summaryrefslogtreecommitdiffstats
path: root/kubernetes
diff options
context:
space:
mode:
authorkrishnaa96 <krishna.moorthy6@wipro.com>2021-02-05 15:24:06 +0530
committerkrishnaa96 <krishna.moorthy6@wipro.com>2021-02-07 10:42:30 +0530
commitad1a3eca9ea049cab7d99569be53c4a6c781be02 (patch)
treeaf22fe225bf3bda537f6f5be375eae0f605527b2 /kubernetes
parentf812cf9697596afd71b871aaff22fd22c599da74 (diff)
[MUSIC] Make MUSIC to use cert manager
Make music to use cert manager to generate and load the certificates Issue-ID: OOM-2673 Signed-off-by: Krishna Moorthy <krishna.moorthy6@wipro.com> Change-Id: I3c655107bebb969f317bcbe87cfc6a55a1821533
Diffstat (limited to 'kubernetes')
-rw-r--r--kubernetes/common/music/requirements.yaml3
-rwxr-xr-xkubernetes/common/music/resources/config/music-sb.properties2
-rw-r--r--kubernetes/common/music/resources/keys/org.onap.music.jksbin3635 -> 0 bytes
-rw-r--r--kubernetes/common/music/resources/keys/truststoreONAPall.jksbin117990 -> 0 bytes
-rw-r--r--kubernetes/common/music/templates/deployment.yaml16
-rw-r--r--kubernetes/common/music/values.yaml32
6 files changed, 28 insertions, 25 deletions
diff --git a/kubernetes/common/music/requirements.yaml b/kubernetes/common/music/requirements.yaml
index a9566c1811..0a3c9315ab 100644
--- a/kubernetes/common/music/requirements.yaml
+++ b/kubernetes/common/music/requirements.yaml
@@ -22,3 +22,6 @@ dependencies:
- name: repositoryGenerator
version: ~7.x-0
repository: 'file://../repositoryGenerator'
+ - name: certInitializer
+ version: ~7.x-0
+ repository: 'file://../certInitializer' \ No newline at end of file
diff --git a/kubernetes/common/music/resources/config/music-sb.properties b/kubernetes/common/music/resources/config/music-sb.properties
index 751a351737..7a13f10d8e 100755
--- a/kubernetes/common/music/resources/config/music-sb.properties
+++ b/kubernetes/common/music/resources/config/music-sb.properties
@@ -6,7 +6,7 @@ server.tomcat.max-threads=100
#logging.file=/opt/app/music/logs/MUSIC/music-app.log
#logging.config=file:/opt/app/music/etc/logback.xml
security.require-ssl=true
-server.ssl.key-store=/opt/app/aafcertman/org.onap.music.jks
+server.ssl.key-store=/opt/app/aafcertman/local/org.onap.music.jks
server.ssl.key-store-password=${KEYSTORE_PASSWORD}
server.ssl.key-store-provider=SUN
server.ssl.key-store-type=JKS
diff --git a/kubernetes/common/music/resources/keys/org.onap.music.jks b/kubernetes/common/music/resources/keys/org.onap.music.jks
deleted file mode 100644
index 35d27c3ef7..0000000000
--- a/kubernetes/common/music/resources/keys/org.onap.music.jks
+++ /dev/null
Binary files differ
diff --git a/kubernetes/common/music/resources/keys/truststoreONAPall.jks b/kubernetes/common/music/resources/keys/truststoreONAPall.jks
deleted file mode 100644
index ff844b109d..0000000000
--- a/kubernetes/common/music/resources/keys/truststoreONAPall.jks
+++ /dev/null
Binary files differ
diff --git a/kubernetes/common/music/templates/deployment.yaml b/kubernetes/common/music/templates/deployment.yaml
index cf0ce8f899..1e5d3c5377 100644
--- a/kubernetes/common/music/templates/deployment.yaml
+++ b/kubernetes/common/music/templates/deployment.yaml
@@ -38,19 +38,18 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ {{ include "common.certInitializer.initContainer" . | indent 8 | trim }}
- command:
- sh
args:
- -c
- - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ - "export KEYSTORE_PASSWORD=$(cat /opt/app/aafcertman/local/.pass); cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
env:
- - name: KEYSTORE_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "music-keystore-pw" "key" "password") | indent 12}}
- name: CASSA_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cassa-secret" "key" "login") | indent 12 }}
- name: CASSA_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cassa-secret" "key" "password") | indent 12 }}
- volumeMounts:
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- mountPath: /config-input
name: properties-music-scrubbed
- mountPath: /config
@@ -87,7 +86,7 @@ spec:
value: "{{ .Values.javaOpts }}"
- name: DEBUG
value: "{{ .Values.debug }}"
- volumeMounts:
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- name: localtime
mountPath: /etc/localtime
readOnly: true
@@ -100,9 +99,7 @@ spec:
- name: properties-music-scrubbed
mountPath: /opt/app/music/etc/logback.xml
subPath: logback.xml
- - name: certs-aaf
- mountPath: /opt/app/aafcertman/
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: shared-data
emptyDir: {}
- name: certificate-vol
@@ -116,6 +113,3 @@ spec:
- name: properties-music
emptyDir:
medium: Memory
- - name: certs-aaf
- secret:
- secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "music-certs") }}
diff --git a/kubernetes/common/music/values.yaml b/kubernetes/common/music/values.yaml
index 31df352de7..25cab910a9 100644
--- a/kubernetes/common/music/values.yaml
+++ b/kubernetes/common/music/values.yaml
@@ -25,16 +25,6 @@ global:
# Secrets metaconfig
#################################################################
secrets:
- - uid: music-certs
- name: keystore.jks
- type: generic
- filePaths:
- - resources/keys/org.onap.music.jks
- - uid: music-keystore-pw
- name: keystore-pw
- type: password
- password: '{{ .Values.keystorePassword }}'
- passwordPolicy: required
- uid: cassa-secret
type: basicAuth
login: '{{ .Values.properties.cassandraUser }}'
@@ -115,8 +105,6 @@ debug: false
ingress:
enabled: false
-keystorePassword: "ysF9CVS+xvuXr0vf&fRa5lew"
-
properties:
lockUsing: "cassandra"
# Comma dilimited list of hosts
@@ -159,4 +147,22 @@ logback:
metricsLogLevel: info
auditLogLevel: info
# Values must be uppercase: INFO, WARN, CRITICAL,DEBUG etc..
- rootLogLevel: INFO \ No newline at end of file
+ rootLogLevel: INFO
+
+#sub-charts configuration
+certInitializer:
+ nameOverride: music-cert-initializer
+ fqdn: "music.onap"
+ app_ns: "org.osaaf.aaf"
+ fqi: "music@music.onap.org"
+ fqi_namespace: org.onap.music
+ public_fqdn: "music.onap.org"
+ aafDeployFqi: "deployer@people.osaaf.org"
+ aafDeployPass: demo123456!
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ appMountPath: /opt/app/aafcertman
+ aaf_add_config: >
+ cd {{ .Values.credsPath }};
+ /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} | grep cadi_keystore_password_jks= | cut -d= -f 2 > {{ .Values.credsPath }}/.pass 2>&1;