diff options
author | Fiachra Corcoran <fiachra.corcoran@est.tech> | 2023-03-21 19:04:46 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2023-03-21 19:04:46 +0000 |
commit | 5b76eca5250aa16c7a3fcf8ef984acff2807d656 (patch) | |
tree | 2c6c07cdb10551c0a34b6a51d6ab3f656ca6ee19 /kubernetes | |
parent | ae76d2e31d845728ad34ea599a2254b77fd87132 (diff) | |
parent | c20e4dcc49a37d645e66d211e12891280f9aa4cc (diff) |
Merge "[UUI] Cleanup Helmcharts from TLS/AAF"
Diffstat (limited to 'kubernetes')
-rw-r--r-- | kubernetes/uui/Chart.yaml | 3 | ||||
-rw-r--r-- | kubernetes/uui/components/uui-nlp/templates/ingress.yaml | 16 | ||||
-rw-r--r-- | kubernetes/uui/components/uui-server/Chart.yaml | 3 | ||||
-rw-r--r-- | kubernetes/uui/components/uui-server/resources/config/application.properties | 7 | ||||
-rw-r--r-- | kubernetes/uui/components/uui-server/templates/deployment.yaml | 6 | ||||
-rw-r--r-- | kubernetes/uui/components/uui-server/templates/ingress.yaml | 16 | ||||
-rw-r--r-- | kubernetes/uui/components/uui-server/values.yaml | 40 | ||||
-rw-r--r-- | kubernetes/uui/resources/config/server.xml | 15 | ||||
-rw-r--r-- | kubernetes/uui/templates/deployment.yaml | 15 | ||||
-rw-r--r-- | kubernetes/uui/templates/ingress.yaml | 16 | ||||
-rw-r--r-- | kubernetes/uui/values.yaml | 45 |
11 files changed, 58 insertions, 124 deletions
diff --git a/kubernetes/uui/Chart.yaml b/kubernetes/uui/Chart.yaml index 3c920dc446..ab01381793 100644 --- a/kubernetes/uui/Chart.yaml +++ b/kubernetes/uui/Chart.yaml @@ -30,9 +30,6 @@ dependencies: - name: repositoryGenerator version: ~12.x-0 repository: '@local' - - name: certInitializer - version: ~12.x-0 - repository: '@local' - name: uui-server version: ~12.x-0 repository: 'file://components/uui-server' diff --git a/kubernetes/uui/components/uui-nlp/templates/ingress.yaml b/kubernetes/uui/components/uui-nlp/templates/ingress.yaml index 8f87c68f1e..1471cb1d75 100644 --- a/kubernetes/uui/components/uui-nlp/templates/ingress.yaml +++ b/kubernetes/uui/components/uui-nlp/templates/ingress.yaml @@ -1 +1,17 @@ +{{/* +# Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + {{ include "common.ingress" . }} diff --git a/kubernetes/uui/components/uui-server/Chart.yaml b/kubernetes/uui/components/uui-server/Chart.yaml index a93cb669ba..99ade2256c 100644 --- a/kubernetes/uui/components/uui-server/Chart.yaml +++ b/kubernetes/uui/components/uui-server/Chart.yaml @@ -23,9 +23,6 @@ dependencies: - name: common version: ~12.x-0 repository: '@local' - - name: certInitializer - version: ~12.x-0 - repository: '@local' - name: repositoryGenerator version: ~12.x-0 repository: '@local' diff --git a/kubernetes/uui/components/uui-server/resources/config/application.properties b/kubernetes/uui/components/uui-server/resources/config/application.properties index cb26c750f9..36308c0313 100644 --- a/kubernetes/uui/components/uui-server/resources/config/application.properties +++ b/kubernetes/uui/components/uui-server/resources/config/application.properties @@ -46,10 +46,3 @@ logging.level.*=INFO #enable shutdown endpoints.shutdown.enabled=true endpoints.shutdown.sensitive=false - -{{- if (include "common.needTLS" .) }} -server.ssl.protocol=TLS -server.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 -server.ssl.key-store-password=${KEYSTORE_PASSWORD} -server.ssl.key-store-type=PKCS12 -{{- end }} diff --git a/kubernetes/uui/components/uui-server/templates/deployment.yaml b/kubernetes/uui/components/uui-server/templates/deployment.yaml index b25427a3be..3823a708bf 100644 --- a/kubernetes/uui/components/uui-server/templates/deployment.yaml +++ b/kubernetes/uui/components/uui-server/templates/deployment.yaml @@ -26,7 +26,7 @@ spec: spec: {{ include "common.podSecurityContext" . | indent 6 | trim }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }} - initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} + initContainers: - command: - sh args: @@ -71,7 +71,6 @@ spec: args: - -c - | - export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) bash /uui/run.sh ports: {{ include "common.containerPorts" . | nindent 10 }} # disable liveness probe when breakpoints set in debugger @@ -102,7 +101,7 @@ spec: value: --spring.config.location=file:/config/application.properties - name: POSTGRES_DB_NAME value: {{ .Values.postgres.config.pgDatabase }} - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} + volumeMounts: - mountPath: /uui/run.sh name: entrypoint subPath: run.sh @@ -120,6 +119,5 @@ spec: configMap: name: {{ include "common.fullname" . }}-entrypoint defaultMode: 0755 - {{ include "common.certInitializer.volumes" . | nindent 6 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/uui/components/uui-server/templates/ingress.yaml b/kubernetes/uui/components/uui-server/templates/ingress.yaml index 8f87c68f1e..1f6ec7ab0e 100644 --- a/kubernetes/uui/components/uui-server/templates/ingress.yaml +++ b/kubernetes/uui/components/uui-server/templates/ingress.yaml @@ -1 +1,17 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + {{ include "common.ingress" . }} diff --git a/kubernetes/uui/components/uui-server/values.yaml b/kubernetes/uui/components/uui-server/values.yaml index f5f8f9d095..05c7b3c32c 100644 --- a/kubernetes/uui/components/uui-server/values.yaml +++ b/kubernetes/uui/components/uui-server/values.yaml @@ -37,46 +37,6 @@ secrets: password: '{{ .Values.postgres.config.pgUserPassword }}' passwordPolicy: generate - -################################################################# -# AAF part -################################################################# -certInitializer: - nameOverride: uui-server-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - # aafDeployCredsExternalSecret: some secret - fqdn: uui - fqi: uui@uui.onap.org - fqi_namespace: org.onap.uui - public_fqdn: uui.onap.org - cadi_longitude: "0.0" - cadi_latitude: "0.0" - app_ns: org.osaaf.aaf - credsPath: /opt/app/osaaf/local - aaf_add_config: | - echo "*** changing them into shell safe ones" - export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) - export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) - cd {{ .Values.credsPath }} - keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \ - -storepass "${cadi_keystore_password_p12}" \ - -keystore {{ .Values.fqi_namespace }}.p12 - keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \ - -storepass "${cadi_truststore_password}" \ - -keystore {{ .Values.fqi_namespace }}.trust.jks - echo "*** set key password as same password as keystore password" - keytool -keypasswd -new "${KEYSTORE_PASSWORD}" \ - -keystore {{ .Values.fqi_namespace }}.jks \ - -keypass "${cadi_keystore_password_p12}" \ - -storepass "${KEYSTORE_PASSWORD}" -alias {{ .Values.fqi }} - echo "*** save the generated passwords" - echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop - echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop - echo "*** change ownership of certificates to targeted user" - chown -R 1000 {{ .Values.credsPath }} - - ################################################################# # Application configuration defaults. ################################################################# diff --git a/kubernetes/uui/resources/config/server.xml b/kubernetes/uui/resources/config/server.xml index 9bb10fee67..f464074769 100644 --- a/kubernetes/uui/resources/config/server.xml +++ b/kubernetes/uui/resources/config/server.xml @@ -24,7 +24,7 @@ <Listener className="org.apache.catalina.security.SecurityListener" /> --> <!--APR library loader. Documentation at /docs/apr.html --> - <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="{{ (eq "true" (include "common.needTLS" .)) | ternary "on" "off" }}" /> + <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="off" /> <!-- Prevent memory leaks due to use of particular java/javax APIs--> <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> @@ -61,15 +61,7 @@ APR (HTTP/AJP) Connector: /docs/apr.html Define a non-SSL/TLS HTTP/1.1 Connector on port 8080 --> - {{ if (include "common.needTLS" .) }} - <Connector port="8080" protocol="HTTP/1.1" - connectionTimeout="20000" - redirectPort="8443" /> - - <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12" keystorePass="${KEYSTORE_PASSWORD}" /> - {{ else }} <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" /> - {{ end }} <!-- A "Connector" using the shared thread pool--> <!-- @@ -115,12 +107,7 @@ --> <!-- Define an AJP 1.3 Connector on port 8009 --> - {{ if (include "common.needTLS" .) }} - <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> - {{ else }} <Connector port="8009" protocol="AJP/1.3" secretRequired="false" /> - {{ end }} - <!-- An Engine represents the entry point (within Catalina) that processes every request. The Engine implementation for Tomcat stand alone diff --git a/kubernetes/uui/templates/deployment.yaml b/kubernetes/uui/templates/deployment.yaml index e0d2e71fc8..61b0b2d9fa 100644 --- a/kubernetes/uui/templates/deployment.yaml +++ b/kubernetes/uui/templates/deployment.yaml @@ -23,19 +23,18 @@ spec: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: - initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} + initContainers: - command: - sh args: - -c - | - export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) cd /config-input && for PFILE in `ls -1` do envsubst <${PFILE} >/config/${PFILE} done cat /config/server.xml - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} + volumeMounts: - mountPath: /config-input name: config-input - mountPath: /config @@ -55,10 +54,6 @@ spec: ls -lh /opt/ echo "*** /opt/app" ls -lh /opt/app/ - echo "*** /opt/app/osaaf/" - ls -lh /opt/app/osaaf/ - echo "*** /opt/app/osaaf/local" - ls -lh /opt/app/osaaf/local/ /home/uui/uuiStartup.sh ports: {{ include "common.containerPorts" . | nindent 10 }} # disable liveness probe when breakpoints set in debugger @@ -75,15 +70,13 @@ spec: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} + volumeMounts: - mountPath: /home/uui/server.xml name: config subPath: server.xml - {{ if not (include "common.needTLS" .) }} - mountPath: /home/uui/web.xml name: config subPath: web.xml - {{ end }} env: - name: MSB_ADDR value: {{ tpl .Values.msbaddr . }} @@ -94,7 +87,7 @@ spec: {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | nindent 10 }} {{- end }} - volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} + volumes: - name: config-input configMap: name: {{ include "common.fullname" . }} diff --git a/kubernetes/uui/templates/ingress.yaml b/kubernetes/uui/templates/ingress.yaml index 8f87c68f1e..1f6ec7ab0e 100644 --- a/kubernetes/uui/templates/ingress.yaml +++ b/kubernetes/uui/templates/ingress.yaml @@ -1 +1,17 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + {{ include "common.ingress" . }} diff --git a/kubernetes/uui/values.yaml b/kubernetes/uui/values.yaml index 67f135ced4..ef1af205f8 100644 --- a/kubernetes/uui/values.yaml +++ b/kubernetes/uui/values.yaml @@ -19,39 +19,6 @@ global: uuiPortPrefix: 303 -################################################################# -# AAF part -################################################################# -certInitializer: - nameOverride: uui-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - # aafDeployCredsExternalSecret: some secret - fqdn: uui - fqi: uui@uui.onap.org - fqi_namespace: org.onap.uui - public_fqdn: uui.onap.org - cadi_longitude: "0.0" - cadi_latitude: "0.0" - app_ns: org.osaaf.aaf - credsPath: /opt/app/osaaf/local - aaf_add_config: | - echo "*** changing them into shell safe ones" - export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) - export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) - cd {{ .Values.credsPath }} - keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \ - -storepass "${cadi_keystore_password_p12}" \ - -keystore {{ .Values.fqi_namespace }}.p12 - keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \ - -storepass "${cadi_truststore_password}" \ - -keystore {{ .Values.fqi_namespace }}.trust.jks - echo "*** save the generated passwords" - echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop - echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop - echo "*** change ownership of certificates to targeted user" - chown -R 1000 {{ .Values.credsPath }} - subChartsOnly: enabled: true @@ -94,8 +61,7 @@ service: internalPort: 8080 ports: - name: http - port: 8443 - plain_port: 8080 + port: 8080 nodePort: '98' annotations: msb.onap.org/service-info: | @@ -107,12 +73,8 @@ service: "path":"/iui/usecaseui", "protocol": "UI", "visualRange":"1", - {{ if (include "common.needTLS" .) }} - "port": "{{ include "common.getPort" (dict "global" . "name" "http") }}", - "enable_ssl": true - {{ else }} + "port": "http", "port": "{{ include "common.getPort" (dict "global" . "name" "http" "getPlain" true) }}" - {{ end }} } ]{{ end }} @@ -121,8 +83,7 @@ ingress: service: - baseaddr: "uui-ui" name: "uui" - port: 8443 - plain_port: 8080 + port: 8080 config: ssl: "redirect" |