summaryrefslogtreecommitdiffstats
path: root/kubernetes
diff options
context:
space:
mode:
authorFiachra Corcoran <fiachra.corcoran@est.tech>2023-03-21 19:04:46 +0000
committerGerrit Code Review <gerrit@onap.org>2023-03-21 19:04:46 +0000
commit5b76eca5250aa16c7a3fcf8ef984acff2807d656 (patch)
tree2c6c07cdb10551c0a34b6a51d6ab3f656ca6ee19 /kubernetes
parentae76d2e31d845728ad34ea599a2254b77fd87132 (diff)
parentc20e4dcc49a37d645e66d211e12891280f9aa4cc (diff)
Merge "[UUI] Cleanup Helmcharts from TLS/AAF"
Diffstat (limited to 'kubernetes')
-rw-r--r--kubernetes/uui/Chart.yaml3
-rw-r--r--kubernetes/uui/components/uui-nlp/templates/ingress.yaml16
-rw-r--r--kubernetes/uui/components/uui-server/Chart.yaml3
-rw-r--r--kubernetes/uui/components/uui-server/resources/config/application.properties7
-rw-r--r--kubernetes/uui/components/uui-server/templates/deployment.yaml6
-rw-r--r--kubernetes/uui/components/uui-server/templates/ingress.yaml16
-rw-r--r--kubernetes/uui/components/uui-server/values.yaml40
-rw-r--r--kubernetes/uui/resources/config/server.xml15
-rw-r--r--kubernetes/uui/templates/deployment.yaml15
-rw-r--r--kubernetes/uui/templates/ingress.yaml16
-rw-r--r--kubernetes/uui/values.yaml45
11 files changed, 58 insertions, 124 deletions
diff --git a/kubernetes/uui/Chart.yaml b/kubernetes/uui/Chart.yaml
index 3c920dc446..ab01381793 100644
--- a/kubernetes/uui/Chart.yaml
+++ b/kubernetes/uui/Chart.yaml
@@ -30,9 +30,6 @@ dependencies:
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: uui-server
version: ~12.x-0
repository: 'file://components/uui-server'
diff --git a/kubernetes/uui/components/uui-nlp/templates/ingress.yaml b/kubernetes/uui/components/uui-nlp/templates/ingress.yaml
index 8f87c68f1e..1471cb1d75 100644
--- a/kubernetes/uui/components/uui-nlp/templates/ingress.yaml
+++ b/kubernetes/uui/components/uui-nlp/templates/ingress.yaml
@@ -1 +1,17 @@
+{{/*
+# Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
{{ include "common.ingress" . }}
diff --git a/kubernetes/uui/components/uui-server/Chart.yaml b/kubernetes/uui/components/uui-server/Chart.yaml
index a93cb669ba..99ade2256c 100644
--- a/kubernetes/uui/components/uui-server/Chart.yaml
+++ b/kubernetes/uui/components/uui-server/Chart.yaml
@@ -23,9 +23,6 @@ dependencies:
- name: common
version: ~12.x-0
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
diff --git a/kubernetes/uui/components/uui-server/resources/config/application.properties b/kubernetes/uui/components/uui-server/resources/config/application.properties
index cb26c750f9..36308c0313 100644
--- a/kubernetes/uui/components/uui-server/resources/config/application.properties
+++ b/kubernetes/uui/components/uui-server/resources/config/application.properties
@@ -46,10 +46,3 @@ logging.level.*=INFO
#enable shutdown
endpoints.shutdown.enabled=true
endpoints.shutdown.sensitive=false
-
-{{- if (include "common.needTLS" .) }}
-server.ssl.protocol=TLS
-server.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
-server.ssl.key-store-password=${KEYSTORE_PASSWORD}
-server.ssl.key-store-type=PKCS12
-{{- end }}
diff --git a/kubernetes/uui/components/uui-server/templates/deployment.yaml b/kubernetes/uui/components/uui-server/templates/deployment.yaml
index b25427a3be..3823a708bf 100644
--- a/kubernetes/uui/components/uui-server/templates/deployment.yaml
+++ b/kubernetes/uui/components/uui-server/templates/deployment.yaml
@@ -26,7 +26,7 @@ spec:
spec:
{{ include "common.podSecurityContext" . | indent 6 | trim }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }}
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ initContainers:
- command:
- sh
args:
@@ -71,7 +71,6 @@ spec:
args:
- -c
- |
- export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
bash /uui/run.sh
ports: {{ include "common.containerPorts" . | nindent 10 }}
# disable liveness probe when breakpoints set in debugger
@@ -102,7 +101,7 @@ spec:
value: --spring.config.location=file:/config/application.properties
- name: POSTGRES_DB_NAME
value: {{ .Values.postgres.config.pgDatabase }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ volumeMounts:
- mountPath: /uui/run.sh
name: entrypoint
subPath: run.sh
@@ -120,6 +119,5 @@ spec:
configMap:
name: {{ include "common.fullname" . }}-entrypoint
defaultMode: 0755
- {{ include "common.certInitializer.volumes" . | nindent 6 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/uui/components/uui-server/templates/ingress.yaml b/kubernetes/uui/components/uui-server/templates/ingress.yaml
index 8f87c68f1e..1f6ec7ab0e 100644
--- a/kubernetes/uui/components/uui-server/templates/ingress.yaml
+++ b/kubernetes/uui/components/uui-server/templates/ingress.yaml
@@ -1 +1,17 @@
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
{{ include "common.ingress" . }}
diff --git a/kubernetes/uui/components/uui-server/values.yaml b/kubernetes/uui/components/uui-server/values.yaml
index f5f8f9d095..05c7b3c32c 100644
--- a/kubernetes/uui/components/uui-server/values.yaml
+++ b/kubernetes/uui/components/uui-server/values.yaml
@@ -37,46 +37,6 @@ secrets:
password: '{{ .Values.postgres.config.pgUserPassword }}'
passwordPolicy: generate
-
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: uui-server-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: uui
- fqi: uui@uui.onap.org
- fqi_namespace: org.onap.uui
- public_fqdn: uui.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- aaf_add_config: |
- echo "*** changing them into shell safe ones"
- export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- cd {{ .Values.credsPath }}
- keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
- -storepass "${cadi_keystore_password_p12}" \
- -keystore {{ .Values.fqi_namespace }}.p12
- keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \
- -storepass "${cadi_truststore_password}" \
- -keystore {{ .Values.fqi_namespace }}.trust.jks
- echo "*** set key password as same password as keystore password"
- keytool -keypasswd -new "${KEYSTORE_PASSWORD}" \
- -keystore {{ .Values.fqi_namespace }}.jks \
- -keypass "${cadi_keystore_password_p12}" \
- -storepass "${KEYSTORE_PASSWORD}" -alias {{ .Values.fqi }}
- echo "*** save the generated passwords"
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
- echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop
- echo "*** change ownership of certificates to targeted user"
- chown -R 1000 {{ .Values.credsPath }}
-
-
#################################################################
# Application configuration defaults.
#################################################################
diff --git a/kubernetes/uui/resources/config/server.xml b/kubernetes/uui/resources/config/server.xml
index 9bb10fee67..f464074769 100644
--- a/kubernetes/uui/resources/config/server.xml
+++ b/kubernetes/uui/resources/config/server.xml
@@ -24,7 +24,7 @@
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!--APR library loader. Documentation at /docs/apr.html -->
- <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="{{ (eq "true" (include "common.needTLS" .)) | ternary "on" "off" }}" />
+ <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="off" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
@@ -61,15 +61,7 @@
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
-->
- {{ if (include "common.needTLS" .) }}
- <Connector port="8080" protocol="HTTP/1.1"
- connectionTimeout="20000"
- redirectPort="8443" />
-
- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12" keystorePass="${KEYSTORE_PASSWORD}" />
- {{ else }}
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" />
- {{ end }}
<!-- A "Connector" using the shared thread pool-->
<!--
@@ -115,12 +107,7 @@
-->
<!-- Define an AJP 1.3 Connector on port 8009 -->
- {{ if (include "common.needTLS" .) }}
- <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
- {{ else }}
<Connector port="8009" protocol="AJP/1.3" secretRequired="false" />
- {{ end }}
-
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
diff --git a/kubernetes/uui/templates/deployment.yaml b/kubernetes/uui/templates/deployment.yaml
index e0d2e71fc8..61b0b2d9fa 100644
--- a/kubernetes/uui/templates/deployment.yaml
+++ b/kubernetes/uui/templates/deployment.yaml
@@ -23,19 +23,18 @@ spec:
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ initContainers:
- command:
- sh
args:
- -c
- |
- export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
cd /config-input && for PFILE in `ls -1`
do
envsubst <${PFILE} >/config/${PFILE}
done
cat /config/server.xml
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+ volumeMounts:
- mountPath: /config-input
name: config-input
- mountPath: /config
@@ -55,10 +54,6 @@ spec:
ls -lh /opt/
echo "*** /opt/app"
ls -lh /opt/app/
- echo "*** /opt/app/osaaf/"
- ls -lh /opt/app/osaaf/
- echo "*** /opt/app/osaaf/local"
- ls -lh /opt/app/osaaf/local/
/home/uui/uuiStartup.sh
ports: {{ include "common.containerPorts" . | nindent 10 }}
# disable liveness probe when breakpoints set in debugger
@@ -75,15 +70,13 @@ spec:
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ volumeMounts:
- mountPath: /home/uui/server.xml
name: config
subPath: server.xml
- {{ if not (include "common.needTLS" .) }}
- mountPath: /home/uui/web.xml
name: config
subPath: web.xml
- {{ end }}
env:
- name: MSB_ADDR
value: {{ tpl .Values.msbaddr . }}
@@ -94,7 +87,7 @@ spec:
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+ volumes:
- name: config-input
configMap:
name: {{ include "common.fullname" . }}
diff --git a/kubernetes/uui/templates/ingress.yaml b/kubernetes/uui/templates/ingress.yaml
index 8f87c68f1e..1f6ec7ab0e 100644
--- a/kubernetes/uui/templates/ingress.yaml
+++ b/kubernetes/uui/templates/ingress.yaml
@@ -1 +1,17 @@
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
{{ include "common.ingress" . }}
diff --git a/kubernetes/uui/values.yaml b/kubernetes/uui/values.yaml
index 67f135ced4..ef1af205f8 100644
--- a/kubernetes/uui/values.yaml
+++ b/kubernetes/uui/values.yaml
@@ -19,39 +19,6 @@
global:
uuiPortPrefix: 303
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: uui-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: uui
- fqi: uui@uui.onap.org
- fqi_namespace: org.onap.uui
- public_fqdn: uui.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- aaf_add_config: |
- echo "*** changing them into shell safe ones"
- export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- cd {{ .Values.credsPath }}
- keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
- -storepass "${cadi_keystore_password_p12}" \
- -keystore {{ .Values.fqi_namespace }}.p12
- keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \
- -storepass "${cadi_truststore_password}" \
- -keystore {{ .Values.fqi_namespace }}.trust.jks
- echo "*** save the generated passwords"
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
- echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop
- echo "*** change ownership of certificates to targeted user"
- chown -R 1000 {{ .Values.credsPath }}
-
subChartsOnly:
enabled: true
@@ -94,8 +61,7 @@ service:
internalPort: 8080
ports:
- name: http
- port: 8443
- plain_port: 8080
+ port: 8080
nodePort: '98'
annotations:
msb.onap.org/service-info: |
@@ -107,12 +73,8 @@ service:
"path":"/iui/usecaseui",
"protocol": "UI",
"visualRange":"1",
- {{ if (include "common.needTLS" .) }}
- "port": "{{ include "common.getPort" (dict "global" . "name" "http") }}",
- "enable_ssl": true
- {{ else }}
+ "port": "http",
"port": "{{ include "common.getPort" (dict "global" . "name" "http" "getPlain" true) }}"
- {{ end }}
}
]{{ end }}
@@ -121,8 +83,7 @@ ingress:
service:
- baseaddr: "uui-ui"
name: "uui"
- port: 8443
- plain_port: 8080
+ port: 8080
config:
ssl: "redirect"