diff options
Diffstat (limited to 'kubernetes/common')
5 files changed, 37 insertions, 64 deletions
diff --git a/kubernetes/common/elasticsearch/requirements.yaml b/kubernetes/common/elasticsearch/requirements.yaml index 8a02fef7b7..5900f412a1 100644 --- a/kubernetes/common/elasticsearch/requirements.yaml +++ b/kubernetes/common/elasticsearch/requirements.yaml @@ -27,3 +27,6 @@ dependencies: version: ~6.x-0 repository: 'file://components/curator' condition: elasticsearch.curator.enabled,curator.enabled + - name: certInitializer + version: ~6.x-0 + repository: 'file://../certInitializer' diff --git a/kubernetes/common/elasticsearch/templates/configmap-aaf-add-config.yaml b/kubernetes/common/elasticsearch/templates/configmap-aaf-add-config.yaml deleted file mode 100644 index b4e0044891..0000000000 --- a/kubernetes/common/elasticsearch/templates/configmap-aaf-add-config.yaml +++ /dev/null @@ -1,33 +0,0 @@ - -{{ if .Values.global.aafEnabled }} -{{/* -# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -{{- if .Values.aafConfig.addconfig -}} -apiVersion: v1 -kind: ConfigMap -{{ $suffix := "aaf-add-config" -}} -metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }} -data: - aaf-add-config.sh: |- - cd /opt/app/osaaf/local - mkdir -p certs - export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0) - keytool -exportcert -rfc -file certs/cacert.pem -keystore {{ .Values.aafConfig.fqi_namespace }}.trust.jks -alias ca_local_0 -storepass $cadi_truststore_password - openssl pkcs12 -in {{ .Values.aafConfig.fqi_namespace }}.p12 -out certs/cert.pem -passin pass:$cadi_keystore_password_p12 -passout pass:$cadi_keystore_password_p12 - cp {{ .Values.aafConfig.fqi_namespace }}.key certs/key.pem - chmod -R 755 certs -{{- end -}} -{{- end -}} diff --git a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml index 65a7f462e1..1ab5b59855 100644 --- a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml +++ b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml @@ -61,7 +61,7 @@ spec: securityContext: privileged: true {{- end }} - {{ include "common.aaf-config" . | nindent 8}} + {{ include "common.certInitializer.initContainer" . | nindent 8 }} containers: - name: {{ include "common.name" . }}-nginx @@ -82,7 +82,7 @@ spec: - name: nginx-server-block mountPath: /opt/bitnami/nginx/conf/server_blocks {{- end }} - {{- include "common.aaf-config-volume-mountpath" . | nindent 10 }} + {{- include "common.certInitializer.volumeMount" . | nindent 10 }} - name: {{ include "common.name" . }}-elasticsearch image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }} @@ -163,5 +163,4 @@ spec: configMap: name: {{ include "common.fullname" . }}-nginx-server-block {{- end }} - {{- include "common.aaf-config-volumes" . | nindent 8}} - + {{ include "common.certInitializer.volumes" . | nindent 8 }} diff --git a/kubernetes/common/elasticsearch/values.yaml b/kubernetes/common/elasticsearch/values.yaml index 3627b2ea97..b1289431a5 100644 --- a/kubernetes/common/elasticsearch/values.yaml +++ b/kubernetes/common/elasticsearch/values.yaml @@ -17,7 +17,6 @@ ################################################################# global: aafEnabled: true - aafAgentImage: onap/aaf/aaf_agent:2.1.15 nodePortPrefix: 302 readinessRepository: oomk8s readinessImage: readiness-check:2.0.2 @@ -275,34 +274,32 @@ service: # loadBalancerIP: ## Provide functionality to use RBAC ## + ################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: &aaf_secret_uid elasticsearch-aaf-deploy-creds - type: basicAuth - externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}' - login: '{{ .Values.aafConfig.aafDeployFqi }}' - password: '{{ .Values.aafConfig.aafDeployPass }}' - passwordPolicy: required -################################################################# -# aaf configuration defaults. +# Certificate configuration ################################################################# -aafConfig: - addconfig: true +certInitializer: + nameOverride: elasticsearch-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret fqdn: "elastic" - image: onap/aaf/aaf_agent:2.1.15 app_ns: "org.osaaf.aaf" - fqi_namespace: org.onap.elastic + fqi_namespace: "org.onap.elastic" fqi: "elastic@elastic.onap.org" public_fqdn: "aaf.osaaf.org" - deploy_fqi: "deployer@people.osaaf.org" - aafDeployFqi: "deployer@people.osaaf.org" - aafDeployPass: demo123456! - #aafDeployCredsExternalSecret: some secret - #cadi_latitude: "52.5" - #cadi_longitude: "13.4" - secret_uid: *aaf_secret_uid + cadi_longitude: "0.0" + cadi_latitude: "0.0" + credsPath: /opt/app/osaaf/local + aaf_add_config: > + cd {{ .Values.credsPath }}; + mkdir -p certs; + export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0); + keytool -exportcert -rfc -file certs/cacert.pem -keystore {{ .Values.fqi_namespace }}.trust.jks -alias ca_local_0 -storepass $cadi_truststore_password; + openssl pkcs12 -in {{ .Values.fqi_namespace }}.p12 -out certs/cert.pem -passin pass:$cadi_keystore_password_p12 -passout pass:$cadi_keystore_password_p12; + cp {{ .Values.fqi_namespace }}.key certs/key.pem; + chmod -R 755 certs; + ################################################################# # subcharts configuration defaults. ################################################################# diff --git a/kubernetes/common/postgres/templates/_deployment.tpl b/kubernetes/common/postgres/templates/_deployment.tpl index e3ac66933f..b1aae5f50d 100644 --- a/kubernetes/common/postgres/templates/_deployment.tpl +++ b/kubernetes/common/postgres/templates/_deployment.tpl @@ -44,19 +44,26 @@ spec: - sh args: - -c - - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + - | + function prepare_password { + echo -n $1 | sed -e "s/'/''/g" + } + export PG_PRIMARY_PASSWORD=`prepare_password $PG_PRIMARY_PASSWORD_INPUT`; + export PG_PASSWORD=`prepare_password $PG_PASSWORD_INPUT`; + export PG_ROOT_PASSWORD=`prepare_password $PG_ROOT_PASSWORD_INPUT`; + cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done env: - name: PG_PRIMARY_USER value: primaryuser - - name: PG_PRIMARY_PASSWORD + - name: PG_PRIMARY_PASSWORD_INPUT {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }} - name: PG_USER {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }} - - name: PG_PASSWORD + - name: PG_PASSWORD_INPUT {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }} - name: PG_DATABASE value: "{{ $dot.Values.config.pgDatabase }}" - - name: PG_ROOT_PASSWORD + - name: PG_ROOT_PASSWORD_INPUT {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }} volumeMounts: - mountPath: /config-input/setup.sql |