diff options
12 files changed, 42 insertions, 206 deletions
diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml index eddc7bc124..9c744f39ba 100644 --- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml +++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml @@ -61,7 +61,7 @@ apiVersion: v1 fieldPath: metadata.namespace - name: {{ include "common.name" $dot }}-aaf-config - image: {{ (default $subchartDot.Values.repository $subchartDot.Values.global.repository) }}/{{ $subchartDot.Values.global.aafAgentImage }} + image: {{ include "common.repository" $subchartDot }}/{{ $subchartDot.Values.global.aafAgentImage }} imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }} volumeMounts: - mountPath: {{ $initRoot.mountPath }} diff --git a/kubernetes/common/certInitializer/values.yaml b/kubernetes/common/certInitializer/values.yaml index b55ba5e2f3..fdee4c9bd2 100644 --- a/kubernetes/common/certInitializer/values.yaml +++ b/kubernetes/common/certInitializer/values.yaml @@ -15,6 +15,7 @@ global: readinessRepository: oomk8s readinessImage: readiness-check:2.0.2 + repository: nexus3.onap.org:10001 aafAgentImage: onap/aaf/aaf_agent:2.1.20 aafEnabled: true diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml index 94b026fab7..a873762295 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml @@ -25,4 +25,7 @@ dependencies: - name: mariadb-galera alias: mariadb version: ~6.x-0 - repository: '@local'
\ No newline at end of file + repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml index adbdb688c2..8db6edba1e 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml @@ -46,61 +46,15 @@ spec: apiVersion: v1 fieldPath: metadata.namespace {{- if .Values.global.aafEnabled }} - - name: {{ include "common.name" . }}-aaf-readiness - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /root/ready.py - args: - - --container-name - - aaf-locate - - --container-name - - aaf-cm - - --container-name - - aaf-service - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: {{ include "common.name" . }}-dr-prov-aaf-config - image: "{{ include "common.repository" . }}/{{ .Values.global.aafAgentImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["bash","-c","exec /opt/app/aaf_config/bin/agent.sh"] - volumeMounts: - - mountPath: {{ .Values.persistence.aafCredsPath }} - name: {{ include "common.fullname" . }}-aaf-config-vol - env: - - name: APP_FQI - value: "{{ .Values.aafConfig.fqi }}" - - name: aaf_locate_url - value: "https://aaf-locate.{{ .Release.Namespace }}:8095" - - name: aaf_locator_container - value: "{{ .Values.global.aafLocatorContainer }}" - - name: aaf_locator_container_ns - value: "{{ .Release.Namespace }}" - - name: aaf_locator_fqdn - value: "{{ .Values.aafConfig.fqdn }}" - - name: aaf_locator_public_fqdn - value: "{{.Values.aafConfig.publicFqdn}}" - - name: aaf_locator_app_ns - value: "{{ .Values.global.aafAppNs }}" - - name: DEPLOY_FQI - value: "{{ .Values.aafConfig.aafDeployFqi }}" - - name: DEPLOY_PASSWORD - value: "{{ .Values.aafConfig.aafDeployPass }}" - - name: cadi_longitude - value: "{{ .Values.aafConfig.cadiLongitude }}" - - name: cadi_latitude - value: "{{ .Values.aafConfig.cadiLatitude }}" + + {{ include "common.certInitializer.initContainer" . | nindent 8 }} + - name: {{ include "common.name" . }}-permission-fixer image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: {{ .Values.persistence.aafCredsPath }} - name: {{ include "common.fullname" . }}-aaf-config-vol + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} command: ["chown","-Rf","1000:1001", "/opt/app/"] + {{ end }} containers: - name: {{ include "common.name" . }} @@ -125,11 +79,7 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "login") | indent 12 }} - name: DB_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "password") | indent 12 }} - volumeMounts: - {{- if .Values.global.aafEnabled }} - - mountPath: {{ .Values.persistence.aafCredsPath }} - name: {{ include "common.fullname" . }}-aaf-config-vol - {{- end }} + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - mountPath: /etc/localtime name: localtime readOnly: false @@ -163,7 +113,7 @@ spec: mountPath: /usr/share/filebeat/data - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap/datarouter-prov - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: localtime hostPath: path: /etc/localtime @@ -183,14 +133,5 @@ spec: emptyDir: {} - name: {{ include "common.fullname" . }}-logs emptyDir: {} - {{- if .Values.global.aafEnabled }} - - name: {{ include "common.fullname" . }}-aaf-config-vol - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ include "common.fullname" . }}-aaf-props - {{- else }} - emptyDir: {} - {{- end }} - {{- end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/pv.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/pv.yaml deleted file mode 100644 index 1a09a81a0e..0000000000 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/pv.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{/* - # ============LICENSE_START======================================================= - # Copyright (C) 2019 Nordix Foundation. - # ================================================================================ - # Licensed under the Apache License, Version 2.0 (the "License"); - # you may not use this file except in compliance with the License. - # You may obtain a copy of the License at - # - # http://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, - # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - # See the License for the specific language governing permissions and - # limitations under the License. - # - # SPDX-License-Identifier: Apache-2.0 - # ============LICENSE_END========================================================= -*/}} -{{- if .Values.global.aafEnabled }} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} -{{- if eq "True" (include "common.needPV" .) -}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-aaf-props - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }}-aaf-props - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }}-aaf-props -spec: - capacity: - storage: {{ .Values.persistence.aafCredsSize}} - accessModes: - - {{ .Values.persistence.accessMode }} - storageClassName: "{{ include "common.fullname" . }}-data" - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} - hostPath: - path: {{ .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.aafCredsMountSubPath }} -{{ end -}} -{{- end -}} -{{- end -}} diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/pvc.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/pvc.yaml deleted file mode 100644 index c6ac7497b5..0000000000 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/pvc.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{/* - # ============LICENSE_START======================================================= - # Copyright (C) 2019 Nordix Foundation. - # ================================================================================ - # Licensed under the Apache License, Version 2.0 (the "License"); - # you may not use this file except in compliance with the License. - # You may obtain a copy of the License at - # - # http://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, - # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - # See the License for the specific language governing permissions and - # limitations under the License. - # - # SPDX-License-Identifier: Apache-2.0 - # ============LICENSE_END========================================================= -*/}} -{{- if .Values.global.aafEnabled }} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-aaf-props - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode }} - storageClassName: {{ include "common.storageClass" . }} - resources: - requests: - storage: {{ .Values.persistence.aafCredsSize }} -{{ end -}} -{{ end -}} diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml index 3fb90f0533..1cf2e583d1 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml @@ -25,7 +25,7 @@ global: ################################################################# secrets: - uid: dmaap-dr-db-user-secret - name: '{{ include "common.release" . }}-dmaap-dr-db-user-secret' + name: &dbSecretName '{{ include "common.release" . }}-dmaap-dr-db-user-secret' type: basicAuth externalSecret: '{{ tpl (default "" .Values.config.dmaapDrDb.userCredentialsExternalSecret) . }}' login: '{{ .Values.config.dmaapDrDb.userName }}' @@ -69,10 +69,6 @@ persistence: accessMode: ReadWriteOnce mountPath: /dockerdata-nfs - aafCredsMountSubPath: data-router/dr-prov/aaf-props - aafCredsSize: 10M - aafCredsPath: /opt/app/osaaf/local - ingress: enabled: false service: @@ -111,7 +107,7 @@ mariadb: nameOverride: dmaap-dr-db replicaCount: 2 config: - userCredentialsExternalSecret: '{{ include "common.release" . }}-dmaap-dr-db-user-secret' + userCredentialsExternalSecret: *dbSecretName mysqlDatabase: datarouter service: name: dmaap-dr-db-svc @@ -121,15 +117,22 @@ mariadb: size: 1Gi mountSubPath: data-router/dr-db-data -#AAF local config -aafConfig: +################################################################# +# AAF part +################################################################# +certInitializer: + nameOverride: dmaap-dr-prov-cert-initializer aafDeployFqi: deployer@people.osaaf.org aafDeployPass: demo123456! +# aafDeployCredsExternalSecret: some secret fqdn: dmaap-dr-prov fqi: dmaap-dr-prov@dmaap-dr.onap.org publicFqdn: dmaap-dr.onap.org cadiLatitude: 0.0 cadiLongitude: 0.0 + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/portal/components/portal-sdk/requirements.yaml b/kubernetes/portal/components/portal-sdk/requirements.yaml index c5d7864b9d..00b92235f3 100644 --- a/kubernetes/portal/components/portal-sdk/requirements.yaml +++ b/kubernetes/portal/components/portal-sdk/requirements.yaml @@ -16,3 +16,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/portal/components/portal-sdk/resources/server/server.xml b/kubernetes/portal/components/portal-sdk/resources/server/server.xml index dffcfbe419..1cea5ab8f8 100644 --- a/kubernetes/portal/components/portal-sdk/resources/server/server.xml +++ b/kubernetes/portal/components/portal-sdk/resources/server/server.xml @@ -94,7 +94,7 @@ {{ if .Values.global.aafEnabled }} <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" - keystoreFile="{{.Values.aafConfig.credsPath}}/{{.Values.aafConfig.keystoreFile}}" + keystoreFile="{{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.keystoreFile}}" keystorePass="${javax.net.ssl.keyStorePassword}" clientAuth="false" sslProtocol="TLS" /> {{ end }} @@ -152,4 +152,4 @@ </Host> </Engine> </Service> -</Server>
\ No newline at end of file +</Server> diff --git a/kubernetes/portal/components/portal-sdk/templates/configmap.yaml b/kubernetes/portal/components/portal-sdk/templates/configmap.yaml index 1dbdeedd5a..5ad9910c56 100644 --- a/kubernetes/portal/components/portal-sdk/templates/configmap.yaml +++ b/kubernetes/portal/components/portal-sdk/templates/configmap.yaml @@ -26,17 +26,3 @@ metadata: data: {{ tpl (.Files.Glob "resources/config/deliveries/properties/ONAPPORTALSDK/*").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/server/*").AsConfig . | indent 2 }} - -{{ if .Values.global.aafEnabled }} -{{- if .Values.aafConfig.addconfig -}} ---- -apiVersion: v1 -kind: ConfigMap -{{- $suffix := "aaf-add-config" }} -metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }} -data: - aaf-add-config.sh: |- - /opt/app/aaf_config/bin/agent.sh;/opt/app/aaf_config/bin/agent.sh local showpass \ - {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} > {{ .Values.aafConfig.credsPath }}/mycreds.prop -{{- end -}} -{{- end -}}
\ No newline at end of file diff --git a/kubernetes/portal/components/portal-sdk/templates/deployment.yaml b/kubernetes/portal/components/portal-sdk/templates/deployment.yaml index b78ef34fa1..e7913ba1a5 100644 --- a/kubernetes/portal/components/portal-sdk/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-sdk/templates/deployment.yaml @@ -46,24 +46,22 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - {{- if .Values.global.aafEnabled }} -{{ include "common.aaf-config" . | indent 6 }} - {{- end }} +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["bash","-c"] {{- if .Values.global.aafEnabled }} - args: ["export $(grep '^c' {{ .Values.aafConfig.credsPath }}/mycreds.prop | xargs -0);\ + args: ["export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0);\ export _JAVA_OPTIONS=\"-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \ -Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\ /start-apache-tomcat.sh -b {{ .Values.global.env.tomcatDir }}"] env: - name: CATALINA_OPTS value: > - -Djavax.net.ssl.keyStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.keystoreFile }}" - -Djavax.net.ssl.trustStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.truststoreFile }}" + -Djavax.net.ssl.keyStore="{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }}" + -Djavax.net.ssl.trustStore="{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }}" {{- else }} args: ["/start-apache-tomcat.sh -b {{ .Values.global.env.tomcatDir }}"] {{- end }} @@ -82,9 +80,7 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: - {{- if .Values.global.aafEnabled }} -{{ include "common.aaf-config-volume-mountpath" . | indent 8 }} - {{- end }} +{{ include "common.certInitializer.volumeMount" . | indent 8 }} - name: properties-onapportalsdk mountPath: "{{ .Values.global.env.tomcatDir }}/conf/server.xml" subPath: server.xml @@ -148,8 +144,6 @@ spec: emptyDir: {} - name: portal-tomcat-logs emptyDir: {} - {{- if .Values.global.aafEnabled }} -{{ include "common.aaf-config-volumes" . | indent 8 }} - {{- end }} +{{ include "common.certInitializer.volumes" . | indent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/portal/components/portal-sdk/values.yaml b/kubernetes/portal/components/portal-sdk/values.yaml index 2363ec5691..47c0189c40 100644 --- a/kubernetes/portal/components/portal-sdk/values.yaml +++ b/kubernetes/portal/components/portal-sdk/values.yaml @@ -27,7 +27,6 @@ global: persistence: {} #AAF service aafEnabled: true - aafAgentImage: onap/aaf/aaf_agent:2.1.20 ################################################################# # Application configuration defaults. @@ -40,30 +39,25 @@ pullPolicy: Always #AAF local config aafURL: https://aaf-service:8100/authz/ -aafConfig: +certInitializer: + nameOverride: portal-sdk-cert-initializer aafDeployFqi: deployer@people.osaaf.org aafDeployPass: demo123456! fqdn: portal fqi: portal@portal.onap.org - publicFqdn: portal.onap.org + public_fqdn: portal.onap.org cadi_latitude: "38.0" cadi_longitude: "-72.0" credsPath: /opt/app/osaaf/local app_ns: org.osaaf.aaf permission_user: 1000 permission_group: 999 - addconfig: true - secret_uid: &aaf_secret_uid portal-sdk-aaf-deploy-creds keystoreFile: "org.onap.portal.p12" truststoreFile: "org.onap.portal.trust.jks" - -secrets: - - uid: *aaf_secret_uid - type: basicAuth - externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}' - login: '{{ .Values.aafConfig.aafDeployFqi }}' - password: '{{ .Values.aafConfig.aafDeployPass }}' - passwordPolicy: required + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh; + /opt/app/aaf_config/bin/agent.sh local showpass \ + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop # flag to enable debugging - application support required debugEnabled: false |