2556 -> 2556 bytes | |||
-rw-r--r-- | kubernetes/config/certs/aai/inventory-ui-keystore (renamed from kubernetes/config/docker/init/src/config/aai/sparky-be/appconfig/auth/inventory-ui-keystore) | bin | 7201 -> 7201 bytes | |||
-rw-r--r-- | kubernetes/config/certs/aai/tomcat_keystore (renamed from kubernetes/config/docker/init/src/config/aai/data-router/appconfig/auth/tomcat_keystore) | bin | 2214 -> 2214 bytes | |||
-rwxr-xr-x | kubernetes/config/certs/message-router/mykey (renamed from kubernetes/config/docker/init/src/config/message-router/dmaap/mykey) | 0 | ||||
-rwxr-xr-x | kubernetes/config/certs/mso/aai.crt (renamed from kubernetes/config/docker/init/src/config/mso/mso/aai.crt) | 0 | ||||
-rw-r--r-- | kubernetes/config/certs/mso/encryption.key (renamed from kubernetes/config/docker/init/src/config/mso/mso/encryption.key) | 0 | ||||
-rwxr-xr-x | kubernetes/config/certs/policy/policy-keystore (renamed from kubernetes/config/docker/init/src/config/policy/opt/policy/config/drools/policy-keystore) | bin | 5640 -> 5640 bytes | |||
-rw-r--r-- | kubernetes/message-router/templates/message-router-dmaap.yaml | 4 | ||||
-rw-r--r-- | kubernetes/mso/templates/mso-deployment.yaml | 10 | ||||
-rwxr-xr-x | kubernetes/oneclick/createAll.bash | 10 | ||||
-rwxr-xr-x | kubernetes/oneclick/deleteAll.bash | 14 | ||||
-rw-r--r-- | kubernetes/policy/templates/dep-drools.yaml | 5 |
18 files changed, 77 insertions, 4 deletions
diff --git a/kubernetes/aai/templates/data-router-deployment.yaml b/kubernetes/aai/templates/data-router-deployment.yaml index f823061c33..0033208642 100644 --- a/kubernetes/aai/templates/data-router-deployment.yaml +++ b/kubernetes/aai/templates/data-router-deployment.yaml @@ -35,6 +35,10 @@ spec: volumeMounts: - mountPath: /opt/app/data-router/config/ name: data-router-config + - mountPath: /opt/app/data-router/config/auth/tomcat_keystore + name: data-router-tomcat-key + - mountPath: /opt/app/data-router/config/auth/client-cert-onap.p12 + name: data-router-client-cert - mountPath: /opt/app/data-router/dynamic/ name: data-router-dynamic - mountPath: /logs/ @@ -56,6 +60,12 @@ spec: - name: data-router-logs hostPath: path: "/dockerdata-nfs/{{ .Values.nsPrefix }}/aai/data-router/logs/" + - name: data-router-tomcat-key + secret: + secretName: secret-{{ .Values.nsPrefix }}-aai + - name: data-router-client-cert + secret: + secretName: secret-{{ .Values.nsPrefix }}-aai restartPolicy: Always imagePullSecrets: - name: "{{ .Values.nsPrefix }}-docker-registry-key" diff --git a/kubernetes/aai/templates/modelloader-deployment.yaml b/kubernetes/aai/templates/modelloader-deployment.yaml index 5391273d9d..ec6a9178a7 100644 --- a/kubernetes/aai/templates/modelloader-deployment.yaml +++ b/kubernetes/aai/templates/modelloader-deployment.yaml @@ -20,6 +20,8 @@ spec: volumeMounts: - mountPath: /opt/app/model-loader/config/ name: aai-model-loader-config + - mountPath: /opt/app/model-loader/config/auth/aai-os-cert.p12 + name: aai-os-cert - mountPath: /logs/ name: aai-model-loader-logs image: "{{ .Values.image.modelLoaderImage }}:{{ .Values.image.modelLoaderVersion }}" @@ -35,6 +37,9 @@ spec: - name: aai-model-loader-logs hostPath: path: "/dockerdata-nfs/{{ .Values.nsPrefix }}/aai/model-loader/logs/" + - name: aai-os-cert + secret: + secretName: secret-{{ .Values.nsPrefix }}-aai restartPolicy: Always imagePullSecrets: - name: "{{ .Values.nsPrefix }}-docker-registry-key" diff --git a/kubernetes/aai/templates/search-data-service-deployment.yaml b/kubernetes/aai/templates/search-data-service-deployment.yaml index f2db9370fd..8f4acef7cb 100644 --- a/kubernetes/aai/templates/search-data-service-deployment.yaml +++ b/kubernetes/aai/templates/search-data-service-deployment.yaml @@ -27,6 +27,8 @@ spec: volumeMounts: - mountPath: /opt/app/search-data-service/config/ name: aai-search-data-service-config + - mountPath: /opt/app/search-data-service/config/auth/tomcat_keystore + name: aai-tomcat-key - mountPath: /logs/ name: aai-search-data-service-logs ports: @@ -40,6 +42,9 @@ spec: - name: aai-search-data-service-config hostPath: path: "/dockerdata-nfs/{{ .Values.nsPrefix }}/aai/search-data-service/appconfig/" + - name: aai-tomcat-key + secret: + secretName: secret-{{ .Values.nsPrefix }}-aai - name: aai-search-data-service-logs hostPath: path: "/dockerdata-nfs/{{ .Values.nsPrefix }}/aai/search-data-service/logs/" diff --git a/kubernetes/aai/templates/sparky-be-deployment.yaml b/kubernetes/aai/templates/sparky-be-deployment.yaml index 6a8ff9308d..f4c44e28ed 100644 --- a/kubernetes/aai/templates/sparky-be-deployment.yaml +++ b/kubernetes/aai/templates/sparky-be-deployment.yaml @@ -27,6 +27,12 @@ spec: volumeMounts: - mountPath: /opt/app/sparky/config/ name: aai-sparky-be-config + - mountPath: /opt/app/sparky/config/auth/client-cert-onap.p12 + name: aai-sparky-be-client-cert + - mountPath: /opt/app/sparky/config/auth/aai-os-cert.p12 + name: aai-sparky-be-aai-os-cert + - mountPath: /opt/app/sparky/config/auth/inventory-ui-keystore + name: aai-sparky-be-inventory-key - mountPath: /logs/ name: aai-sparky-be-logs ports: @@ -43,6 +49,15 @@ spec: - name: aai-sparky-be-logs hostPath: path: "/dockerdata-nfs/{{ .Values.nsPrefix }}/aai/sparky-be/logs/" + - name: aai-sparky-be-client-cert + secret: + secretName: secret-{{ .Values.nsPrefix }}-aai + - name: aai-sparky-be-aai-os-cert + secret: + secretName: secret-{{ .Values.nsPrefix }}-aai + - name: aai-sparky-be-inventory-key + secret: + secretName: secret-{{ .Values.nsPrefix }}-aai restartPolicy: Always imagePullSecrets: - name: "{{ .Values.nsPrefix }}-docker-registry-key" diff --git a/kubernetes/config/.helmignore b/kubernetes/config/.helmignore index 4c38baed31..bc7bb96055 100644 --- a/kubernetes/config/.helmignore +++ b/kubernetes/config/.helmignore @@ -22,4 +22,5 @@ #ignore config docker image files docker -createConfig.sh
\ No newline at end of file +createConfig.sh +certs diff --git a/kubernetes/config/docker/init/src/config/aai/model-loader/appconfig/auth/aai-os-cert.p12 b/kubernetes/config/certs/aai/aai-os-cert.p12 Binary files differindex ee57120fa0..ee57120fa0 100644 --- a/kubernetes/config/docker/init/src/config/aai/model-loader/appconfig/auth/aai-os-cert.p12 +++ b/kubernetes/config/certs/aai/aai-os-cert.p12 diff --git a/kubernetes/config/docker/init/src/config/aai/data-router/appconfig/auth/client-cert-onap.p12 b/kubernetes/config/certs/aai/client-cert-onap.p12 Binary files differindex dbf4fcacec..dbf4fcacec 100644 --- a/kubernetes/config/docker/init/src/config/aai/data-router/appconfig/auth/client-cert-onap.p12 +++ b/kubernetes/config/certs/aai/client-cert-onap.p12 diff --git a/kubernetes/config/docker/init/src/config/aai/sparky-be/appconfig/auth/inventory-ui-keystore b/kubernetes/config/certs/aai/inventory-ui-keystore Binary files differindex efa01f8d79..efa01f8d79 100644 --- a/kubernetes/config/docker/init/src/config/aai/sparky-be/appconfig/auth/inventory-ui-keystore +++ b/kubernetes/config/certs/aai/inventory-ui-keystore diff --git a/kubernetes/config/docker/init/src/config/aai/data-router/appconfig/auth/tomcat_keystore b/kubernetes/config/certs/aai/tomcat_keystore Binary files differindex 9eec841aa2..9eec841aa2 100644 --- a/kubernetes/config/docker/init/src/config/aai/data-router/appconfig/auth/tomcat_keystore +++ b/kubernetes/config/certs/aai/tomcat_keystore diff --git a/kubernetes/config/docker/init/src/config/message-router/dmaap/mykey b/kubernetes/config/certs/message-router/mykey index c2b8b8779b..c2b8b8779b 100755 --- a/kubernetes/config/docker/init/src/config/message-router/dmaap/mykey +++ b/kubernetes/config/certs/message-router/mykey diff --git a/kubernetes/config/docker/init/src/config/mso/mso/aai.crt b/kubernetes/config/certs/mso/aai.crt index 4ffa426c1e..4ffa426c1e 100755 --- a/kubernetes/config/docker/init/src/config/mso/mso/aai.crt +++ b/kubernetes/config/certs/mso/aai.crt diff --git a/kubernetes/config/docker/init/src/config/mso/mso/encryption.key b/kubernetes/config/certs/mso/encryption.key index eb52241e7f..eb52241e7f 100644 --- a/kubernetes/config/docker/init/src/config/mso/mso/encryption.key +++ b/kubernetes/config/certs/mso/encryption.key diff --git a/kubernetes/config/docker/init/src/config/policy/opt/policy/config/drools/policy-keystore b/kubernetes/config/certs/policy/policy-keystore Binary files differindex ab25c3a341..ab25c3a341 100755 --- a/kubernetes/config/docker/init/src/config/policy/opt/policy/config/drools/policy-keystore +++ b/kubernetes/config/certs/policy/policy-keystore diff --git a/kubernetes/message-router/templates/message-router-dmaap.yaml b/kubernetes/message-router/templates/message-router-dmaap.yaml index 59c57f85f6..0579541cb1 100644 --- a/kubernetes/message-router/templates/message-router-dmaap.yaml +++ b/kubernetes/message-router/templates/message-router-dmaap.yaml @@ -69,7 +69,7 @@ spec: hostPath: path: /dockerdata-nfs/{{ .Values.nsPrefix }}/message-router/dmaap/cadi.properties - name: mykey - hostPath: - path: /dockerdata-nfs/{{ .Values.nsPrefix }}/message-router/dmaap/mykey + secret: + secretName: secret-{{ .Values.nsPrefix }}-message-router imagePullSecrets: - name: "{{ .Values.nsPrefix }}-docker-registry-key" diff --git a/kubernetes/mso/templates/mso-deployment.yaml b/kubernetes/mso/templates/mso-deployment.yaml index 0f3034f4cc..9414990201 100644 --- a/kubernetes/mso/templates/mso-deployment.yaml +++ b/kubernetes/mso/templates/mso-deployment.yaml @@ -49,6 +49,10 @@ spec: volumeMounts: - mountPath: /shared name: mso + - mountPath: /shared/aai.crt + name: mso-aai-crt + - mountPath: /shared/encryption.key + name: mso-key - mountPath: /docker-files name: mso-docker-files env: @@ -72,5 +76,11 @@ spec: - name: mso-docker-files hostPath: path: /dockerdata-nfs/{{ .Values.nsPrefix }}/mso/docker-files + - name: mso-aai-crt + secret: + secretName: secret-{{ .Values.nsPrefix }}-mso + - name: mso-key + secret: + secretName: secret-{{ .Values.nsPrefix }}-mso imagePullSecrets: - name: "{{ .Values.nsPrefix }}-docker-registry-key" diff --git a/kubernetes/oneclick/createAll.bash b/kubernetes/oneclick/createAll.bash index 7be2e6a7de..5012a52d20 100755 --- a/kubernetes/oneclick/createAll.bash +++ b/kubernetes/oneclick/createAll.bash @@ -39,6 +39,14 @@ create_registry_key() { check_return_code $cmd } +create_certs_secret() { + if [ -d $LOCATION/config/certs/$i/ ]; then + printf "\nCreating certs and keys secret **********\n" + _CERTS_FILES=$(find $LOCATION/config/certs/$2/ -type f | awk '$0="--from-file="$0' ORS=' ') + kubectl create secret generic secret-$1-$2 $_CERTS_FILES -n $1-$2 + fi +} + create_onap_helm() { HELM_VALUES_ADDITION="" if [[ ! -z $HELM_VALUES_FILEPATH ]]; then @@ -132,6 +140,8 @@ for i in ${HELM_APPS[@]}; do printf "\nCreating registry secret **********\n" create_registry_key $NS $i ${NS}-docker-registry-key $ONAP_DOCKER_REGISTRY $DU $DP $ONAP_DOCKER_MAIL + create_certs_secret $NS $i + printf "\nCreating deployments and services **********\n" create_onap_helm $NS $i $start diff --git a/kubernetes/oneclick/deleteAll.bash b/kubernetes/oneclick/deleteAll.bash index 40d070124a..f7c48fd18d 100755 --- a/kubernetes/oneclick/deleteAll.bash +++ b/kubernetes/oneclick/deleteAll.bash @@ -16,6 +16,13 @@ delete_registry_key() { kubectl --namespace $1-$2 delete secret ${1}-docker-registry-key } +delete_certs_secret() { + if [ -d $LOCATION/config/certs/$i/ ]; then + kubectl delete secret secret-$1-$2 -n $1-$2 + fi +} + + delete_app_helm() { helm delete $1-$2 --purge } @@ -36,8 +43,9 @@ EOF NS= INCL_SVC=false APP= +LOCATION="../" -while getopts ":n:u:s:a:" PARAM; do +while getopts ":n:u:s:a:l:" PARAM; do case $PARAM in u) usage @@ -53,6 +61,9 @@ while getopts ":n:u:s:a:" PARAM; do exit 1 fi ;; + l) + LOCATION=${OPTARG} + ;; ?) usage exit @@ -74,6 +85,7 @@ printf "\n********** Cleaning up ONAP: ${ONAP_APPS[*]}\n" for i in ${HELM_APPS[@]}; do + delete_certs_secret $NS $i delete_app_helm $NS $i delete_namespace $NS $i diff --git a/kubernetes/policy/templates/dep-drools.yaml b/kubernetes/policy/templates/dep-drools.yaml index 75055c10d8..7da046e156 100644 --- a/kubernetes/policy/templates/dep-drools.yaml +++ b/kubernetes/policy/templates/dep-drools.yaml @@ -66,6 +66,8 @@ spec: volumeMounts: - mountPath: /tmp/policy-install/config name: drools + - mountPath: /tmp/policy-install/config/policy-keystore + name: drools-keystore - mountPath: /usr/share/maven/conf/settings.xml name: drools-settingsxml volumes: @@ -75,5 +77,8 @@ spec: - name: drools hostPath: path: /dockerdata-nfs/{{ .Values.nsPrefix }}/policy/opt/policy/config/drools/ + - name: drools-keystore + secret: + secretName: secret-{{ .Values.nsPrefix }}-policy imagePullSecrets: - name: "{{ .Values.nsPrefix }}-docker-registry-key" |