diff options
Diffstat (limited to 'kubernetes/common')
| -rw-r--r-- | kubernetes/common/common/templates/_ingress.tpl | 20 | ||||
| -rw-r--r-- | kubernetes/common/etcd/templates/statefulset.yaml | 4 | ||||
| -rw-r--r-- | kubernetes/common/music/requirements.yaml | 3 | ||||
| -rwxr-xr-x | kubernetes/common/music/resources/config/music-sb.properties | 2 | ||||
| -rw-r--r-- | kubernetes/common/music/resources/keys/org.onap.music.jks | bin | 3635 -> 0 bytes | |||
| -rw-r--r-- | kubernetes/common/music/resources/keys/truststoreONAPall.jks | bin | 117990 -> 0 bytes | |||
| -rw-r--r-- | kubernetes/common/music/templates/deployment.yaml | 16 | ||||
| -rw-r--r-- | kubernetes/common/music/values.yaml | 32 |
8 files changed, 45 insertions, 32 deletions
diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl index 18f9bb1ba5..7fee67a7a4 100644 --- a/kubernetes/common/common/templates/_ingress.tpl +++ b/kubernetes/common/common/templates/_ingress.tpl @@ -1,9 +1,15 @@ -{{- define "ingress.config.port" -}} +{{- define "ingress.config.host" -}} {{- $dot := default . .dot -}} +{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}} {{- $burl := (required "'baseurl' param, set to the generic part of the fqdn, is required." $dot.Values.global.ingress.virtualhost.baseurl) -}} +{{ printf "%s.%s" $baseaddr $burl }} +{{- end -}} + +{{- define "ingress.config.port" -}} +{{- $dot := default . .dot -}} {{ range .Values.ingress.service }} {{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) }} - - host: {{ printf "%s.%s" $baseaddr $burl }} + - host: {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} http: paths: - backend: @@ -83,12 +89,12 @@ spec: {{- end -}} {{- if .Values.ingress.config -}} {{- if .Values.ingress.config.tls -}} -{{- $dot := default . .dot -}} +{{- $dot := default . .dot }} tls: - - hosts: - {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }} - - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} - {{- end }} + - hosts: + {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }} + - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} + {{- end }} secretName: {{ required "secret" (tpl (default "" .Values.ingress.config.tls.secret) $dot) }} {{- end -}} {{- end -}} diff --git a/kubernetes/common/etcd/templates/statefulset.yaml b/kubernetes/common/etcd/templates/statefulset.yaml index f5592bd252..e39b8c4ca2 100644 --- a/kubernetes/common/etcd/templates/statefulset.yaml +++ b/kubernetes/common/etcd/templates/statefulset.yaml @@ -133,6 +133,10 @@ spec: # we should wait for other pods to be up before trying to join # otherwise we got "no such host" errors when trying to resolve other members for i in $(seq 0 $((${INITIAL_CLUSTER_SIZE} - 1))); do + if [ "${SET_NAME}-${i}" == "${HOSTNAME}" ]; then + echo "Skipping self-checking" + continue + fi while true; do echo "Waiting for ${SET_NAME}-${i}.${SERVICE_NAME} to come up" ping -W 1 -c 1 ${SET_NAME}-${i}.${SERVICE_NAME} > /dev/null && break diff --git a/kubernetes/common/music/requirements.yaml b/kubernetes/common/music/requirements.yaml index a9566c1811..0a3c9315ab 100644 --- a/kubernetes/common/music/requirements.yaml +++ b/kubernetes/common/music/requirements.yaml @@ -22,3 +22,6 @@ dependencies: - name: repositoryGenerator version: ~7.x-0 repository: 'file://../repositoryGenerator' + - name: certInitializer + version: ~7.x-0 + repository: 'file://../certInitializer'
\ No newline at end of file diff --git a/kubernetes/common/music/resources/config/music-sb.properties b/kubernetes/common/music/resources/config/music-sb.properties index 751a351737..7a13f10d8e 100755 --- a/kubernetes/common/music/resources/config/music-sb.properties +++ b/kubernetes/common/music/resources/config/music-sb.properties @@ -6,7 +6,7 @@ server.tomcat.max-threads=100 #logging.file=/opt/app/music/logs/MUSIC/music-app.log #logging.config=file:/opt/app/music/etc/logback.xml security.require-ssl=true -server.ssl.key-store=/opt/app/aafcertman/org.onap.music.jks +server.ssl.key-store=/opt/app/aafcertman/local/org.onap.music.jks server.ssl.key-store-password=${KEYSTORE_PASSWORD} server.ssl.key-store-provider=SUN server.ssl.key-store-type=JKS diff --git a/kubernetes/common/music/resources/keys/org.onap.music.jks b/kubernetes/common/music/resources/keys/org.onap.music.jks Binary files differdeleted file mode 100644 index 35d27c3ef7..0000000000 --- a/kubernetes/common/music/resources/keys/org.onap.music.jks +++ /dev/null diff --git a/kubernetes/common/music/resources/keys/truststoreONAPall.jks b/kubernetes/common/music/resources/keys/truststoreONAPall.jks Binary files differdeleted file mode 100644 index ff844b109d..0000000000 --- a/kubernetes/common/music/resources/keys/truststoreONAPall.jks +++ /dev/null diff --git a/kubernetes/common/music/templates/deployment.yaml b/kubernetes/common/music/templates/deployment.yaml index cf0ce8f899..1e5d3c5377 100644 --- a/kubernetes/common/music/templates/deployment.yaml +++ b/kubernetes/common/music/templates/deployment.yaml @@ -38,19 +38,18 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + {{ include "common.certInitializer.initContainer" . | indent 8 | trim }} - command: - sh args: - -c - - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + - "export KEYSTORE_PASSWORD=$(cat /opt/app/aafcertman/local/.pass); cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" env: - - name: KEYSTORE_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "music-keystore-pw" "key" "password") | indent 12}} - name: CASSA_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cassa-secret" "key" "login") | indent 12 }} - name: CASSA_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cassa-secret" "key" "password") | indent 12 }} - volumeMounts: + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - mountPath: /config-input name: properties-music-scrubbed - mountPath: /config @@ -87,7 +86,7 @@ spec: value: "{{ .Values.javaOpts }}" - name: DEBUG value: "{{ .Values.debug }}" - volumeMounts: + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - name: localtime mountPath: /etc/localtime readOnly: true @@ -100,9 +99,7 @@ spec: - name: properties-music-scrubbed mountPath: /opt/app/music/etc/logback.xml subPath: logback.xml - - name: certs-aaf - mountPath: /opt/app/aafcertman/ - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: shared-data emptyDir: {} - name: certificate-vol @@ -116,6 +113,3 @@ spec: - name: properties-music emptyDir: medium: Memory - - name: certs-aaf - secret: - secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "music-certs") }} diff --git a/kubernetes/common/music/values.yaml b/kubernetes/common/music/values.yaml index 31df352de7..25cab910a9 100644 --- a/kubernetes/common/music/values.yaml +++ b/kubernetes/common/music/values.yaml @@ -25,16 +25,6 @@ global: # Secrets metaconfig ################################################################# secrets: - - uid: music-certs - name: keystore.jks - type: generic - filePaths: - - resources/keys/org.onap.music.jks - - uid: music-keystore-pw - name: keystore-pw - type: password - password: '{{ .Values.keystorePassword }}' - passwordPolicy: required - uid: cassa-secret type: basicAuth login: '{{ .Values.properties.cassandraUser }}' @@ -115,8 +105,6 @@ debug: false ingress: enabled: false -keystorePassword: "ysF9CVS+xvuXr0vf&fRa5lew" - properties: lockUsing: "cassandra" # Comma dilimited list of hosts @@ -159,4 +147,22 @@ logback: metricsLogLevel: info auditLogLevel: info # Values must be uppercase: INFO, WARN, CRITICAL,DEBUG etc.. - rootLogLevel: INFO
\ No newline at end of file + rootLogLevel: INFO + +#sub-charts configuration +certInitializer: + nameOverride: music-cert-initializer + fqdn: "music.onap" + app_ns: "org.osaaf.aaf" + fqi: "music@music.onap.org" + fqi_namespace: org.onap.music + public_fqdn: "music.onap.org" + aafDeployFqi: "deployer@people.osaaf.org" + aafDeployPass: demo123456! + cadi_latitude: "0.0" + cadi_longitude: "0.0" + credsPath: /opt/app/osaaf/local + appMountPath: /opt/app/aafcertman + aaf_add_config: > + cd {{ .Values.credsPath }}; + /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} | grep cadi_keystore_password_jks= | cut -d= -f 2 > {{ .Values.credsPath }}/.pass 2>&1; |