summaryrefslogtreecommitdiffstats
path: root/kubernetes/common
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/common')
-rw-r--r--kubernetes/common/elasticsearch/requirements.yaml3
-rw-r--r--kubernetes/common/elasticsearch/templates/configmap-aaf-add-config.yaml33
-rw-r--r--kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml7
-rw-r--r--kubernetes/common/elasticsearch/values.yaml43
-rw-r--r--kubernetes/common/postgres/templates/_deployment.tpl15
5 files changed, 37 insertions, 64 deletions
diff --git a/kubernetes/common/elasticsearch/requirements.yaml b/kubernetes/common/elasticsearch/requirements.yaml
index 8a02fef7b7..5900f412a1 100644
--- a/kubernetes/common/elasticsearch/requirements.yaml
+++ b/kubernetes/common/elasticsearch/requirements.yaml
@@ -27,3 +27,6 @@ dependencies:
version: ~6.x-0
repository: 'file://components/curator'
condition: elasticsearch.curator.enabled,curator.enabled
+ - name: certInitializer
+ version: ~6.x-0
+ repository: 'file://../certInitializer'
diff --git a/kubernetes/common/elasticsearch/templates/configmap-aaf-add-config.yaml b/kubernetes/common/elasticsearch/templates/configmap-aaf-add-config.yaml
deleted file mode 100644
index b4e0044891..0000000000
--- a/kubernetes/common/elasticsearch/templates/configmap-aaf-add-config.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-
-{{ if .Values.global.aafEnabled }}
-{{/*
-# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{- if .Values.aafConfig.addconfig -}}
-apiVersion: v1
-kind: ConfigMap
-{{ $suffix := "aaf-add-config" -}}
-metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
-data:
- aaf-add-config.sh: |-
- cd /opt/app/osaaf/local
- mkdir -p certs
- export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0)
- keytool -exportcert -rfc -file certs/cacert.pem -keystore {{ .Values.aafConfig.fqi_namespace }}.trust.jks -alias ca_local_0 -storepass $cadi_truststore_password
- openssl pkcs12 -in {{ .Values.aafConfig.fqi_namespace }}.p12 -out certs/cert.pem -passin pass:$cadi_keystore_password_p12 -passout pass:$cadi_keystore_password_p12
- cp {{ .Values.aafConfig.fqi_namespace }}.key certs/key.pem
- chmod -R 755 certs
-{{- end -}}
-{{- end -}}
diff --git a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml
index 65a7f462e1..1ab5b59855 100644
--- a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml
+++ b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml
@@ -61,7 +61,7 @@ spec:
securityContext:
privileged: true
{{- end }}
- {{ include "common.aaf-config" . | nindent 8}}
+ {{ include "common.certInitializer.initContainer" . | nindent 8 }}
containers:
- name: {{ include "common.name" . }}-nginx
@@ -82,7 +82,7 @@ spec:
- name: nginx-server-block
mountPath: /opt/bitnami/nginx/conf/server_blocks
{{- end }}
- {{- include "common.aaf-config-volume-mountpath" . | nindent 10 }}
+ {{- include "common.certInitializer.volumeMount" . | nindent 10 }}
- name: {{ include "common.name" . }}-elasticsearch
image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
@@ -163,5 +163,4 @@ spec:
configMap:
name: {{ include "common.fullname" . }}-nginx-server-block
{{- end }}
- {{- include "common.aaf-config-volumes" . | nindent 8}}
-
+ {{ include "common.certInitializer.volumes" . | nindent 8 }}
diff --git a/kubernetes/common/elasticsearch/values.yaml b/kubernetes/common/elasticsearch/values.yaml
index 3627b2ea97..b1289431a5 100644
--- a/kubernetes/common/elasticsearch/values.yaml
+++ b/kubernetes/common/elasticsearch/values.yaml
@@ -17,7 +17,6 @@
#################################################################
global:
aafEnabled: true
- aafAgentImage: onap/aaf/aaf_agent:2.1.15
nodePortPrefix: 302
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.2
@@ -275,34 +274,32 @@ service:
# loadBalancerIP:
## Provide functionality to use RBAC
##
+
#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: &aaf_secret_uid elasticsearch-aaf-deploy-creds
- type: basicAuth
- externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}'
- login: '{{ .Values.aafConfig.aafDeployFqi }}'
- password: '{{ .Values.aafConfig.aafDeployPass }}'
- passwordPolicy: required
-#################################################################
-# aaf configuration defaults.
+# Certificate configuration
#################################################################
-aafConfig:
- addconfig: true
+certInitializer:
+ nameOverride: elasticsearch-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
fqdn: "elastic"
- image: onap/aaf/aaf_agent:2.1.15
app_ns: "org.osaaf.aaf"
- fqi_namespace: org.onap.elastic
+ fqi_namespace: "org.onap.elastic"
fqi: "elastic@elastic.onap.org"
public_fqdn: "aaf.osaaf.org"
- deploy_fqi: "deployer@people.osaaf.org"
- aafDeployFqi: "deployer@people.osaaf.org"
- aafDeployPass: demo123456!
- #aafDeployCredsExternalSecret: some secret
- #cadi_latitude: "52.5"
- #cadi_longitude: "13.4"
- secret_uid: *aaf_secret_uid
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: >
+ cd {{ .Values.credsPath }};
+ mkdir -p certs;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
+ keytool -exportcert -rfc -file certs/cacert.pem -keystore {{ .Values.fqi_namespace }}.trust.jks -alias ca_local_0 -storepass $cadi_truststore_password;
+ openssl pkcs12 -in {{ .Values.fqi_namespace }}.p12 -out certs/cert.pem -passin pass:$cadi_keystore_password_p12 -passout pass:$cadi_keystore_password_p12;
+ cp {{ .Values.fqi_namespace }}.key certs/key.pem;
+ chmod -R 755 certs;
+
#################################################################
# subcharts configuration defaults.
#################################################################
diff --git a/kubernetes/common/postgres/templates/_deployment.tpl b/kubernetes/common/postgres/templates/_deployment.tpl
index e3ac66933f..b1aae5f50d 100644
--- a/kubernetes/common/postgres/templates/_deployment.tpl
+++ b/kubernetes/common/postgres/templates/_deployment.tpl
@@ -44,19 +44,26 @@ spec:
- sh
args:
- -c
- - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ - |
+ function prepare_password {
+ echo -n $1 | sed -e "s/'/''/g"
+ }
+ export PG_PRIMARY_PASSWORD=`prepare_password $PG_PRIMARY_PASSWORD_INPUT`;
+ export PG_PASSWORD=`prepare_password $PG_PASSWORD_INPUT`;
+ export PG_ROOT_PASSWORD=`prepare_password $PG_ROOT_PASSWORD_INPUT`;
+ cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done
env:
- name: PG_PRIMARY_USER
value: primaryuser
- - name: PG_PRIMARY_PASSWORD
+ - name: PG_PRIMARY_PASSWORD_INPUT
{{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }}
- name: PG_USER
{{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }}
- - name: PG_PASSWORD
+ - name: PG_PASSWORD_INPUT
{{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }}
- name: PG_DATABASE
value: "{{ $dot.Values.config.pgDatabase }}"
- - name: PG_ROOT_PASSWORD
+ - name: PG_ROOT_PASSWORD_INPUT
{{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /config-input/setup.sql