diff options
Diffstat (limited to 'kubernetes/aaf/charts/aaf-cert-service')
13 files changed, 0 insertions, 436 deletions
diff --git a/kubernetes/aaf/charts/aaf-cert-service/.helmignore b/kubernetes/aaf/charts/aaf-cert-service/.helmignore deleted file mode 100644 index 50af031725..0000000000 --- a/kubernetes/aaf/charts/aaf-cert-service/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/kubernetes/aaf/charts/aaf-cert-service/Chart.yaml b/kubernetes/aaf/charts/aaf-cert-service/Chart.yaml deleted file mode 100644 index 525b2ac4b6..0000000000 --- a/kubernetes/aaf/charts/aaf-cert-service/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2020 Nokia -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP AAF Cert Service -name: aaf-cert-service -version: 6.0.0 diff --git a/kubernetes/aaf/charts/aaf-cert-service/resources/certServiceClient-keystore.jks b/kubernetes/aaf/charts/aaf-cert-service/resources/certServiceClient-keystore.jks Binary files differdeleted file mode 100644 index f24908c55d..0000000000 --- a/kubernetes/aaf/charts/aaf-cert-service/resources/certServiceClient-keystore.jks +++ /dev/null diff --git a/kubernetes/aaf/charts/aaf-cert-service/resources/certServiceServer-keystore.jks b/kubernetes/aaf/charts/aaf-cert-service/resources/certServiceServer-keystore.jks Binary files differdeleted file mode 100644 index 89605b6b7a..0000000000 --- a/kubernetes/aaf/charts/aaf-cert-service/resources/certServiceServer-keystore.jks +++ /dev/null diff --git a/kubernetes/aaf/charts/aaf-cert-service/resources/certServiceServer-keystore.p12 b/kubernetes/aaf/charts/aaf-cert-service/resources/certServiceServer-keystore.p12 Binary files differdeleted file mode 100644 index 2106c817ef..0000000000 --- a/kubernetes/aaf/charts/aaf-cert-service/resources/certServiceServer-keystore.p12 +++ /dev/null diff --git a/kubernetes/aaf/charts/aaf-cert-service/resources/default/cmpServers.json b/kubernetes/aaf/charts/aaf-cert-service/resources/default/cmpServers.json deleted file mode 100644 index 358f2a82c7..0000000000 --- a/kubernetes/aaf/charts/aaf-cert-service/resources/default/cmpServers.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "cmpv2Servers": [] -}
\ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-cert-service/resources/root.crt b/kubernetes/aaf/charts/aaf-cert-service/resources/root.crt deleted file mode 100644 index faeee81357..0000000000 --- a/kubernetes/aaf/charts/aaf-cert-service/resources/root.crt +++ /dev/null @@ -1,32 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFlDCCA3ygAwIBAgIETsAy8jANBgkqhkiG9w0BAQwFADByMQswCQYDVQQGEwJQ
-TDEUMBIGA1UECBMLRG9sbnkgU2xhc2sxEDAOBgNVBAcTB1dyb2NsYXcxFTATBgNV
-BAoTDFJvb3QgQ29tcGFueTERMA8GA1UECxMIUm9vdCBPcmcxETAPBgNVBAMTCHJv
-b3QuY29tMB4XDTIwMDQwMzA5MTYxNloXDTMwMDQwMTA5MTYxNlowcjELMAkGA1UE
-BhMCUEwxFDASBgNVBAgTC0RvbG55IFNsYXNrMRAwDgYDVQQHEwdXcm9jbGF3MRUw
-EwYDVQQKEwxSb290IENvbXBhbnkxETAPBgNVBAsTCFJvb3QgT3JnMREwDwYDVQQD
-Ewhyb290LmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAImm68wu
-rtdkVrC5JI2y53+DoVE4al7NxC2yHeVW0PRD3CgW1xba6dlSQoDQQKkDkxtuNhlU
-IQxU1bbKR6syqJgpJXwSDx4sl4J5lQGWN+iuNA72C1IyXATOgowGq6PbOVVTkApy
-3+ZZGBCmweTjhvddAO7k5p8v+ePt17VvBTxSt6rSvrkGMbpCxBGAPfGpL9xykm9Z
-okVSlA42gGhbra499QTT0Yc/WPPFotKkDKFGaDrLW3NYX1Lio11myYNvLOMwfSEV
-Xy9vkwxcdqFJpHjx+EVLLQXwkudZP+D53N4bk8nP3SacbZSQ/A85mZpWNtw+r9QL
-fZGecY1YIR0udLj66CIG3ybl3gSXX7TSRERTIMR6Um1lt+039FSa18mRBpQTCDXV
-tSL58Qs5BHFkCe0sGpY+XiSEypc6oYPf/7YjiTvMT/mHhDffrvFjhK+wP/oCIg8u
-vuPRoPWuyw41bBeFGitJgDn7E8p9B4K/1DCO/ZcjXiYMgn5Hwb3ojablYUeiXs99
-2AAV8gCceUCdgcP8d6wdAydOVljavkgHPG0IMbiVG1WT57oM3HQpejgpujlKDDsI
-bi9/lbcC/U0JoN9yAaJZFr7CXJrxRv8DWeTwzMTo203KHNu9roQiERd38P8Dp6AQ
-ivmqf0+0VZM3IpjWBYKM68tclHJcG+7wyFjvAgMBAAGjMjAwMB0GA1UdDgQWBBSN
-lFyR56zh67mnvYTmmgJQVxEJrjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
-DAUAA4ICAQBczmFY0kmr1FK50glkT282ur0vukNtwXQNJONof3rYRqP2W98jID6D
-ayma0B4/H1EqCa0d66wRBxFdwW+MqOc4uWD3uUwgazrYD/Bv+V3aumaw8yX6vbyL
-hLNfpd4pViAEGtzYxYfMfFR6uzInF3NMpvt8OXCSGKiQjDMnMs0ekvUZLJm7yxwT
-Qr9aAEFYQYM/GstUC6qFfuUa4MaGvmyKWhZ10JoKXYbGGeFU4wI7Kzifh3VvawTg
-r314ZvQ3zpEwzNJpdvT5ZKuPvyN+drAKFpSPfOTFmmb3uF95FgYq33OFPpo7SR43
-tnw5u5YqKnsHmqCIRMctWiYZc8rBJ3+eBGmke6z/AN6FraG6Ejc8e4WPclrB8STb
-+oB3a4Cvri1VHyodkm50Sb/d1FAMDXvzEPBfu2D0dVvOwOcISSN/MQUom8NN4YeI
-aEATdAPNkokgehOzZ1OPRv47FKYEVPCXjaZEWAC7NNmNiRn4RQOti0DlNrLL7Nx9
-vK09G0EnW01MO2ARRkZ3dog+Ph7orJQV3sd7TO4EEortqWtbegSH75ylyYw6rt/j
-uBzYtMOnEtnQKhxj4Wj7PO+StCgspoOByn0d+iSgDd2TlpWm4naP2pfFZT0R+TOH
-wzSH0F47TSfRd0++uEz/QhViybrvQK7yMt1G1YwZp2im+imuWwUC8Q== ------END CERTIFICATE----- diff --git a/kubernetes/aaf/charts/aaf-cert-service/resources/test/cmpServers.json b/kubernetes/aaf/charts/aaf-cert-service/resources/test/cmpServers.json deleted file mode 100644 index 06e1087f60..0000000000 --- a/kubernetes/aaf/charts/aaf-cert-service/resources/test/cmpServers.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "cmpv2Servers": [ - { - "caName": "CLIENT", - "url": "http://ejbca:8080/ejbca/publicweb/cmp/cmp", - "issuerDN": "CN=ManagementCA", - "caMode": "CLIENT", - "authentication": { - "iak": "${CLIENT_IAK}", - "rv": "${CLIENT_RV}" - } - }, - { - "caName": "RA", - "url": "http://ejbca:8080/ejbca/publicweb/cmp/cmpRA", - "issuerDN": "CN=ManagementCA", - "caMode": "RA", - "authentication": { - "iak": "${RA_IAK}", - "rv": "${RA_RV}" - } - } - ] -}
\ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-cert-service/resources/truststore.jks b/kubernetes/aaf/charts/aaf-cert-service/resources/truststore.jks Binary files differdeleted file mode 100644 index c32d37fd9d..0000000000 --- a/kubernetes/aaf/charts/aaf-cert-service/resources/truststore.jks +++ /dev/null diff --git a/kubernetes/aaf/charts/aaf-cert-service/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-cert-service/templates/deployment.yaml deleted file mode 100644 index 76e610f169..0000000000 --- a/kubernetes/aaf/charts/aaf-cert-service/templates/deployment.yaml +++ /dev/null @@ -1,123 +0,0 @@ -# Copyright © 2020, Nokia -# Modifications Copyright © 2020, Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- if .Values.global.cmpv2Enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - replicas: {{ .Values.replicaCount }} - selector: {{- include "common.selectors" . | nindent 4 }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - volumes: -{{- if .Values.global.addTestingComponents }} - - name: cmp-servers-template-volume - secret: - secretName: {{ .Values.cmpServers.secret.name }} - - name: {{ .Values.cmpServers.volume.name }} - emptyDir: - medium: Memory -{{- else }} - - name: {{ .Values.cmpServers.volume.name }} - secret: - secretName: {{ .Values.cmpServers.secret.name }} -{{- end }} - - name: {{ .Values.tls.server.volume.name }} - secret: - secretName: {{ .Values.tls.server.secret.name }} -{{- if .Values.global.addTestingComponents }} - initContainers: - - name: wait-for-ejbca - command: - - /root/ready.py - args: - - --container-name - - ejbca-ejbca - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - name: subsitute-envs - image: "{{ .Values.global.envsubstImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ['sh', '-c', "cd /config-input && envsubst < cmpServers.json > {{ .Values.cmpServers.volume.mountPath }}/cmpServers.json"] - volumeMounts: - - name: cmp-servers-template-volume - mountPath: /config-input - readOnly: true - - name: {{ .Values.cmpServers.volume.name }} - mountPath: {{ .Values.cmpServers.volume.mountPath }} - readOnly: false - env: - - name: CLIENT_IAK - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-client-iak" "key" "password") | indent 14 }} - - name: CLIENT_RV - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmp-config-client-rv" "key" "password") | indent 14 }} - - name: RA_IAK - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-ra-iak" "key" "password") | indent 14 }} - - name: RA_RV - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmp-config-ra-rv" "key" "password") | indent 14 }} -{{- end }} - containers: - - name: {{ include "common.name" . }} - image: {{ .Values.repository }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: {{ include "common.containerPorts" . | nindent 10 }} - env: - - name: HTTPS_PORT - value: "{{ .Values.envs.httpsPort }}" - - name: KEYSTORE_PATH - value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.keystore.jksName }}" - - name: KEYSTORE_P12_PATH - value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.keystore.p12Name }}" - - name: TRUSTSTORE_PATH - value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.truststore.jksName }}" - - name: ROOT_CERT - value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.truststore.crtName }}" - - name: KEYSTORE_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 14 }} - - name: TRUSTSTORE_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 14 }} - livenessProbe: - exec: - command: - - /bin/bash - - -c - - {{ .Values.liveness.command }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - readinessProbe: - exec: - command: - - /bin/bash - - -c - - {{ .Values.readiness.command }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: - - name: {{ .Values.cmpServers.volume.name }} - mountPath: {{ .Values.cmpServers.volume.mountPath }} - readOnly: false - - name: {{ .Values.tls.server.volume.name }} - mountPath: {{ .Values.tls.server.volume.mountPath }} - readOnly: true - resources: {{ include "common.resources" . | nindent 12 }} -{{ end -}} diff --git a/kubernetes/aaf/charts/aaf-cert-service/templates/secret.yaml b/kubernetes/aaf/charts/aaf-cert-service/templates/secret.yaml deleted file mode 100644 index ac92f56487..0000000000 --- a/kubernetes/aaf/charts/aaf-cert-service/templates/secret.yaml +++ /dev/null @@ -1,56 +0,0 @@ -# Copyright © 2020, Nokia -# Modifications Copyright © 2020, Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- if .Values.global.cmpv2Enabled }} -{{ include "common.secretFast" . }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.cmpServers.secret.name }} -type: Opaque -data: -{{ if .Values.global.addTestingComponents }} - {{ (.Files.Glob "resources/test/cmpServers.json").AsSecrets }} -{{ else }} - {{ (.Files.Glob "resources/default/cmpServers.json").AsSecrets }} -{{ end }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.global.aaf.certServiceClient.secret.name | default .Values.tls.client.secret.defaultName }} -type: Opaque -data: - certServiceClient-keystore.jks: - {{ (.Files.Glob "resources/certServiceClient-keystore.jks").AsSecrets }} - truststore.jks: - {{ (.Files.Glob "resources/truststore.jks").AsSecrets }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Values.tls.server.secret.name }} -type: Opaque -data: - certServiceServer-keystore.jks: - {{ (.Files.Glob "resources/certServiceServer-keystore.jks").AsSecrets }} - certServiceServer-keystore.p12: - {{ (.Files.Glob "resources/certServiceServer-keystore.p12").AsSecrets }} - truststore.jks: - {{ (.Files.Glob "resources/truststore.jks").AsSecrets }} - root.crt: - {{ (.Files.Glob "resources/root.crt").AsSecrets }} -{{ end -}}
\ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-cert-service/templates/service.yaml b/kubernetes/aaf/charts/aaf-cert-service/templates/service.yaml deleted file mode 100644 index 60e2afa41d..0000000000 --- a/kubernetes/aaf/charts/aaf-cert-service/templates/service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# Copyright © 2020, Nokia -# Modifications Copyright © 2020, Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -{{- if .Values.global.cmpv2Enabled }} - {{ include "common.service" . }} -{{ end -}}
\ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-cert-service/values.yaml b/kubernetes/aaf/charts/aaf-cert-service/values.yaml deleted file mode 100644 index c2bbecd81a..0000000000 --- a/kubernetes/aaf/charts/aaf-cert-service/values.yaml +++ /dev/null @@ -1,141 +0,0 @@ -# Copyright © 2020, Nokia -# Modifications Copyright © 2020, Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Global -global: - envsubstImage: dibi/envsubst - -# Service configuration -service: - type: ClusterIP - ports: - - name: http - port: 8443 - port_protocol: http - - -# Deployment configuration -repository: nexus3.onap.org:10001 -image: onap/org.onap.aaf.certservice.aaf-certservice-api:1.0.0 -pullPolicy: Always -replicaCount: 1 - -liveness: - initialDelaySeconds: 60 - periodSeconds: 10 - command: curl https://localhost:$HTTPS_PORT/actuator/health --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD -readiness: - initialDelaySeconds: 30 - periodSeconds: 10 - command: curl https://localhost:$HTTPS_PORT/ready --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD - -flavor: small -resources: - small: - limits: - cpu: 0.5 - memory: 1Gi - requests: - cpu: 0.2 - memory: 512Mi - large: - limits: - cpu: 1 - memory: 2Gi - requests: - cpu: 0.4 - memory: 1Gi - unlimited: {} - - -# Application configuration -cmpServers: - secret: - name: aaf-cert-service-secret - volume: - name: aaf-cert-service-volume - mountPath: /etc/onap/aaf/certservice - -tls: - server: - secret: - name: aaf-cert-service-server-tls-secret - volume: - name: aaf-cert-service-server-tls-volume - mountPath: /etc/onap/aaf/certservice/certs/ - client: - secret: - defaultName: aaf-cert-service-client-tls-secret - -envs: - keystore: - jksName: certServiceServer-keystore.jks - p12Name: certServiceServer-keystore.p12 - truststore: - jksName: truststore.jks - crtName: root.crt - httpsPort: 8443 - -# External secrets with credentials can be provided to override default credentials defined below, -# by uncommenting and filling appropriate *ExternalSecret value -credentials: - tls: - keystorePassword: secret - truststorePassword: secret - #keystorePasswordExternalSecret: - #truststorePasswordExternalSecret: - # Below cmp values contain credentials for EJBCA test instance and are relevant only if global addTestingComponents flag is enabled - cmp: - #clientIakExternalSecret: - #clientRvExternalSecret: - #raIakExternalSecret: - #raRvExternalSecret: - client: {} - # iak: mypassword - # rv: unused - ra: {} - # iak: mypassword - # rv: unused - -secrets: - - uid: keystore-password - name: '{{ include "common.release" . }}-keystore-password' - type: password - externalSecret: '{{ tpl (default "" .Values.credentials.tls.keystorePasswordExternalSecret) . }}' - password: '{{ .Values.credentials.tls.keystorePassword }}' - passwordPolicy: required - - uid: truststore-password - name: '{{ include "common.release" . }}-truststore-password' - type: password - externalSecret: '{{ tpl (default "" .Values.credentials.tls.truststorePasswordExternalSecret) . }}' - password: '{{ .Values.credentials.tls.truststorePassword }}' - passwordPolicy: required - # Below values are relevant only if global addTestingComponents flag is enabled - - uid: ejbca-server-client-iak - type: password - externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientIakExternalSecret) . }}' - password: '{{ .Values.credentials.cmp.client.iak }}' - - uid: cmp-config-client-rv - type: password - externalSecret: '{{ tpl (default "" .Values.credentials.cmp.clientRvExternalSecret) . }}' - password: '{{ .Values.credentials.cmp.client.rv }}' - - uid: ejbca-server-ra-iak - type: password - externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raIakExternalSecret) . }}' - password: '{{ .Values.credentials.cmp.ra.iak }}' - - uid: cmp-config-ra-rv - type: password - externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raRvExternalSecret) . }}' - password: '{{ .Values.credentials.cmp.ra.rv }}' |