summaryrefslogtreecommitdiffstats
path: root/kubernetes
diff options
context:
space:
mode:
authorAlexis de Talhouƫt <alexis.de_talhouet@bell.ca>2017-09-13 15:27:51 +0000
committerGerrit Code Review <gerrit@onap.org>2017-09-13 15:27:51 +0000
commite6b8c84f451473fa2edc6dc44c39c055fca392d5 (patch)
tree829f2f9050e83c9da2d88cf0bb1c7ac60c48c826 /kubernetes
parentd99d1d2956c3f5afac1dfc569a3389a445b179e9 (diff)
parent59ffd500ea34c201fbb3edc39e64655fa8381be0 (diff)
Merge "moving certs and keys to k8s secrets"
Diffstat (limited to 'kubernetes')
-rw-r--r--kubernetes/aai/templates/data-router-deployment.yaml10
-rw-r--r--kubernetes/aai/templates/modelloader-deployment.yaml5
-rw-r--r--kubernetes/aai/templates/search-data-service-deployment.yaml5
-rw-r--r--kubernetes/aai/templates/sparky-be-deployment.yaml15
-rw-r--r--kubernetes/config/.helmignore3
-rw-r--r--kubernetes/config/certs/aai/aai-os-cert.p12 (renamed from kubernetes/config/docker/init/src/config/aai/model-loader/appconfig/auth/aai-os-cert.p12)bin4357 -> 4357 bytes
-rw-r--r--kubernetes/config/certs/aai/client-cert-onap.p12 (renamed from kubernetes/config/docker/init/src/config/aai/data-router/appconfig/auth/client-cert-onap.p12)bin2556 -> 2556 bytes
-rw-r--r--kubernetes/config/certs/aai/inventory-ui-keystore (renamed from kubernetes/config/docker/init/src/config/aai/sparky-be/appconfig/auth/inventory-ui-keystore)bin7201 -> 7201 bytes
-rw-r--r--kubernetes/config/certs/aai/tomcat_keystore (renamed from kubernetes/config/docker/init/src/config/aai/data-router/appconfig/auth/tomcat_keystore)bin2214 -> 2214 bytes
-rwxr-xr-xkubernetes/config/certs/message-router/mykey (renamed from kubernetes/config/docker/init/src/config/message-router/dmaap/mykey)0
-rwxr-xr-xkubernetes/config/certs/mso/aai.crt (renamed from kubernetes/config/docker/init/src/config/mso/mso/aai.crt)0
-rw-r--r--kubernetes/config/certs/mso/encryption.key (renamed from kubernetes/config/docker/init/src/config/mso/mso/encryption.key)0
-rwxr-xr-xkubernetes/config/certs/policy/policy-keystore (renamed from kubernetes/config/docker/init/src/config/policy/opt/policy/config/drools/policy-keystore)bin5640 -> 5640 bytes
-rw-r--r--kubernetes/message-router/templates/message-router-dmaap.yaml4
-rw-r--r--kubernetes/mso/templates/mso-deployment.yaml10
-rwxr-xr-xkubernetes/oneclick/createAll.bash10
-rwxr-xr-xkubernetes/oneclick/deleteAll.bash14
-rw-r--r--kubernetes/policy/templates/dep-drools.yaml5
18 files changed, 77 insertions, 4 deletions
diff --git a/kubernetes/aai/templates/data-router-deployment.yaml b/kubernetes/aai/templates/data-router-deployment.yaml
index f823061c33..0033208642 100644
--- a/kubernetes/aai/templates/data-router-deployment.yaml
+++ b/kubernetes/aai/templates/data-router-deployment.yaml
@@ -35,6 +35,10 @@ spec:
volumeMounts:
- mountPath: /opt/app/data-router/config/
name: data-router-config
+ - mountPath: /opt/app/data-router/config/auth/tomcat_keystore
+ name: data-router-tomcat-key
+ - mountPath: /opt/app/data-router/config/auth/client-cert-onap.p12
+ name: data-router-client-cert
- mountPath: /opt/app/data-router/dynamic/
name: data-router-dynamic
- mountPath: /logs/
@@ -56,6 +60,12 @@ spec:
- name: data-router-logs
hostPath:
path: "/dockerdata-nfs/{{ .Values.nsPrefix }}/aai/data-router/logs/"
+ - name: data-router-tomcat-key
+ secret:
+ secretName: secret-{{ .Values.nsPrefix }}-aai
+ - name: data-router-client-cert
+ secret:
+ secretName: secret-{{ .Values.nsPrefix }}-aai
restartPolicy: Always
imagePullSecrets:
- name: "{{ .Values.nsPrefix }}-docker-registry-key"
diff --git a/kubernetes/aai/templates/modelloader-deployment.yaml b/kubernetes/aai/templates/modelloader-deployment.yaml
index 5391273d9d..ec6a9178a7 100644
--- a/kubernetes/aai/templates/modelloader-deployment.yaml
+++ b/kubernetes/aai/templates/modelloader-deployment.yaml
@@ -20,6 +20,8 @@ spec:
volumeMounts:
- mountPath: /opt/app/model-loader/config/
name: aai-model-loader-config
+ - mountPath: /opt/app/model-loader/config/auth/aai-os-cert.p12
+ name: aai-os-cert
- mountPath: /logs/
name: aai-model-loader-logs
image: "{{ .Values.image.modelLoaderImage }}:{{ .Values.image.modelLoaderVersion }}"
@@ -35,6 +37,9 @@ spec:
- name: aai-model-loader-logs
hostPath:
path: "/dockerdata-nfs/{{ .Values.nsPrefix }}/aai/model-loader/logs/"
+ - name: aai-os-cert
+ secret:
+ secretName: secret-{{ .Values.nsPrefix }}-aai
restartPolicy: Always
imagePullSecrets:
- name: "{{ .Values.nsPrefix }}-docker-registry-key"
diff --git a/kubernetes/aai/templates/search-data-service-deployment.yaml b/kubernetes/aai/templates/search-data-service-deployment.yaml
index f2db9370fd..8f4acef7cb 100644
--- a/kubernetes/aai/templates/search-data-service-deployment.yaml
+++ b/kubernetes/aai/templates/search-data-service-deployment.yaml
@@ -27,6 +27,8 @@ spec:
volumeMounts:
- mountPath: /opt/app/search-data-service/config/
name: aai-search-data-service-config
+ - mountPath: /opt/app/search-data-service/config/auth/tomcat_keystore
+ name: aai-tomcat-key
- mountPath: /logs/
name: aai-search-data-service-logs
ports:
@@ -40,6 +42,9 @@ spec:
- name: aai-search-data-service-config
hostPath:
path: "/dockerdata-nfs/{{ .Values.nsPrefix }}/aai/search-data-service/appconfig/"
+ - name: aai-tomcat-key
+ secret:
+ secretName: secret-{{ .Values.nsPrefix }}-aai
- name: aai-search-data-service-logs
hostPath:
path: "/dockerdata-nfs/{{ .Values.nsPrefix }}/aai/search-data-service/logs/"
diff --git a/kubernetes/aai/templates/sparky-be-deployment.yaml b/kubernetes/aai/templates/sparky-be-deployment.yaml
index 6a8ff9308d..f4c44e28ed 100644
--- a/kubernetes/aai/templates/sparky-be-deployment.yaml
+++ b/kubernetes/aai/templates/sparky-be-deployment.yaml
@@ -27,6 +27,12 @@ spec:
volumeMounts:
- mountPath: /opt/app/sparky/config/
name: aai-sparky-be-config
+ - mountPath: /opt/app/sparky/config/auth/client-cert-onap.p12
+ name: aai-sparky-be-client-cert
+ - mountPath: /opt/app/sparky/config/auth/aai-os-cert.p12
+ name: aai-sparky-be-aai-os-cert
+ - mountPath: /opt/app/sparky/config/auth/inventory-ui-keystore
+ name: aai-sparky-be-inventory-key
- mountPath: /logs/
name: aai-sparky-be-logs
ports:
@@ -43,6 +49,15 @@ spec:
- name: aai-sparky-be-logs
hostPath:
path: "/dockerdata-nfs/{{ .Values.nsPrefix }}/aai/sparky-be/logs/"
+ - name: aai-sparky-be-client-cert
+ secret:
+ secretName: secret-{{ .Values.nsPrefix }}-aai
+ - name: aai-sparky-be-aai-os-cert
+ secret:
+ secretName: secret-{{ .Values.nsPrefix }}-aai
+ - name: aai-sparky-be-inventory-key
+ secret:
+ secretName: secret-{{ .Values.nsPrefix }}-aai
restartPolicy: Always
imagePullSecrets:
- name: "{{ .Values.nsPrefix }}-docker-registry-key"
diff --git a/kubernetes/config/.helmignore b/kubernetes/config/.helmignore
index 4c38baed31..bc7bb96055 100644
--- a/kubernetes/config/.helmignore
+++ b/kubernetes/config/.helmignore
@@ -22,4 +22,5 @@
#ignore config docker image files
docker
-createConfig.sh \ No newline at end of file
+createConfig.sh
+certs
diff --git a/kubernetes/config/docker/init/src/config/aai/model-loader/appconfig/auth/aai-os-cert.p12 b/kubernetes/config/certs/aai/aai-os-cert.p12
index ee57120fa0..ee57120fa0 100644
--- a/kubernetes/config/docker/init/src/config/aai/model-loader/appconfig/auth/aai-os-cert.p12
+++ b/kubernetes/config/certs/aai/aai-os-cert.p12
Binary files differ
diff --git a/kubernetes/config/docker/init/src/config/aai/data-router/appconfig/auth/client-cert-onap.p12 b/kubernetes/config/certs/aai/client-cert-onap.p12
index dbf4fcacec..dbf4fcacec 100644
--- a/kubernetes/config/docker/init/src/config/aai/data-router/appconfig/auth/client-cert-onap.p12
+++ b/kubernetes/config/certs/aai/client-cert-onap.p12
Binary files differ
diff --git a/kubernetes/config/docker/init/src/config/aai/sparky-be/appconfig/auth/inventory-ui-keystore b/kubernetes/config/certs/aai/inventory-ui-keystore
index efa01f8d79..efa01f8d79 100644
--- a/kubernetes/config/docker/init/src/config/aai/sparky-be/appconfig/auth/inventory-ui-keystore
+++ b/kubernetes/config/certs/aai/inventory-ui-keystore
Binary files differ
diff --git a/kubernetes/config/docker/init/src/config/aai/data-router/appconfig/auth/tomcat_keystore b/kubernetes/config/certs/aai/tomcat_keystore
index 9eec841aa2..9eec841aa2 100644
--- a/kubernetes/config/docker/init/src/config/aai/data-router/appconfig/auth/tomcat_keystore
+++ b/kubernetes/config/certs/aai/tomcat_keystore
Binary files differ
diff --git a/kubernetes/config/docker/init/src/config/message-router/dmaap/mykey b/kubernetes/config/certs/message-router/mykey
index c2b8b8779b..c2b8b8779b 100755
--- a/kubernetes/config/docker/init/src/config/message-router/dmaap/mykey
+++ b/kubernetes/config/certs/message-router/mykey
diff --git a/kubernetes/config/docker/init/src/config/mso/mso/aai.crt b/kubernetes/config/certs/mso/aai.crt
index 4ffa426c1e..4ffa426c1e 100755
--- a/kubernetes/config/docker/init/src/config/mso/mso/aai.crt
+++ b/kubernetes/config/certs/mso/aai.crt
diff --git a/kubernetes/config/docker/init/src/config/mso/mso/encryption.key b/kubernetes/config/certs/mso/encryption.key
index eb52241e7f..eb52241e7f 100644
--- a/kubernetes/config/docker/init/src/config/mso/mso/encryption.key
+++ b/kubernetes/config/certs/mso/encryption.key
diff --git a/kubernetes/config/docker/init/src/config/policy/opt/policy/config/drools/policy-keystore b/kubernetes/config/certs/policy/policy-keystore
index ab25c3a341..ab25c3a341 100755
--- a/kubernetes/config/docker/init/src/config/policy/opt/policy/config/drools/policy-keystore
+++ b/kubernetes/config/certs/policy/policy-keystore
Binary files differ
diff --git a/kubernetes/message-router/templates/message-router-dmaap.yaml b/kubernetes/message-router/templates/message-router-dmaap.yaml
index 59c57f85f6..0579541cb1 100644
--- a/kubernetes/message-router/templates/message-router-dmaap.yaml
+++ b/kubernetes/message-router/templates/message-router-dmaap.yaml
@@ -69,7 +69,7 @@ spec:
hostPath:
path: /dockerdata-nfs/{{ .Values.nsPrefix }}/message-router/dmaap/cadi.properties
- name: mykey
- hostPath:
- path: /dockerdata-nfs/{{ .Values.nsPrefix }}/message-router/dmaap/mykey
+ secret:
+ secretName: secret-{{ .Values.nsPrefix }}-message-router
imagePullSecrets:
- name: "{{ .Values.nsPrefix }}-docker-registry-key"
diff --git a/kubernetes/mso/templates/mso-deployment.yaml b/kubernetes/mso/templates/mso-deployment.yaml
index 0f3034f4cc..9414990201 100644
--- a/kubernetes/mso/templates/mso-deployment.yaml
+++ b/kubernetes/mso/templates/mso-deployment.yaml
@@ -49,6 +49,10 @@ spec:
volumeMounts:
- mountPath: /shared
name: mso
+ - mountPath: /shared/aai.crt
+ name: mso-aai-crt
+ - mountPath: /shared/encryption.key
+ name: mso-key
- mountPath: /docker-files
name: mso-docker-files
env:
@@ -72,5 +76,11 @@ spec:
- name: mso-docker-files
hostPath:
path: /dockerdata-nfs/{{ .Values.nsPrefix }}/mso/docker-files
+ - name: mso-aai-crt
+ secret:
+ secretName: secret-{{ .Values.nsPrefix }}-mso
+ - name: mso-key
+ secret:
+ secretName: secret-{{ .Values.nsPrefix }}-mso
imagePullSecrets:
- name: "{{ .Values.nsPrefix }}-docker-registry-key"
diff --git a/kubernetes/oneclick/createAll.bash b/kubernetes/oneclick/createAll.bash
index 7be2e6a7de..5012a52d20 100755
--- a/kubernetes/oneclick/createAll.bash
+++ b/kubernetes/oneclick/createAll.bash
@@ -39,6 +39,14 @@ create_registry_key() {
check_return_code $cmd
}
+create_certs_secret() {
+ if [ -d $LOCATION/config/certs/$i/ ]; then
+ printf "\nCreating certs and keys secret **********\n"
+ _CERTS_FILES=$(find $LOCATION/config/certs/$2/ -type f | awk '$0="--from-file="$0' ORS=' ')
+ kubectl create secret generic secret-$1-$2 $_CERTS_FILES -n $1-$2
+ fi
+}
+
create_onap_helm() {
HELM_VALUES_ADDITION=""
if [[ ! -z $HELM_VALUES_FILEPATH ]]; then
@@ -132,6 +140,8 @@ for i in ${HELM_APPS[@]}; do
printf "\nCreating registry secret **********\n"
create_registry_key $NS $i ${NS}-docker-registry-key $ONAP_DOCKER_REGISTRY $DU $DP $ONAP_DOCKER_MAIL
+ create_certs_secret $NS $i
+
printf "\nCreating deployments and services **********\n"
create_onap_helm $NS $i $start
diff --git a/kubernetes/oneclick/deleteAll.bash b/kubernetes/oneclick/deleteAll.bash
index 40d070124a..f7c48fd18d 100755
--- a/kubernetes/oneclick/deleteAll.bash
+++ b/kubernetes/oneclick/deleteAll.bash
@@ -16,6 +16,13 @@ delete_registry_key() {
kubectl --namespace $1-$2 delete secret ${1}-docker-registry-key
}
+delete_certs_secret() {
+ if [ -d $LOCATION/config/certs/$i/ ]; then
+ kubectl delete secret secret-$1-$2 -n $1-$2
+ fi
+}
+
+
delete_app_helm() {
helm delete $1-$2 --purge
}
@@ -36,8 +43,9 @@ EOF
NS=
INCL_SVC=false
APP=
+LOCATION="../"
-while getopts ":n:u:s:a:" PARAM; do
+while getopts ":n:u:s:a:l:" PARAM; do
case $PARAM in
u)
usage
@@ -53,6 +61,9 @@ while getopts ":n:u:s:a:" PARAM; do
exit 1
fi
;;
+ l)
+ LOCATION=${OPTARG}
+ ;;
?)
usage
exit
@@ -74,6 +85,7 @@ printf "\n********** Cleaning up ONAP: ${ONAP_APPS[*]}\n"
for i in ${HELM_APPS[@]}; do
+ delete_certs_secret $NS $i
delete_app_helm $NS $i
delete_namespace $NS $i
diff --git a/kubernetes/policy/templates/dep-drools.yaml b/kubernetes/policy/templates/dep-drools.yaml
index 75055c10d8..7da046e156 100644
--- a/kubernetes/policy/templates/dep-drools.yaml
+++ b/kubernetes/policy/templates/dep-drools.yaml
@@ -66,6 +66,8 @@ spec:
volumeMounts:
- mountPath: /tmp/policy-install/config
name: drools
+ - mountPath: /tmp/policy-install/config/policy-keystore
+ name: drools-keystore
- mountPath: /usr/share/maven/conf/settings.xml
name: drools-settingsxml
volumes:
@@ -75,5 +77,8 @@ spec:
- name: drools
hostPath:
path: /dockerdata-nfs/{{ .Values.nsPrefix }}/policy/opt/policy/config/drools/
+ - name: drools-keystore
+ secret:
+ secretName: secret-{{ .Values.nsPrefix }}-policy
imagePullSecrets:
- name: "{{ .Values.nsPrefix }}-docker-registry-key"