diff options
Diffstat (limited to 'kubernetes/aai')
61 files changed, 75 insertions, 1373 deletions
diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/client-cert.p12 b/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/client-cert.p12 Binary files differdeleted file mode 100644 index dbf4fcacec..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/client-cert.p12 +++ /dev/null diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/tomcat_keystore Binary files differdeleted file mode 100644 index 9eec841aa2..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/tomcat_keystore +++ /dev/null diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/fproxy.properties b/kubernetes/aai/components/aai-babel/resources/fproxy/config/fproxy.properties deleted file mode 100644 index f512fb71a6..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/fproxy/config/fproxy.properties +++ /dev/null @@ -1,2 +0,0 @@ -credential.cache.timeout.ms=180000 -transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-babel/resources/fproxy/config/logback-spring.xml deleted file mode 100644 index 0637cfb84b..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/fproxy/config/logback-spring.xml +++ /dev/null @@ -1,45 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<configuration> - - <property name="LOGS" value="./logs/AAF-FPS" /> - <property name="FILEPREFIX" value="application" /> - - <appender name="Console" - class="ch.qos.logback.core.ConsoleAppender"> - <layout class="ch.qos.logback.classic.PatternLayout"> - <Pattern> - %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable - </Pattern> - </layout> - </appender> - - <appender name="RollingFile" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${LOGS}/${FILEPREFIX}.log</file> - <encoder - class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> - <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> - </encoder> - - <rollingPolicy - class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <!-- rollover daily and when the file reaches 10 MegaBytes --> - <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log - </fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy - class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>10MB</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - </rollingPolicy> - </appender> - - <!-- LOG everything at INFO level --> - <root level="info"> - <appender-ref ref="RollingFile" /> - <appender-ref ref="Console" /> - </root> - - <!-- LOG "com.baeldung*" at TRACE level --> - <logger name="org.onap.aaf.fproxy" level="info" /> - -</configuration>
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/readme.txt b/kubernetes/aai/components/aai-babel/resources/fproxy/config/readme.txt deleted file mode 100644 index 79cf29e73c..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/fproxy/config/readme.txt +++ /dev/null @@ -1 +0,0 @@ -Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/client-cert.p12 b/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/client-cert.p12 Binary files differdeleted file mode 100644 index dbf4fcacec..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/client-cert.p12 +++ /dev/null diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/tomcat_keystore Binary files differdeleted file mode 100644 index 99129c145f..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/tomcat_keystore +++ /dev/null diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/uri-authorization.json deleted file mode 100644 index acc940987c..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/uri-authorization.json +++ /dev/null @@ -1,93 +0,0 @@ -[ - { - "uri": "\/not\/allowed\/at\/all$", - "permissions": [ - "test.auth.access.ifYouLikedItYouShouldHavePutAPermissionOnIt" - ] - }, - { - "uri": "\/one\/auth\/required$", - "permissions": [ - "test.auth.access.aSimpleSingleAuth" - ] - }, - { - "uri": "\/multi\/auth\/required$", - "permissions": [ - "test.auth.access.aMultipleAuth1", - "test.auth.access.aMultipleAuth2", - "test.auth.access.aMultipleAuth3" - ] - }, - { - "uri": "\/one\/[^\/]+\/required$", - "permissions": [ - "test.auth.access.aSimpleSingleAuth" - ] - }, - { - "uri": "\/services\/getAAFRequest$", - "permissions": [ - "test.auth.access|services|GET,PUT" - ] - }, - { - "uri": "\/admin\/getAAFRequest$", - "permissions": [ - "test.auth.access|admin|GET,PUT,POST" - ] - }, - { - "uri": "\/service\/aai\/webapp\/index.html$", - "permissions": [ - "test.auth.access|services|GET,PUT" - ] - }, - { - "uri": "\/services\/aai\/webapp\/index.html$", - "permissions": [ - "test.auth.access|services|GET,PUT" - ] - }, - { - "uri": "\/$", - "permissions": [ - "\\|services\\|GET", - "test\\.auth\\.access\\|services\\|GET,PUT" - ] - }, - { - "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions$", - "permissions": [ - "test\\.auth\\.access\\|rest\\|read" - ] - }, - { - "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*", - "permissions": [ - "test.auth.access|clouds|read", - "test.auth.access|tenants|read" - ] - }, - { - "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$", - "permissions": [ - "test.auth.access|clouds|read", - "test.auth.access|tenants|read", - "test.auth.access|vservers|read" - ] - }, - { - "uri": "\/backend$", - "permissions": [ - "test\\.auth\\.access\\|services\\|GET,PUT", - "\\|services\\|GET" - ] - }, - { - "uri": "\/services\/babel-service\/.*", - "permissions": [ - "org\\.access\\|\\*\\|\\*" - ] - } -] diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/cadi.properties b/kubernetes/aai/components/aai-babel/resources/rproxy/config/cadi.properties deleted file mode 100644 index 188c55bee2..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/cadi.properties +++ /dev/null @@ -1,27 +0,0 @@ -{{/* -# This is a normal Java Properties File -# Comments are with Pound Signs at beginning of lines, -# and multi-line expression of properties can be obtained by backslash at end of line - -#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below -#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name -#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com -#to your hosts file on your machine. -#hostname=test.aic.cip.att.com -*/}} - -cadi_loglevel=DEBUG -cadi_keyfile=/opt/app/rproxy/config/security/keyfile - -cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore -cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 - -# Configure AAF -aaf_url=https://{{.Values.global.aaf.serverHostname}}:{{.Values.global.aaf.serverPort}} -aaf_env=DEV - -aaf_id=demo@people.osaaf.org -aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz - -# This is a colon separated list of client cert issuers -cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/forward-proxy.properties b/kubernetes/aai/components/aai-babel/resources/rproxy/config/forward-proxy.properties deleted file mode 100644 index 1b58d4235c..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/forward-proxy.properties +++ /dev/null @@ -1,4 +0,0 @@ -forward-proxy.protocol = https -forward-proxy.host = localhost -forward-proxy.port = 10680 -forward-proxy.cacheurl = /credential-cache
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-babel/resources/rproxy/config/logback-spring.xml deleted file mode 100644 index 2cd95d4c69..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/logback-spring.xml +++ /dev/null @@ -1,45 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<configuration> - - <property name="LOGS" value="./logs/reverse-proxy" /> - <property name="FILEPREFIX" value="application" /> - - <appender name="Console" - class="ch.qos.logback.core.ConsoleAppender"> - <layout class="ch.qos.logback.classic.PatternLayout"> - <Pattern> - %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable - </Pattern> - </layout> - </appender> - - <appender name="RollingFile" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${LOGS}/${FILEPREFIX}.log</file> - <encoder - class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> - <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> - </encoder> - - <rollingPolicy - class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <!-- rollover daily and when the file reaches 10 MegaBytes --> - <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log - </fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy - class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>10MB</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - </rollingPolicy> - </appender> - - <!-- LOG everything at INFO level --> - <root level="info"> - <appender-ref ref="RollingFile" /> - <appender-ref ref="Console" /> - </root> - - <!-- LOG "com.baeldung*" at TRACE level --> - <logger name="org.onap.aaf.rproxy" level="info" /> - -</configuration> diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/primary-service.properties b/kubernetes/aai/components/aai-babel/resources/rproxy/config/primary-service.properties deleted file mode 100644 index 7055bf5303..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/primary-service.properties +++ /dev/null @@ -1,3 +0,0 @@ -primary-service.protocol = https -primary-service.host = localhost -primary-service.port = 9516 diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/readme.txt b/kubernetes/aai/components/aai-babel/resources/rproxy/config/readme.txt deleted file mode 100644 index 79cf29e73c..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/readme.txt +++ /dev/null @@ -1 +0,0 @@ -Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/reverse-proxy.properties b/kubernetes/aai/components/aai-babel/resources/rproxy/config/reverse-proxy.properties deleted file mode 100644 index 8d46e1f429..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/reverse-proxy.properties +++ /dev/null @@ -1 +0,0 @@ -transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/security/keyfile b/kubernetes/aai/components/aai-babel/resources/rproxy/config/security/keyfile deleted file mode 100644 index 6cd12fcfb4..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/rproxy/config/security/keyfile +++ /dev/null @@ -1,27 +0,0 @@ -bZNOXiGDJ2_eiKBKWYLIFx27URvb-SWfmOl2d-QKetcVKIupOrsG-ScS_VXOtKN3Yxfb2cR6t7oM -1RNpDnhsKAxDLM6A62IkS_h_Rp3Q9c2JeyomVmyiuHR7a2ARbelaMrX8WDrxXI_t9ce4pIHDVE29 -xiQm3Bdp7d7IiKkgg-ipvOU7Y6NEzeQbvHlHvRTJ3ZZMSwHxBOA5M8DhKN-AF1sqwozEVaNAuJxK -BVdh72A6KTW7ieb_GvVQQp8h32BuOz8oJhZV7KaGXsWTEvXg9ImboY0h7Sl9hufgn1ZtDK1jxzGm -6O6LBg1qezzZaFGTXRmHvaeYmEeYSu0bGsU4x-JCU0RyhNTzFhkhjNoccaqPXBdcJymLf096mD99 -QLS8nyji_KtLQJL1fqr500c8p6SOURLPgG6Gzkn4ghgFYlfgve92xs1R3ggHKhNTLV4HJ4O6iSDm -zCoHeRbsZR1JER9yxT-v8NtcHOMAZe1oDQeY6jVyxb-bhaonN6eZPI4nyF6MHJQtWKhGARC_kOs6 -x9E0ZdAEp5TrX7F7J5PwkXzbCOuSiTVftOBum43iUB4q9He8tn2tJ0X4LtLHT3bPl16wWnZm9RPf -8wBtTJh4QP_cTStPq1ftSaLIAuqVFpbiC2DxGemXZn3QvykuYqa-rKeYPoIJ5dtWd5rNb_hhcSIz -FakKTELb0HWYGji98TBF6PaStea2f2m-wGX_uQGD7_Dijl6AgnV9koKVs1bN1XljLtNMPbLdD8sz -UCvc5lwvCFyyeunljI7os1fgwBmaMyckflq5VfZv9kFxom6jFLbcozylQ_uBg4j7oCP79IXVUI-r -banZltOSmm8zHGc2R9UlUyxJWBi01yxwi1hUtn9g1H4RtncQpu3BY0Qvu5YLAmS5imivUnGVZWbv -6wcqnJt5HwaVatE9NHONSLNTViQPsUOutWZBZxhJtAncdZuWOYZSh4TPzUJWvt6zT0E3YMBc_UuG -yPmdLyqo7qGHR8YWRqq_vq6ISJqENMnVD6X9-BeI6KM4GPEAlDWyhgENXxQFjG45ufg3UpP8LBTB -xDntlfkphRumsd13-8IlvwVtlpgnbuCMbwP_-lNVeNJcdA1InPt79oY-SEVZ-RVM1881ZASCnFeB -lh3BTc_bGQ8YoC9s6iHtcCK_1SdbwzBfQBJUqqcYsa8hJLe-j8di7KCaFzI3a-UXWKuuWljpbKbq -ibd48UFJt_34_GxkD6bmLxycuNH-og2Sd2VcYU0o5UarcrY4-2sgFPE7Mzxovrl98uayfgNF9DqE -fJ4MwFGqLRtEHlm4zfuMxQ5Rh_giMUHDJApc1DYRkxdGbNUd4bC4aRBln2IhN-rNKbSVtiW_uT6v -1KTMGmElvktjPWybJd2SvhT5qOLUM81-cmZzAsNa04jxZLBlQn_1fel3IroVos4Ohbdhar2NG6T5 -liten9RZ9P4Cg9RWhgeQonAD5kqLWXAHnCfffb5CVcAU5PHqkCgCbdThvD0-zIGETLO9AE0jKISc -0o67CUZn3MzJ9pP_3gh-ALr2w-KAwqasqCf0igf1wmEDijv9wEDcgDm39ERIElTpGKgfyuVl4F8u -PrpK5ZfpUYySUB6CZFQVVz0MvH6E7orQk4dCKFIimV_XwEtGijBttrTvyV6xYNScAEw_olt-0mdm -8UEKSsuqSyDMxUWLjKJT19rNedahYJNtI87WR9Fhhjsrai9Or3a-srOYa56wcvSj2ZHbkevbO9Xv -dQ2wzWCGEAMQSpSr83n0XEpR2pZT19Z19Svbhr08mnt2JNykCk60FLCeDTUOylJtYw6YOjqBizQZ --85B51BCbSEaAKJkgT9-8n_-LGW5aPBrBB_9FT7UIYczNEt3B1Lqr2s4ipPI_36JecEfqaS2cNLn -c0ObAtNGAONkhO5LYLneMR3fZPMFuOX1-rMObPgE0i9dYqWDZ_30w9rpRsmiWyxYi5lvWDxU5L1J -uJxwREz3oa_VgpSC3Y2oxCufdQwzBk57iVLDOb1qs_Hwj1SWd1nukWyAo2-g5sR1folAEcao
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/templates/configmap.yaml b/kubernetes/aai/components/aai-babel/templates/configmap.yaml index cdd2a4fefe..baee38c0e2 100644 --- a/kubernetes/aai/components/aai-babel/templates/configmap.yaml +++ b/kubernetes/aai/components/aai-babel/templates/configmap.yaml @@ -1,6 +1,7 @@ {{/* # Copyright © 2018 Amdocs, AT&T # Modifications Copyright © 2018 Bell Canada +# Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -27,46 +28,3 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} - -{{ if .Values.global.installSidecarSecurity }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-fproxy-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-fproxy-log-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-rproxy-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-rproxy-log-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }} -{{ end }}
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/templates/deployment.yaml b/kubernetes/aai/components/aai-babel/templates/deployment.yaml index e75815ecb6..9fe386a3c6 100644 --- a/kubernetes/aai/components/aai-babel/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-babel/templates/deployment.yaml @@ -1,7 +1,7 @@ {{/* # Copyright © 2018 Amdocs, AT&T # Modifications Copyright © 2018 Bell Canada -# Modifications Copyright © 2020 Orange +# Modifications Copyright © 2020,2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -37,19 +37,6 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - {{ if .Values.global.installSidecarSecurity }} - hostAliases: - - ip: {{ .Values.global.aaf.serverIp }} - hostnames: - - {{ .Values.global.aaf.serverHostname }} - - initContainers: - - name: {{ .Values.global.tproxyConfig.name }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tproxyConfig.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - securityContext: - privileged: true - {{ end }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} @@ -127,79 +114,6 @@ spec: - mountPath: /usr/share/filebeat/data name: aai-filebeat - {{ if .Values.global.installSidecarSecurity }} - - name: {{ .Values.global.rproxy.name }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.rproxy.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: CONFIG_HOME - value: "/opt/app/rproxy/config" - - name: KEY_STORE_PASSWORD - value: {{ .Values.config.keyStorePassword }} - - name: spring_profiles_active - value: {{ .Values.global.rproxy.activeSpringProfiles }} - volumeMounts: - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/forward-proxy.properties - subPath: forward-proxy.properties - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/primary-service.properties - subPath: primary-service.properties - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/reverse-proxy.properties - subPath: reverse-proxy.properties - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/cadi.properties - subPath: cadi.properties - - name: {{ include "common.fullname" . }}-rproxy-log-config - mountPath: /opt/app/rproxy/config/logback-spring.xml - subPath: logback-spring.xml - - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - mountPath: /opt/app/rproxy/config/auth/uri-authorization.json - subPath: uri-authorization.json - - name: {{ include "common.fullname" . }}-rproxy-auth-config - mountPath: /opt/app/rproxy/config/auth/tomcat_keystore - subPath: tomcat_keystore - - name: {{ include "common.fullname" . }}-rproxy-auth-config - mountPath: /opt/app/rproxy/config/auth/client-cert.p12 - subPath: client-cert.p12 - - name: {{ include "common.fullname" . }}-rproxy-auth-config - mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks - subPath: aaf_truststore.jks - - name: {{ include "common.fullname" . }}-rproxy-security-config - mountPath: /opt/app/rproxy/config/security/keyfile - subPath: keyfile - - ports: - - containerPort: {{ .Values.global.rproxy.port }} - - - name: {{ .Values.global.fproxy.name }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.fproxy.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: CONFIG_HOME - value: "/opt/app/fproxy/config" - - name: KEY_STORE_PASSWORD - value: {{ .Values.config.keyStorePassword }} - - name: spring_profiles_active - value: {{ .Values.global.fproxy.activeSpringProfiles }} - volumeMounts: - - name: {{ include "common.fullname" . }}-fproxy-config - mountPath: /opt/app/fproxy/config/fproxy.properties - subPath: fproxy.properties - - name: {{ include "common.fullname" . }}-fproxy-log-config - mountPath: /opt/app/fproxy/config/logback-spring.xml - subPath: logback-spring.xml - - name: {{ include "common.fullname" . }}-fproxy-auth-config - mountPath: /opt/app/fproxy/config/auth/tomcat_keystore - subPath: tomcat_keystore - - name: {{ include "common.fullname" . }}-fproxy-auth-config - mountPath: /opt/app/fproxy/config/auth/client-cert.p12 - subPath: client-cert.p12 - ports: - - containerPort: {{ .Values.global.fproxy.port }} - {{ end }} - volumes: - name: localtime hostPath: @@ -226,32 +140,6 @@ spec: emptyDir: {} - name: aai-filebeat emptyDir: {} - {{ if .Values.global.installSidecarSecurity }} - - name: {{ include "common.fullname" . }}-rproxy-config - configMap: - name: {{ include "common.fullname" . }}-rproxy-config - - name: {{ include "common.fullname" . }}-rproxy-log-config - configMap: - name: {{ include "common.fullname" . }}-rproxy-log-config - - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - configMap: - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - - name: {{ include "common.fullname" . }}-rproxy-auth-config - secret: - secretName: {{ include "common.fullname" . }}-rproxy-auth-config - - name: {{ include "common.fullname" . }}-rproxy-security-config - secret: - secretName: {{ include "common.fullname" . }}-rproxy-security-config - - name: {{ include "common.fullname" . }}-fproxy-config - configMap: - name: {{ include "common.fullname" . }}-fproxy-config - - name: {{ include "common.fullname" . }}-fproxy-log-config - configMap: - name: {{ include "common.fullname" . }}-fproxy-log-config - - name: {{ include "common.fullname" . }}-fproxy-auth-config - secret: - secretName: {{ include "common.fullname" . }}-fproxy-auth-config - {{ end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/components/aai-babel/templates/secrets.yaml b/kubernetes/aai/components/aai-babel/templates/secrets.yaml index 630ce83b31..b81ffa05b9 100644 --- a/kubernetes/aai/components/aai-babel/templates/secrets.yaml +++ b/kubernetes/aai/components/aai-babel/templates/secrets.yaml @@ -1,6 +1,7 @@ {{/* # Copyright © 2018 Amdocs, AT&T # Modifications Copyright © 2018 Bell Canada +# Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -43,48 +44,3 @@ type: Opaque data: KEY_STORE_PASSWORD: {{ .Values.config.keyStorePassword | b64enc | quote }} KEY_MANAGER_PASSWORD: {{ .Values.config.keyManagerPassword | b64enc | quote }} - -{{ if .Values.global.installSidecarSecurity }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-fproxy-auth-config - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-rproxy-auth-config - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-rproxy-security-config - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }} -{{ end }}
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/templates/service.yaml b/kubernetes/aai/components/aai-babel/templates/service.yaml index fb7295581c..db54ce14f2 100644 --- a/kubernetes/aai/components/aai-babel/templates/service.yaml +++ b/kubernetes/aai/components/aai-babel/templates/service.yaml @@ -1,6 +1,7 @@ {{/* # Copyright © 2018 Amdocs, AT&T # Modifications Copyright © 2018 Bell Canada +# Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -28,27 +29,16 @@ metadata: spec: type: {{ .Values.service.type }} ports: - {{ if .Values.global.installSidecarSecurity }} - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.global.rproxy.port }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.global.rproxy.port }} - name: {{ .Values.service.portName }} - {{- end}} - {{ else }} - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} - {{ end }} + {{- if eq .Values.service.type "NodePort" }} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else }} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end }} + selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} diff --git a/kubernetes/aai/components/aai-babel/values.yaml b/kubernetes/aai/components/aai-babel/values.yaml index f0a5ec2b78..db1a2eb86b 100644 --- a/kubernetes/aai/components/aai-babel/values.yaml +++ b/kubernetes/aai/components/aai-babel/values.yaml @@ -1,6 +1,6 @@ # Copyright © 2018 Amdocs, AT&T # Modifications Copyright © 2018 Bell Canada -# Modifications Copyright © 2020 Orange +# Modifications Copyright © 2020, 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,8 +17,7 @@ ################################################################# # Global configuration defaults. ################################################################# -global: - installSidecarSecurity: false +global: {} ################################################################# # Application configuration defaults. diff --git a/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties b/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties index 0aee21778c..4f480cb5d7 100644 --- a/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties +++ b/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties @@ -3,7 +3,7 @@ spring.autoconfigure.exclude=\ org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,\ org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration - +multi.tenancy.enabled=true keycloak.auth-server-url=http://{{ .Values.config.keycloak.host }}:{{ .Values.config.keycloak.port }}/auth keycloak.realm=aai-resources keycloak.resource=aai-resources-app diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/client-cert.p12 b/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/client-cert.p12 Binary files differdeleted file mode 100644 index d9fe86e4ec..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/client-cert.p12 +++ /dev/null diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/fproxy_truststore b/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/fproxy_truststore Binary files differdeleted file mode 100644 index f6ebc75ed8..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/fproxy_truststore +++ /dev/null diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/tomcat_keystore Binary files differdeleted file mode 100644 index 9eec841aa2..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/tomcat_keystore +++ /dev/null diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/fproxy.properties b/kubernetes/aai/components/aai-resources/resources/fproxy/config/fproxy.properties deleted file mode 100644 index f512fb71a6..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/fproxy/config/fproxy.properties +++ /dev/null @@ -1,2 +0,0 @@ -credential.cache.timeout.ms=180000 -transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-resources/resources/fproxy/config/logback-spring.xml deleted file mode 100644 index 9a08348b0d..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/fproxy/config/logback-spring.xml +++ /dev/null @@ -1,45 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<configuration> - - <property name="LOGS" value="./logs/AAF-FPS" /> - <property name="FILEPREFIX" value="application" /> - - <appender name="Console" - class="ch.qos.logback.core.ConsoleAppender"> - <layout class="ch.qos.logback.classic.PatternLayout"> - <Pattern> - %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable - </Pattern> - </layout> - </appender> - - <appender name="RollingFile" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${LOGS}/${FILEPREFIX}.log</file> - <encoder - class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> - <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> - </encoder> - - <rollingPolicy - class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <!-- rollover daily and when the file reaches 10 MegaBytes --> - <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log - </fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy - class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>10MB</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - </rollingPolicy> - </appender> - - <!-- LOG everything at INFO level --> - <root level="info"> - <appender-ref ref="RollingFile" /> - <appender-ref ref="Console" /> - </root> - - <!-- LOG "com.baeldung*" at TRACE level --> - <logger name="org.onap.aaf.fproxy" level="info" /> - -</configuration>
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/readme.txt b/kubernetes/aai/components/aai-resources/resources/fproxy/config/readme.txt deleted file mode 100644 index 79cf29e73c..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/fproxy/config/readme.txt +++ /dev/null @@ -1 +0,0 @@ -Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/client-cert.p12 b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/client-cert.p12 Binary files differdeleted file mode 100644 index 071d407de5..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/client-cert.p12 +++ /dev/null diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12 b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12 Binary files differdeleted file mode 100644 index 023e2eaac6..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12 +++ /dev/null diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/tomcat_keystore Binary files differdeleted file mode 100644 index 6ad5f51ad3..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/tomcat_keystore +++ /dev/null diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/uri-authorization.json deleted file mode 100644 index e23c03d833..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/uri-authorization.json +++ /dev/null @@ -1,99 +0,0 @@ -[ - { - "uri": "\/not\/allowed\/at\/all$", - "permissions": [ - "test.auth.access.ifYouLikedItYouShouldHavePutAPermissionOnIt" - ] - }, - { - "uri": "\/one\/auth\/required$", - "permissions": [ - "test.auth.access.aSimpleSingleAuth" - ] - }, - { - "uri": "\/multi\/auth\/required$", - "permissions": [ - "test.auth.access.aMultipleAuth1", - "test.auth.access.aMultipleAuth2", - "test.auth.access.aMultipleAuth3" - ] - }, - { - "uri": "\/one\/[^\/]+\/required$", - "permissions": [ - "test.auth.access.aSimpleSingleAuth" - ] - }, - { - "uri": "\/services\/getAAFRequest$", - "permissions": [ - "test.auth.access|services|GET,PUT" - ] - }, - { - "uri": "\/admin\/getAAFRequest$", - "permissions": [ - "test.auth.access|admin|GET,PUT,POST" - ] - }, - { - "uri": "\/service\/aai\/webapp\/index.html$", - "permissions": [ - "test.auth.access|services|GET,PUT" - ] - }, - { - "uri": "\/services\/aai\/webapp\/index.html$", - "permissions": [ - "test.auth.access|services|GET,PUT" - ] - }, - { - "uri": "\/$", - "permissions": [ - "\\|services\\|GET", - "test\\.auth\\.access\\|services\\|GET,PUT" - ] - }, - { - "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions$", - "permissions": [ - "test\\.auth\\.access\\|rest\\|read" - ] - }, - { - "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*", - "permissions": [ - "test.auth.access|clouds|read", - "test.auth.access|tenants|read" - ] - }, - { - "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$", - "permissions": [ - "test.auth.access|clouds|read", - "test.auth.access|tenants|read", - "test.auth.access|vservers|read" - ] - }, - { - "uri": "\/backend$", - "permissions": [ - "test\\.auth\\.access\\|services\\|GET,PUT", - "\\|services\\|GET" - ] - }, - { - "uri": "\/aai\/.*", - "permissions": [ - "org\\.onap\\.aai\\.resources\\|\\*\\|.*" - ] - }, - { - "uri": "\/aai\/util\/echo", - "permissions": [ - "org\\.onap\\.aai\\.resources\\|\\*\\|.*" - ] - } -] diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/cadi.properties b/kubernetes/aai/components/aai-resources/resources/rproxy/config/cadi.properties deleted file mode 100644 index fb3d1ccd3e..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/cadi.properties +++ /dev/null @@ -1,41 +0,0 @@ -{{/* -# This is a normal Java Properties File -# Comments are with Pound Signs at beginning of lines, -# and multi-line expression of properties can be obtained by backslash at end of line - -#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below -#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name -#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com -#to your hosts file on your machine. -#hostname=test.aic.cip.att.com -*/}} - -cadi_loglevel=DEBUG - -# OAuth2 -aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token -aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect - -cadi_latitude=37.78187 -cadi_longitude=-122.26147 - -# Locate URL (which AAF Env) -aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095 - -# AAF URL -aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1 - -cadi_keyfile=/opt/app/rproxy/config/security/keyfile -cadi_keystore=/opt/app/rproxy/config/auth/org.onap.aai.p12 -cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV -cadi_alias=aai@aai.onap.org -cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore -cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 - -aaf_env=DEV - -aaf_id=demo@people.osaaf.org -aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz - -# This is a colon separated list of client cert issuers -cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/forward-proxy.properties b/kubernetes/aai/components/aai-resources/resources/rproxy/config/forward-proxy.properties deleted file mode 100644 index 1b58d4235c..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/forward-proxy.properties +++ /dev/null @@ -1,4 +0,0 @@ -forward-proxy.protocol = https -forward-proxy.host = localhost -forward-proxy.port = 10680 -forward-proxy.cacheurl = /credential-cache
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-resources/resources/rproxy/config/logback-spring.xml deleted file mode 100644 index 799fd8689b..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/logback-spring.xml +++ /dev/null @@ -1,45 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<configuration> - - <property name="LOGS" value="./logs/reverse-proxy" /> - <property name="FILEPREFIX" value="application" /> - - <appender name="Console" - class="ch.qos.logback.core.ConsoleAppender"> - <layout class="ch.qos.logback.classic.PatternLayout"> - <Pattern> - %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable - </Pattern> - </layout> - </appender> - - <appender name="RollingFile" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${LOGS}/${FILEPREFIX}.log</file> - <encoder - class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> - <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> - </encoder> - - <rollingPolicy - class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <!-- rollover daily and when the file reaches 10 MegaBytes --> - <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log - </fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy - class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>10MB</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - </rollingPolicy> - </appender> - - <!-- LOG everything at INFO level --> - <root level="info"> - <appender-ref ref="RollingFile" /> - <appender-ref ref="Console" /> - </root> - - <!-- LOG "com.baeldung*" at TRACE level --> - <logger name="org.onap.aaf.rproxy" level="info" /> - -</configuration> diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/primary-service.properties b/kubernetes/aai/components/aai-resources/resources/rproxy/config/primary-service.properties deleted file mode 100644 index 2c89d28180..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/primary-service.properties +++ /dev/null @@ -1,3 +0,0 @@ -primary-service.protocol = https -primary-service.host = localhost -primary-service.port = 8447 diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/readme.txt b/kubernetes/aai/components/aai-resources/resources/rproxy/config/readme.txt deleted file mode 100644 index 79cf29e73c..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/readme.txt +++ /dev/null @@ -1 +0,0 @@ -Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/reverse-proxy.properties b/kubernetes/aai/components/aai-resources/resources/rproxy/config/reverse-proxy.properties deleted file mode 100644 index 8d46e1f429..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/reverse-proxy.properties +++ /dev/null @@ -1 +0,0 @@ -transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/security/keyfile b/kubernetes/aai/components/aai-resources/resources/rproxy/config/security/keyfile deleted file mode 100644 index 3416d4a737..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/rproxy/config/security/keyfile +++ /dev/null @@ -1,27 +0,0 @@ -2otP92kNFHdexroZxvgYY7ffslFiwCD3CiVYMIfUF2edqZK7972NwkvE_mbaBo6jh8lByLIqrWAf -jyzoiVsvQ_kCa0cS1xaRLpcxv3bx1b7o3hGPBqpd6vmSG4y2JLzNlCBZWuTJz827wr8p_fWrYuUm -4L1WoaEe8W5PRnXjl4hDqbJBAlEoRIBXugUDt_7O5wgx2Rl3HVoOczZtf0RzONZ1F0BmKf3QlAUe -moSbARitYRgIPt5sLbT7qPyoEpGDhQ1XBowR744-wsjBc-14yO62Ajp5xWKTp15uWn3_HHuw1SAf -GWSBRGlSlEVkXQqi9Hw5jDttKVzHX1ckwR0SQOirbtHPHplxPX3WKjKhSdSeMzw6LOAHIQYRMKBT -74oGnULAfPtV7TaGwOKriT3P49CoPdt9On89-LGyCZSxDWKH0K-rgB6I2_hPT2Uzr3jmXiMa-sfh -iMvyQ7ABBVx0OFsUuNb5mcU2O6dWiQreL5RerrloV_X3ZtnNjxENXKjQ5KBR1A5ISPjFFK-kf4Rb -p6FSII8LcsiqgdWuZ4GX_C6x8HX4A-vD0x3Uc9CfoXY-k23cNIy-R-W-oB-P2OgdWDNgZ7VaOLNt -3L-NwWpNblfYvs93cNmkbVAwCZ3r0OP7RFeuON84TRaynK_Fh2S3rypRyJcUmM1pvpZqJ5_-umSW -hUs1OqkdLv3xjlVzzK-3nMr0q3Zcyp4XdyLYtcX5I3Xqk9ZcsyAT7ghmHhV8KjUjue7OcfAWg0m7 -RJLGq6VC8HeK4HEMa4lF677Qh7DRufghIDEmQSIDfGA790WGSA8HqcOvAL4hURCHyCWiPa5i8ksX -xX4HyqF8PCVCLJ_ZhzcuIlc0jStAexWbJU_vcyX7XgUaHCkF-M-zv1FP6Z3DHBMD2QqSWjmyNCCk -8sIuwzs62P_j2o9jG33kssedCrUWOwZancU107-5H0Zw-UWvtCqUfmRZ7TsEbWY7lk_SKfLfAN5q -ncOQgU_VxDXUFDST4LN_WVECRafK3UtwWomxWSji25Lbf6NVni3ok-yLMDZR-wrE-54jLPES9j0i -5N0xrk9CfsvGUpUZ1_XQcgaxI6m27DtCCJXb5ywenPBiUIJCMCTq88CqNZxGpju2i4BJcUH2hUHe -GKhO8pgslwhtEVot9EDwdzSrJkWFCfb6ud4zMxrqdi7-mLWMOydg6lhpEFEX5wu2BLIujGsZlEGE -_K9jGfBypjXuJCKDZIuPfEnf_7idjKis_JcFB7x4Hx2HHDcBjlWWFZN_VIEnPkQSyZEC26RTFP3k -zkY3GwUfA36a4XW2pu3gE9wz-W6fkONfzOZ6YiyCm_dRFUVuGSdJG02Hh5iXYlMOGJltPzWH2jVf -S-QTOmXQTKSOheXoJO6O-9uQbsRf-kq-6w1pvIOp4ms35w4_0Xj0Xr2a9y-L9PdBZvrUsa-jxsZU -LyA-YY4Ej6QwDBDTD2MGjF1E5_ekYgjoNlltM9rJjofruM4ym0n7LPHC7YXXQSEFOZYeTKi6wUDw -hQ1DoWHgu4PQ2lexada8sxQdConbPe2iW16h-PrO5D12E4XbT00fqaMlBmjQwzdNRdCC2NRPIQ5W -nwaO8dZ9yjxsjT7ZVHb9-DRblb3XDocponzxVXqUGtJAie4WXQnerX0ApTWGaHEr5y56JJVS_3LP -bKrbXBXcs4jTUX4ECXRrOs8JQDQNysXhvTPCu0XUxNZpjx6KLxDs93k2OcESHjl5J6n6OKKJqqoN -JEyFO5LGXpnmUJbn0-CaHHPRI1mHwEu4brY8wDZd9A0PD1KGXDoCHMfEk1lGblQdyOcVrXZ6uSBk -Z6zHDnwSCHO1mPYqtelJQehZoFuPSv9PIgKLxs_qJOtZFnXII5YO1mGXgiIBWBjUFDR5HG4ENS6y -J4MCF-JLMp-PVMAkOaCIQRRDpRnMm_fT1sc_P562Diu_pcdt-r55pMFQYGoGfjRmxQBKk0-SsdnP -mlZIiis9DfQEN0q3QQdNRYBJD7tmhUwhAPZdLgXqJA8sZf8UyFQhhpsky79NT343YL9smUlF
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/templates/configmap.yaml b/kubernetes/aai/components/aai-resources/templates/configmap.yaml index 2927031eb5..f173916104 100644 --- a/kubernetes/aai/components/aai-resources/templates/configmap.yaml +++ b/kubernetes/aai/components/aai-resources/templates/configmap.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T +# Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -49,113 +50,3 @@ data: {{ tpl (.Files.Glob "resources/config/aaf/permissions.properties").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.props").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/aaf/cadi.properties").AsConfig . | indent 2 }} - ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-aaf-keys - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.keyfile").AsSecrets . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.p12").AsSecrets . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }} - -{{ if .Values.global.installSidecarSecurity }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-aai-policy-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/auth/aai_policy.json").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-fproxy-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-fproxy-log-config - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-fproxy-auth-config - namespace: {{ include "common.namespace" . }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-rproxy-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-rproxy-log-config - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-rproxy-auth-config - namespace: {{ include "common.namespace" . }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-rproxy-security-config - namespace: {{ include "common.namespace" . }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }} -{{ end }} diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml index 765ccdf5bb..6fbbf1c089 100644 --- a/kubernetes/aai/components/aai-resources/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml @@ -72,13 +72,6 @@ spec: {{- end }} spec: hostname: aai-resources - {{- if .Values.global.initContainers.enabled }} - {{- if .Values.global.installSidecarSecurity }} - hostAliases: - - ip: {{ .Values.global.aaf.serverIp }} - hostnames: - - {{ .Values.global.aaf.serverHostname }} - {{- end }} initContainers: - command: {{- if .Values.global.jobs.migration.enabled }} @@ -86,23 +79,24 @@ spec: args: - --job-name - {{ include "common.release" . }}-aai-graphadmin-migration - {{- else if .Values.global.jobs.createSchema.enabled }} + {{- else }} + {{- if .Values.global.jobs.createSchema.enabled }} - /app/ready.py args: - --job-name - {{ include "common.release" . }}-aai-graphadmin-create-db-schema - {{- else }} + {{- else }} - /app/ready.py args: - --container-name - {{- if .Values.global.cassandra.localCluster }} + {{- if .Values.global.cassandra.localCluster }} - aai-cassandra - {{- else }} + {{- else }} - cassandra - {{- end }} + {{- end }} - --container-name - aai-schema-service - {{- end }} + {{- end }} env: - name: NAMESPACE valueFrom: @@ -112,14 +106,7 @@ spec: image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness - {{- if .Values.global.installSidecarSecurity }} - - name: {{ .Values.global.tproxyConfig.name }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tproxyConfig.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - securityContext: - privileged: true {{- end }} - {{- end }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} @@ -155,11 +142,6 @@ spec: - mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties name: {{ include "common.fullname" . }}-config subPath: realm.properties - {{- if .Values.global.installSidecarSecurity }} - - mountPath: /opt/app/aai-resources/resources/etc/auth/aai_policy.json - name: {{ include "common.fullname" . }}-aai-policy - subPath: aai_policy.json - {{- end }} - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.keyfile name: {{ include "common.fullname" . }}-aaf-certs subPath: org.onap.aai.keyfile @@ -233,84 +215,6 @@ spec: - mountPath: /usr/share/filebeat/data name: {{ include "common.fullname" . }}-filebeat resources: {{ include "common.resources" . | nindent 12 }} - {{- if .Values.global.installSidecarSecurity }} - - name: {{ .Values.global.rproxy.name }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.rproxy.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: CONFIG_HOME - value: "/opt/app/rproxy/config" - - name: KEY_STORE_PASSWORD - value: {{ .Values.sidecar.keyStorePassword }} - - name: spring_profiles_active - value: {{ .Values.global.rproxy.activeSpringProfiles }} - volumeMounts: - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/forward-proxy.properties - subPath: forward-proxy.properties - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/primary-service.properties - subPath: primary-service.properties - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/reverse-proxy.properties - subPath: reverse-proxy.properties - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/cadi.properties - subPath: cadi.properties - - name: {{ include "common.fullname" . }}-rproxy-log-config - mountPath: /opt/app/rproxy/config/logback-spring.xml - subPath: logback-spring.xml - - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - mountPath: /opt/app/rproxy/config/auth/uri-authorization.json - subPath: uri-authorization.json - - name: {{ include "common.fullname" . }}-rproxy-auth-config - mountPath: /opt/app/rproxy/config/auth/tomcat_keystore - subPath: tomcat_keystore - - name: {{ include "common.fullname" . }}-rproxy-auth-config - mountPath: /opt/app/rproxy/config/auth/client-cert.p12 - subPath: client-cert.p12 - - name: {{ include "common.fullname" . }}-rproxy-auth-config - mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks - subPath: aaf_truststore.jks - - name: {{ include "common.fullname" . }}-rproxy-security-config - mountPath: /opt/app/rproxy/config/security/keyfile - subPath: keyfile - - name: {{ include "common.fullname" . }}-rproxy-auth-config - mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12 - subPath: org.onap.aai.p12 - ports: - - containerPort: {{ .Values.global.rproxy.port }} - - name: {{ .Values.global.fproxy.name }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.fproxy.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: CONFIG_HOME - value: "/opt/app/fproxy/config" - - name: KEY_STORE_PASSWORD - value: {{ .Values.sidecar.keyStorePassword }} - - name: TRUST_STORE_PASSWORD - value: {{ .Values.sidecar.trustStorePassword }} - - name: spring_profiles_active - value: {{ .Values.global.fproxy.activeSpringProfiles }} - volumeMounts: - - name: {{ include "common.fullname" . }}-fproxy-config - mountPath: /opt/app/fproxy/config/fproxy.properties - subPath: fproxy.properties - - name: {{ include "common.fullname" . }}-fproxy-log-config - mountPath: /opt/app/fproxy/config/logback-spring.xml - subPath: logback-spring.xml - - name: {{ include "common.fullname" . }}-fproxy-auth-config - mountPath: /opt/app/fproxy/config/auth/fproxy_truststore - subPath: fproxy_truststore - - name: {{ include "common.fullname" . }}-fproxy-auth-config - mountPath: /opt/app/fproxy/config/auth/tomcat_keystore - subPath: tomcat_keystore - - name: {{ include "common.fullname" . }}-fproxy-auth-config - mountPath: /opt/app/fproxy/config/auth/client-cert.p12 - subPath: client-cert.p12 - ports: - - containerPort: {{ .Values.global.fproxy.port }} - {{- end }} volumes: - name: aai-common-aai-auth-mount secret: @@ -342,35 +246,6 @@ spec: - key: {{ . }} path: {{ . }} {{- end }} - {{- if .Values.global.installSidecarSecurity }} - - name: {{ include "common.fullname" . }}-aai-policy - configMap: - name: {{ include "common.fullname" . }}-aai-policy-configmap - - name: {{ include "common.fullname" . }}-rproxy-config - configMap: - name: {{ include "common.fullname" . }}-rproxy-config - - name: {{ include "common.fullname" . }}-rproxy-log-config - configMap: - name: {{ include "common.fullname" . }}-rproxy-log-config - - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - configMap: - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - - name: {{ include "common.fullname" . }}-rproxy-auth-config - secret: - secretName: {{ include "common.fullname" . }}-rproxy-auth-config - - name: {{ include "common.fullname" . }}-rproxy-security-config - secret: - secretName: {{ include "common.fullname" . }}-rproxy-security-config - - name: {{ include "common.fullname" . }}-fproxy-config - configMap: - name: {{ include "common.fullname" . }}-fproxy-config - - name: {{ include "common.fullname" . }}-fproxy-log-config - configMap: - name: {{ include "common.fullname" . }}-fproxy-log-config - - name: {{ include "common.fullname" . }}-fproxy-auth-config - secret: - secretName: {{ include "common.fullname" . }}-fproxy-auth-config - {{- end }} restartPolicy: {{ .Values.restartPolicy }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/components/aai-resources/templates/secret.yaml b/kubernetes/aai/components/aai-resources/templates/secret.yaml new file mode 100644 index 0000000000..d24149086e --- /dev/null +++ b/kubernetes/aai/components/aai-resources/templates/secret.yaml @@ -0,0 +1,31 @@ +{{/* +# Copyright © 2021 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-aaf-keys + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.keyfile").AsSecrets . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.p12").AsSecrets . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/templates/service.yaml b/kubernetes/aai/components/aai-resources/templates/service.yaml index 66dfd493dd..460e0d5b93 100644 --- a/kubernetes/aai/components/aai-resources/templates/service.yaml +++ b/kubernetes/aai/components/aai-resources/templates/service.yaml @@ -27,7 +27,7 @@ metadata: spec: type: {{ .Values.service.type }} ports: - {{if eq .Values.service.type "NodePort" -}} + {{ if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} name: {{ .Values.service.portName }} @@ -39,7 +39,7 @@ spec: name: {{ .Values.service.portName }} - port: {{ .Values.service.internalPort2 }} name: {{ .Values.service.portName2 }} - {{- end}} + {{- end }} selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml index 620b4d70f9..5210a249d2 100644 --- a/kubernetes/aai/components/aai-resources/values.yaml +++ b/kubernetes/aai/components/aai-resources/values.yaml @@ -24,9 +24,6 @@ global: # global defaults #Override it to aai-cassandra if localCluster is enabled. serviceName: cassandra - rproxy: - name: reverse-proxy - initContainers: enabled: true diff --git a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/fproxy.properties b/kubernetes/aai/components/aai-search-data/resources/fproxy/config/fproxy.properties deleted file mode 100644 index f512fb71a6..0000000000 --- a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/fproxy.properties +++ /dev/null @@ -1,2 +0,0 @@ -credential.cache.timeout.ms=180000 -transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-search-data/resources/fproxy/config/logback-spring.xml deleted file mode 100644 index edac199968..0000000000 --- a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/logback-spring.xml +++ /dev/null @@ -1,48 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<configuration> - - <property name="LOGS" value="./logs/AAF-FPS" /> - <property name="FILEPREFIX" value="application" /> - - <appender name="Console" - class="ch.qos.logback.core.ConsoleAppender"> - <layout class="ch.qos.logback.classic.PatternLayout"> - <Pattern> - %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable - </Pattern> - </layout> - </appender> - - <appender name="RollingFile" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${LOGS}/${FILEPREFIX}.log</file> - <encoder - class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> - <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> - </encoder> - - <rollingPolicy - class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <!-- rollover daily and when the file reaches 10 MegaBytes --> - <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log - </fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy - class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>10MB</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - </rollingPolicy> - </appender> - - <!-- LOG everything at INFO level --> - <root level="debug"> - <appender-ref ref="RollingFile" /> - <appender-ref ref="Console" /> - </root> - - <!-- LOG "com.baeldung*" at TRACE level --> - <logger name="org.onap.aaf.fproxy" level="trace" additivity="false"> - <appender-ref ref="RollingFile" /> - <appender-ref ref="Console" /> - </logger> - -</configuration> diff --git a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/readme.txt b/kubernetes/aai/components/aai-search-data/resources/fproxy/config/readme.txt deleted file mode 100644 index 79cf29e73c..0000000000 --- a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/readme.txt +++ /dev/null @@ -1 +0,0 @@ -Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/auth/uri-authorization.json deleted file mode 100644 index 595d484c37..0000000000 --- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/auth/uri-authorization.json +++ /dev/null @@ -1,11 +0,0 @@ -[ - { - "uri": "\/services\/search-data-service\/.*", - "method": "GET|PUT|POST|DELETE", - "permissions": [ - "org\\.onap\\.aai\\.resources\\|\\*\\|.*" - ] - } - - -] diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/cadi.properties b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/cadi.properties deleted file mode 100644 index fb3d1ccd3e..0000000000 --- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/cadi.properties +++ /dev/null @@ -1,41 +0,0 @@ -{{/* -# This is a normal Java Properties File -# Comments are with Pound Signs at beginning of lines, -# and multi-line expression of properties can be obtained by backslash at end of line - -#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below -#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name -#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com -#to your hosts file on your machine. -#hostname=test.aic.cip.att.com -*/}} - -cadi_loglevel=DEBUG - -# OAuth2 -aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token -aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect - -cadi_latitude=37.78187 -cadi_longitude=-122.26147 - -# Locate URL (which AAF Env) -aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095 - -# AAF URL -aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1 - -cadi_keyfile=/opt/app/rproxy/config/security/keyfile -cadi_keystore=/opt/app/rproxy/config/auth/org.onap.aai.p12 -cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV -cadi_alias=aai@aai.onap.org -cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore -cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 - -aaf_env=DEV - -aaf_id=demo@people.osaaf.org -aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz - -# This is a colon separated list of client cert issuers -cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/forward-proxy.properties b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/forward-proxy.properties deleted file mode 100644 index 55a9b4816f..0000000000 --- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/forward-proxy.properties +++ /dev/null @@ -1,4 +0,0 @@ -forward-proxy.protocol = https -forward-proxy.host = localhost -forward-proxy.port = 10680 -forward-proxy.cacheurl = /credential-cache diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/logback-spring.xml deleted file mode 100644 index 289fe7512c..0000000000 --- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/logback-spring.xml +++ /dev/null @@ -1,48 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<configuration> - - <property name="LOGS" value="./logs/reverse-proxy" /> - <property name="FILEPREFIX" value="application" /> - - <appender name="Console" - class="ch.qos.logback.core.ConsoleAppender"> - <layout class="ch.qos.logback.classic.PatternLayout"> - <Pattern> - %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable - </Pattern> - </layout> - </appender> - - <appender name="RollingFile" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${LOGS}/${FILEPREFIX}.log</file> - <encoder - class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> - <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> - </encoder> - - <rollingPolicy - class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <!-- rollover daily and when the file reaches 10 MegaBytes --> - <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log - </fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy - class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>10MB</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - </rollingPolicy> - </appender> - - <!-- LOG everything at INFO level --> - <root level="debug"> - <appender-ref ref="RollingFile" /> - <appender-ref ref="Console" /> - </root> - - <!-- LOG "com.baeldung*" at TRACE level --> - <logger name="org.onap.aaf.rproxy" level="trace" additivity="false"> - <appender-ref ref="RollingFile" /> - <appender-ref ref="Console" /> - </logger> - -</configuration> diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/primary-service.properties b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/primary-service.properties deleted file mode 100644 index 5fddcb240a..0000000000 --- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/primary-service.properties +++ /dev/null @@ -1,3 +0,0 @@ -primary-service.protocol = https -primary-service.host = localhost -primary-service.port = 9509 diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/readme.txt b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/readme.txt deleted file mode 100644 index 79cf29e73c..0000000000 --- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/readme.txt +++ /dev/null @@ -1 +0,0 @@ -Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/reverse-proxy.properties b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/reverse-proxy.properties deleted file mode 100644 index 8d46e1f429..0000000000 --- a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/reverse-proxy.properties +++ /dev/null @@ -1 +0,0 @@ -transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-search-data/templates/configmap.yaml b/kubernetes/aai/components/aai-search-data/templates/configmap.yaml index 28cf730930..0d76239ef9 100644 --- a/kubernetes/aai/components/aai-search-data/templates/configmap.yaml +++ b/kubernetes/aai/components/aai-search-data/templates/configmap.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T +# Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -39,47 +40,3 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/log/logback.xml").AsConfig . | indent 2 }} - -{{ if .Values.global.installSidecarSecurity }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-fproxy-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-fproxy-log-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-rproxy-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-rproxy-log-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }} -{{ end }} - diff --git a/kubernetes/aai/components/aai-search-data/templates/deployment.yaml b/kubernetes/aai/components/aai-search-data/templates/deployment.yaml index eb4aefeeb3..eaa90870b0 100644 --- a/kubernetes/aai/components/aai-search-data/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-search-data/templates/deployment.yaml @@ -1,7 +1,7 @@ {{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T -# Modifications Copyright © 2020 Orange +# Modifications Copyright © 2020,2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -38,14 +38,6 @@ spec: release: {{ include "common.release" . }} name: {{ include "common.name" . }} spec: - {{ if .Values.global.installSidecarSecurity }} - initContainers: - - name: {{ .Values.global.tproxyConfig.name }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tproxyConfig.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - securityContext: - privileged: true - {{ end }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} @@ -126,85 +118,6 @@ spec: name: {{ include "common.fullname" . }}-service-logs - mountPath: /usr/share/filebeat/data name: {{ include "common.fullname" . }}-service-filebeat - - {{ if .Values.global.installSidecarSecurity }} - - name: {{ .Values.global.rproxy.name }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.rproxy.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: CONFIG_HOME - value: "/opt/app/rproxy/config" - - name: KEY_STORE_PASSWORD - value: {{ .Values.config.keyStorePassword }} - - name: spring_profiles_active - value: {{ .Values.global.rproxy.activeSpringProfiles }} - volumeMounts: - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/forward-proxy.properties - subPath: forward-proxy.properties - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/primary-service.properties - subPath: primary-service.properties - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/reverse-proxy.properties - subPath: reverse-proxy.properties - - name: {{ include "common.fullname" . }}-rproxy-config - mountPath: /opt/app/rproxy/config/cadi.properties - subPath: cadi.properties - - name: {{ include "common.fullname" . }}-rproxy-log-config - mountPath: /opt/app/rproxy/config/logback-spring.xml - subPath: logback-spring.xml - - name: {{ include "common.fullname" . }}-rproxy-auth-certs - mountPath: /opt/app/rproxy/config/auth/tomcat_keystore - subPath: tomcat_keystore - - name: {{ include "common.fullname" . }}-rproxy-auth-certs - mountPath: /opt/app/rproxy/config/auth/client-cert.p12 - subPath: client-cert.p12 - - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - mountPath: /opt/app/rproxy/config/auth/uri-authorization.json - subPath: uri-authorization.json - - name: {{ include "common.fullname" . }}-rproxy-auth-certs - mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12 - subPath: org.onap.aai.p12 - - name: {{ include "common.fullname" . }}-rproxy-security-config - mountPath: /opt/app/rproxy/config/security/keyfile - subPath: keyfile - - ports: - - containerPort: {{ .Values.global.rproxy.port }} - - - name: {{ .Values.global.fproxy.name }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.fproxy.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: CONFIG_HOME - value: "/opt/app/fproxy/config" - - name: KEY_STORE_PASSWORD - value: {{ .Values.config.keyStorePassword }} - - name: TRUST_STORE_PASSWORD - value: {{ .Values.config.trustStorePassword }} - - name: spring_profiles_active - value: {{ .Values.global.fproxy.activeSpringProfiles }} - volumeMounts: - - name: {{ include "common.fullname" . }}-fproxy-config - mountPath: /opt/app/fproxy/config/fproxy.properties - subPath: fproxy.properties - - name: {{ include "common.fullname" . }}-fproxy-log-config - mountPath: /opt/app/fproxy/config/logback-spring.xml - subPath: logback-spring.xml - - name: {{ include "common.fullname" . }}-fproxy-auth-certs - mountPath: /opt/app/fproxy/config/auth/fproxy_truststore - subPath: fproxy_truststore - - name: {{ include "common.fullname" . }}-fproxy-auth-certs - mountPath: /opt/app/fproxy/config/auth/tomcat_keystore - subPath: tomcat_keystore - - name: {{ include "common.fullname" . }}-fproxy-auth-certs - mountPath: /opt/app/fproxy/config/auth/client-cert.p12 - subPath: client-cert.p12 - ports: - - containerPort: {{ .Values.global.fproxy.port }} - {{ end }} - volumes: - name: localtime hostPath: @@ -228,35 +141,6 @@ spec: - name: {{ include "common.fullname" . }}-service-log-conf configMap: name: {{ include "common.fullname" . }}-service-log - {{ if .Values.global.installSidecarSecurity }} - - name: {{ include "common.fullname" . }}-rproxy-config - configMap: - name: {{ include "common.fullname" . }}-rproxy-config - - name: {{ include "common.fullname" . }}-rproxy-log-config - configMap: - name: {{ include "common.fullname" . }}-rproxy-log-config - - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - configMap: - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - - name: {{ include "common.fullname" . }}-rproxy-auth-config - secret: - secretName: {{ include "common.fullname" . }}-rproxy-auth-config - - name: {{ include "common.fullname" . }}-rproxy-auth-certs - secret: - secretName: aai-rproxy-auth-certs - - name: {{ include "common.fullname" . }}-rproxy-security-config - secret: - secretName: aai-rproxy-security-config - - name: {{ include "common.fullname" . }}-fproxy-config - configMap: - name: {{ include "common.fullname" . }}-fproxy-config - - name: {{ include "common.fullname" . }}-fproxy-log-config - configMap: - name: {{ include "common.fullname" . }}-fproxy-log-config - - name: {{ include "common.fullname" . }}-fproxy-auth-certs - secret: - secretName: aai-fproxy-auth-certs - {{ end }} restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/components/aai-search-data/templates/secret.yaml b/kubernetes/aai/components/aai-search-data/templates/secret.yaml index eacae25647..3135df6f07 100644 --- a/kubernetes/aai/components/aai-search-data/templates/secret.yaml +++ b/kubernetes/aai/components/aai-search-data/templates/secret.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T +# Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -40,16 +41,3 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/auth/search_policy.json").AsSecrets . | indent 2 }} - -{{ if .Values.global.installSidecarSecurity }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-rproxy-auth-config - namespace: {{ include "common.namespace" . }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }} -{{ end }} - diff --git a/kubernetes/aai/components/aai-search-data/templates/service.yaml b/kubernetes/aai/components/aai-search-data/templates/service.yaml index 940222cd3e..e031410737 100644 --- a/kubernetes/aai/components/aai-search-data/templates/service.yaml +++ b/kubernetes/aai/components/aai-search-data/templates/service.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T +# Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -27,28 +28,14 @@ metadata: spec: type: {{ .Values.service.type }} ports: -{{ if .Values.global.installSidecarSecurity }} - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - targetPort: {{ .Values.global.rproxy.port }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.global.rproxy.port }} - name: {{ .Values.service.portName }} - {{- end}} - {{ else }} - - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} -{{ end }} + {{- if eq .Values.service.type "NodePort" }} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else }} + - port: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end }} selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} diff --git a/kubernetes/aai/components/aai-search-data/values.yaml b/kubernetes/aai/components/aai-search-data/values.yaml index ae61dd761f..4bd535a475 100644 --- a/kubernetes/aai/components/aai-search-data/values.yaml +++ b/kubernetes/aai/components/aai-search-data/values.yaml @@ -55,7 +55,7 @@ readiness: service: type: ClusterIP portName: aai-search-data - internalPort: 9509 + internalPort: "9509" ingress: enabled: false diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application.properties index 929d4ea34d..1ae00d95c4 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application.properties @@ -24,7 +24,7 @@ spring.mvc.favicon.enabled=false # and in the values.yaml change the internalPort to 9517 # -spring.profiles.active=camel,ssl,fe-prod,oxm-schema-prod,oxm-default,resources,sync,portal +spring.profiles.active=camel,ssl,fe-prod,oxm-schema-prod,oxm-default,resources,portal,aai-proxy portal.cadiFileLocation={{.Values.config.cadiFileLocation}} portal.cadiFileLocation={{.Values.config.cadiFileLocation}} diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml index 92b8d7a025..dae42474f5 100644 --- a/kubernetes/aai/components/aai-sparky-be/values.yaml +++ b/kubernetes/aai/components/aai-sparky-be/values.yaml @@ -28,7 +28,7 @@ global: # global defaults serviceName: aai-search-data # application image -image: onap/sparky-be:1.6.2 +image: onap/sparky-be:2.0.0 pullPolicy: Always restartPolicy: Always flavor: small diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml index 08a1fb8b17..516dcc4d70 100644 --- a/kubernetes/aai/values.yaml +++ b/kubernetes/aai/values.yaml @@ -1,6 +1,7 @@ # Copyright (c) 2017 Amdocs, Bell Canada # Modifications Copyright (c) 2018 AT&T # Modifications Copyright (c) 2020 Nokia, Orange +# Modifications Copyright (c) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -30,30 +31,8 @@ global: # global defaults restartPolicy: Always - installSidecarSecurity: false aafEnabled: true - - fproxy: - name: forward-proxy - activeSpringProfiles: noHostVerification,cadi - image: onap/fproxy:2.1.13 - port: 10680 - - rproxy: - name: reverse-proxy - activeSpringProfiles: noHostVerification,cadi - image: onap/rproxy:2.1.13 - port: 10692 - - tproxyConfig: - name: init-tproxy-config - image: onap/tproxy-config:2.1.13 - - # AAF server details. Only needed if the AAF DNS does not resolve from the pod - aaf: - serverIp: 10.12.6.214 - serverHostname: aaf.osaaf.org - serverPort: 30247 + msbEnabled: true cassandra: #This will instantiate AAI cassandra cluster, default:shared cassandra. |