diff options
Diffstat (limited to 'kubernetes/dmaap/components')
8 files changed, 61 insertions, 112 deletions
diff --git a/kubernetes/dmaap/components/dmaap-bc/requirements.yaml b/kubernetes/dmaap/components/dmaap-bc/requirements.yaml index e0d80e7515..656fee77f8 100644 --- a/kubernetes/dmaap/components/dmaap-bc/requirements.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/requirements.yaml @@ -16,6 +16,9 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' - name: postgres version: ~6.x-0 repository: '@local' diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/aaf/org.onap.dmaap-bc.props b/kubernetes/dmaap/components/dmaap-bc/resources/aaf/org.onap.dmaap-bc.props deleted file mode 100644 index 3c29073e7a..0000000000 --- a/kubernetes/dmaap/components/dmaap-bc/resources/aaf/org.onap.dmaap-bc.props +++ /dev/null @@ -1,15 +0,0 @@ -############################################################ -# Properties Generated by AT&T Certificate Manager -# by root -# on 2019-03-22T17:37:33.690+0000 -# @copyright 2016, AT&T -############################################################ -aaf_env=DEV -aaf_id=dmaap-bc@dmaap-bc.onap.org -aaf_locate_url={{ .Values.aafLocateUrl }} -aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.1 -cadi_etc_dir=/opt/app/osaaf/local -cadi_latitude=38.000 -cadi_longitude=-72.000 -cadi_prop_files=/opt/app/osaaf/local/org.onap.dmaap-bc.location.props:/opt/app/osaaf/local/org.onap.dmaap-bc.cred.props -cm_url=https://AAF_LOCATE_URL/%CNS.%AAF_NS.cm:2.1 diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties b/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties index 59f64bd99c..3f5b1b4336 100644 --- a/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties +++ b/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties @@ -69,10 +69,10 @@ DB.host: {{ .Values.postgres.service.name2 }} #DB.schema: {{ .Values.postgres.config.pgDatabase }} # postgres user name -#DB.user: {{ .Values.postgres.config.pgUserName }} +DB.user: ${PG_USER} # postgres user password -DB.cred: {{ .Values.postgres.config.pgUserPassword }} +DB.cred: ${PG_PASSWORD} ##################################################### diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/configmap.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/configmap.yaml index 46ef837504..37d39effd6 100644 --- a/kubernetes/dmaap/components/dmaap-bc/templates/configmap.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/templates/configmap.yaml @@ -51,16 +51,3 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/dcaeLocations/*.json").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-aaf-config - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/aaf/*").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml index ea2720f9ce..2cfa3738b2 100644 --- a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml @@ -23,64 +23,33 @@ spec: spec: {{- if or .Values.global.aafEnabled .Values.PG.enabled }} initContainers: -{{- if .Values.global.aafEnabled }} - - name: {{ include "common.name" . }}-aaf-readiness - command: - - /root/ready.py + - command: + - sh args: - - --container-name - - aaf-locate - - --container-name - - aaf-cm - - --container-name - - aaf-service + - -c + - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done" env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - name: {{ include "common.name" . }}-aaf-config - image: "{{ include "common.repository" . }}/{{ .Values.global.aafAgentImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["bash","-c","exec /opt/app/aaf_config/bin/agent.sh"] + - name: PG_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }} + - name: PG_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }} volumeMounts: - - mountPath: {{ .Values.persistence.aafCredsPath }} - name: {{ include "common.name" . }}-aaf-config-vol - env: - - name: APP_FQI - value: "{{ .Values.aafConfig.fqi }}" - - name: aaf_locate_url - value: "https://aaf-locate.{{ .Release.Namespace }}:8095" - - name: aaf_locator_container - value: "{{ .Values.global.aafLocatorContainer }}" - - name: aaf_locator_container_ns - value: "{{ .Release.Namespace }}" - - name: aaf_locator_fqdn - value: "{{ .Values.aafConfig.fqdn }}" - - name: aaf_locator_public_fqdn - value: "{{.Values.aafConfig.publicFqdn}}" - - name: aaf_locator_app_ns - value: "{{ .Values.global.aafAppNs }}" - - name: DEPLOY_FQI - value: "{{ .Values.aafConfig.aafDeployFqi }}" - - name: DEPLOY_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.fullname" . }}-secret - key: aaf-deploy-password - - name: cadi_longitude - value: "{{ .Values.aafConfig.cadiLongitude }}" - - name: cadi_latitude - value: "{{ .Values.aafConfig.cadiLatitude }}" + - mountPath: /config-input + name: {{ include "common.name" . }}-config-input + - mountPath: /config + name: {{ include "common.name" . }}-config + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + +{{- if .Values.global.aafEnabled }} + +{{ include "common.certInitializer.initContainer" . | nindent 6 }} + - name: {{ include "common.name" . }}-permission-fixer image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: {{ .Values.persistence.aafCredsPath }} - name: {{ include "common.name" . }}-aaf-config-vol + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} command: ["chown","-Rf","1000:1001", "/opt/app/"] # See AAF-425 for explanation of why this is needed. # This artifact is provisioned in AAF for both pks12 and jks format and apparently @@ -89,9 +58,7 @@ spec: - name: {{ include "common.name" . }}-cred-fixer image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: {{ .Values.persistence.aafCredsPath }} - name: {{ include "common.name" . }}-aaf-config-vol + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} command: ["/bin/sh"] args: [ "-c", "sed -i -e '/cadi_keystore_password=/d' -e '/cadi_keystore_password_jks/p' -e 's/cadi_keystore_password_jks/cadi_keystore_password/' -e 's/dmaap-bc.p12/dmaap-bc.jks/' /opt/app/osaaf/local/org.onap.dmaap-bc.cred.props" ] @@ -134,12 +101,10 @@ spec: scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true - - mountPath: {{ .Values.persistence.aafCredsPath }} - name: {{ include "common.name" . }}-aaf-config-vol # NOTE: on the following several configMaps, careful to include / at end # since there may be more than one file in each mountPath - name: {{ include "common.name" . }}-config @@ -151,14 +116,15 @@ spec: {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | nindent 10 }} {{- end }} - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime hostPath: path: /etc/localtime - - name: {{ include "common.name" . }}-config + - name: {{ include "common.name" . }}-config-input configMap: name: {{ include "common.fullname" . }}-config - - name: {{ include "common.name" . }}-aaf-config-vol - emptyDir: {} + - name: {{ include "common.name" . }}-config + emptyDir: + medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/secrets.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/secrets.yaml index e15a152a21..7074e4de9a 100644 --- a/kubernetes/dmaap/components/dmaap-bc/templates/secrets.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/templates/secrets.yaml @@ -13,18 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{- if .Values.global.aafEnabled }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-secret - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: - aaf-deploy-password: {{ index .Values.aafConfig.aafDeployPass | b64enc | quote }} -{{- end }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/dmaap/components/dmaap-bc/values.yaml b/kubernetes/dmaap/components/dmaap-bc/values.yaml index 3a18787826..d9936d79f4 100644 --- a/kubernetes/dmaap/components/dmaap-bc/values.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/values.yaml @@ -22,6 +22,22 @@ global: readinessImage: readiness-check:2.0.0 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + envsubstImage: dibi/envsubst + +secrets: + - uid: pg-root-pass + name: &pgRootPassSecretName '{{ include "common.release" . }}-dmaap-bc-pg-root-pass' + type: password + externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "dmaap-bc-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}' + password: '{{ .Values.postgres.config.pgRootpassword }}' + policy: generate + - uid: pg-user-creds + name: &pgUserCredsSecretName '{{ include "common.release" . }}-dmaap-bc-pg-user-creds' + type: basicAuth + externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "dmaap-bc-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}' + login: '{{ .Values.postgres.config.pgUserName }}' + password: '{{ .Values.postgres.config.pgUserPassword }}' + passwordPolicy: generate ################################################################# # Application configuration defaults. @@ -48,15 +64,21 @@ topicMgrPwd: demo123456! adminUser: aaf_admin@people.osaaf.org adminPwd: demo123456! -#AAF local config -aafConfig: +################################################################# +# AAF part +################################################################# +certInitializer: + nameOverride: dmaap-bc-cert-initializer aafDeployFqi: deployer@people.osaaf.org aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret fqdn: dmaap-bc fqi: dmaap-bc@dmaap-bc.onap.org publicFqdn: dmaap-bc.onap.org cadiLatitude: 0.0 cadiLongitude: 0.0 + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local persistence: aafCredsPath: /opt/app/osaaf/local/ @@ -114,9 +136,8 @@ postgres: config: pgUserName: dmaap_admin pgDatabase: dmaap - pgPrimaryPassword: onapdemodb - pgUserPassword: onapdemodb - pgRootPassword: onapdemodb + pgUserExternalSecret: *pgUserCredsSecretName + pgRootPasswordExternalSecret: *pgRootPassSecretName persistence: mountSubPath: dbc/data mountInitPath: dbc diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml index 5c32d9950d..8b44e160ba 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml @@ -144,6 +144,7 @@ service: type: NodePort name: dmaap-dr-node useNodePortExt: true + both_tls_and_plain: true annotations: service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" ports: |