diff options
5 files changed, 18 insertions, 41 deletions
diff --git a/kubernetes/portal/components/portal-sdk/requirements.yaml b/kubernetes/portal/components/portal-sdk/requirements.yaml index c5d7864b9d..00b92235f3 100644 --- a/kubernetes/portal/components/portal-sdk/requirements.yaml +++ b/kubernetes/portal/components/portal-sdk/requirements.yaml @@ -16,3 +16,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/portal/components/portal-sdk/resources/server/server.xml b/kubernetes/portal/components/portal-sdk/resources/server/server.xml index dffcfbe419..1cea5ab8f8 100644 --- a/kubernetes/portal/components/portal-sdk/resources/server/server.xml +++ b/kubernetes/portal/components/portal-sdk/resources/server/server.xml @@ -94,7 +94,7 @@ {{ if .Values.global.aafEnabled }} <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" - keystoreFile="{{.Values.aafConfig.credsPath}}/{{.Values.aafConfig.keystoreFile}}" + keystoreFile="{{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.keystoreFile}}" keystorePass="${javax.net.ssl.keyStorePassword}" clientAuth="false" sslProtocol="TLS" /> {{ end }} @@ -152,4 +152,4 @@ </Host> </Engine> </Service> -</Server>
\ No newline at end of file +</Server> diff --git a/kubernetes/portal/components/portal-sdk/templates/configmap.yaml b/kubernetes/portal/components/portal-sdk/templates/configmap.yaml index 1dbdeedd5a..5ad9910c56 100644 --- a/kubernetes/portal/components/portal-sdk/templates/configmap.yaml +++ b/kubernetes/portal/components/portal-sdk/templates/configmap.yaml @@ -26,17 +26,3 @@ metadata: data: {{ tpl (.Files.Glob "resources/config/deliveries/properties/ONAPPORTALSDK/*").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/server/*").AsConfig . | indent 2 }} - -{{ if .Values.global.aafEnabled }} -{{- if .Values.aafConfig.addconfig -}} ---- -apiVersion: v1 -kind: ConfigMap -{{- $suffix := "aaf-add-config" }} -metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }} -data: - aaf-add-config.sh: |- - /opt/app/aaf_config/bin/agent.sh;/opt/app/aaf_config/bin/agent.sh local showpass \ - {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} > {{ .Values.aafConfig.credsPath }}/mycreds.prop -{{- end -}} -{{- end -}}
\ No newline at end of file diff --git a/kubernetes/portal/components/portal-sdk/templates/deployment.yaml b/kubernetes/portal/components/portal-sdk/templates/deployment.yaml index b78ef34fa1..e7913ba1a5 100644 --- a/kubernetes/portal/components/portal-sdk/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-sdk/templates/deployment.yaml @@ -46,24 +46,22 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - {{- if .Values.global.aafEnabled }} -{{ include "common.aaf-config" . | indent 6 }} - {{- end }} +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["bash","-c"] {{- if .Values.global.aafEnabled }} - args: ["export $(grep '^c' {{ .Values.aafConfig.credsPath }}/mycreds.prop | xargs -0);\ + args: ["export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0);\ export _JAVA_OPTIONS=\"-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \ -Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\ /start-apache-tomcat.sh -b {{ .Values.global.env.tomcatDir }}"] env: - name: CATALINA_OPTS value: > - -Djavax.net.ssl.keyStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.keystoreFile }}" - -Djavax.net.ssl.trustStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.truststoreFile }}" + -Djavax.net.ssl.keyStore="{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }}" + -Djavax.net.ssl.trustStore="{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }}" {{- else }} args: ["/start-apache-tomcat.sh -b {{ .Values.global.env.tomcatDir }}"] {{- end }} @@ -82,9 +80,7 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: - {{- if .Values.global.aafEnabled }} -{{ include "common.aaf-config-volume-mountpath" . | indent 8 }} - {{- end }} +{{ include "common.certInitializer.volumeMount" . | indent 8 }} - name: properties-onapportalsdk mountPath: "{{ .Values.global.env.tomcatDir }}/conf/server.xml" subPath: server.xml @@ -148,8 +144,6 @@ spec: emptyDir: {} - name: portal-tomcat-logs emptyDir: {} - {{- if .Values.global.aafEnabled }} -{{ include "common.aaf-config-volumes" . | indent 8 }} - {{- end }} +{{ include "common.certInitializer.volumes" . | indent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/portal/components/portal-sdk/values.yaml b/kubernetes/portal/components/portal-sdk/values.yaml index 2363ec5691..47c0189c40 100644 --- a/kubernetes/portal/components/portal-sdk/values.yaml +++ b/kubernetes/portal/components/portal-sdk/values.yaml @@ -27,7 +27,6 @@ global: persistence: {} #AAF service aafEnabled: true - aafAgentImage: onap/aaf/aaf_agent:2.1.20 ################################################################# # Application configuration defaults. @@ -40,30 +39,25 @@ pullPolicy: Always #AAF local config aafURL: https://aaf-service:8100/authz/ -aafConfig: +certInitializer: + nameOverride: portal-sdk-cert-initializer aafDeployFqi: deployer@people.osaaf.org aafDeployPass: demo123456! fqdn: portal fqi: portal@portal.onap.org - publicFqdn: portal.onap.org + public_fqdn: portal.onap.org cadi_latitude: "38.0" cadi_longitude: "-72.0" credsPath: /opt/app/osaaf/local app_ns: org.osaaf.aaf permission_user: 1000 permission_group: 999 - addconfig: true - secret_uid: &aaf_secret_uid portal-sdk-aaf-deploy-creds keystoreFile: "org.onap.portal.p12" truststoreFile: "org.onap.portal.trust.jks" - -secrets: - - uid: *aaf_secret_uid - type: basicAuth - externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}' - login: '{{ .Values.aafConfig.aafDeployFqi }}' - password: '{{ .Values.aafConfig.aafDeployPass }}' - passwordPolicy: required + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh; + /opt/app/aaf_config/bin/agent.sh local showpass \ + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop # flag to enable debugging - application support required debugEnabled: false |