summaryrefslogtreecommitdiffstats
path: root/kubernetes/policy
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/policy')
-rw-r--r--kubernetes/policy/components/policy-gui/resources/config/default.conf32
-rw-r--r--kubernetes/policy/components/policy-gui/templates/deployment.yaml22
-rw-r--r--kubernetes/policy/components/policy-gui/values.yaml58
3 files changed, 49 insertions, 63 deletions
diff --git a/kubernetes/policy/components/policy-gui/resources/config/default.conf b/kubernetes/policy/components/policy-gui/resources/config/default.conf
deleted file mode 100644
index 98417cd822..0000000000
--- a/kubernetes/policy/components/policy-gui/resources/config/default.conf
+++ /dev/null
@@ -1,32 +0,0 @@
-server {
-
- listen 2443 default ssl;
- ssl_protocols TLSv1.2;
- {{ if .Values.global.aafEnabled }}
- ssl_certificate {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_pem}};
- ssl_certificate_key {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_key}};
- {{ else }}
- ssl_certificate /etc/ssl/clamp.pem;
- ssl_certificate_key /etc/ssl/clamp.key;
- {{ end }}
-
- ssl_verify_client optional_no_ca;
- absolute_redirect off;
-
- location / {
- root /usr/share/nginx/html;
- index index.html index.htm;
- try_files $uri $uri/ =404;
- }
-
- location /clamp/restservices/clds/ {
- proxy_pass https://policy-clamp-be:8443/restservices/clds/;
- proxy_set_header X-SSL-Cert $ssl_client_escaped_cert;
- }
-
- location = /50x.html {
- root /var/lib/nginx/html;
- }
- error_page 500 502 503 504 /50x.html;
- error_log /var/log/nginx/error.log warn;
-}
diff --git a/kubernetes/policy/components/policy-gui/templates/deployment.yaml b/kubernetes/policy/components/policy-gui/templates/deployment.yaml
index b67fa273de..a155715580 100644
--- a/kubernetes/policy/components/policy-gui/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-gui/templates/deployment.yaml
@@ -1,6 +1,6 @@
{{/*
# ============LICENSE_START=======================================================
-# Copyright (C) 2021 Nordix Foundation.
+# Copyright (C) 2021-2022 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -62,6 +62,20 @@ spec:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{- if .Values.global.aafEnabled }}
+ command: ["sh","-c"]
+ args: ["source {{ .Values.certInitializer.credsPath }}/.ci;/opt/app/policy/gui/bin/policy-gui.sh"]
+ env:
+{{- else }}
+ command: ["/opt/app/policy/gui/bin/policy-gui.sh"]
+ env:
+ - name: KEYSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+ - name: TRUSTSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
+{{- end }}
+ - name: CLAMP_URL
+ value: https://policy-clamp-be:8443
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
@@ -81,9 +95,6 @@ spec:
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- name: logs
mountPath: {{ .Values.log.path }}
- - mountPath: /etc/nginx/conf.d/default.conf
- name: {{ include "common.fullname" . }}-config
- subPath: default.conf
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -99,9 +110,6 @@ spec:
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}
- items:
- - key: default.conf
- path: default.conf
- name: logs
emptyDir: {}
{{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }}
diff --git a/kubernetes/policy/components/policy-gui/values.yaml b/kubernetes/policy/components/policy-gui/values.yaml
index 6ee7715678..aa2b9d3122 100644
--- a/kubernetes/policy/components/policy-gui/values.yaml
+++ b/kubernetes/policy/components/policy-gui/values.yaml
@@ -1,5 +1,5 @@
# ============LICENSE_START=======================================================
-# Copyright (C) 2021 Nordix Foundation.
+# Copyright (C) 2021-2022 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -26,36 +26,46 @@ global: # global defaults
aafEnabled: true
#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: keystore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.keyStorePassword }}'
+ passwordPolicy: required
+ - uid: truststore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.trustStorePassword }}'
+ passwordPolicy: required
+
+certStores:
+ keyStorePassword: Pol1cy_0nap
+ trustStorePassword: Pol1cy_0nap
+
+#################################################################
# AAF part
#################################################################
certInitializer:
- permission_user: 1000
- permission_group: 999
- addconfig: true
- keystoreFile: "org.onap.clamp.p12"
- truststoreFile: "org.onap.clamp.trust.jks"
- keyFile: "org.onap.clamp.keyfile"
- truststoreFileONAP: "truststoreONAPall.jks"
- clamp_key: "clamp.key"
- clamp_pem: "clamp.pem"
- clamp_ca_certs_pem: "clamp-ca-certs.pem"
nameOverride: policy-gui-cert-initializer
aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: clamp
- fqi: clamp@clamp.onap.org
- public_fqdn: clamp.onap.org
- cadi_longitude: "0.0"
+ fqdn: policy
+ fqi: policy@policy.onap.org
+ public_fqdn: policy.onap.org
cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
+ cadi_longitude: "0.0"
credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ uid: 100
+ gid: 101
aaf_add_config: >
- cd {{ .Values.credsPath }};
- openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
- openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
- openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
- chmod a+rx *;
+ echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
+ echo "export TRUSTSTORE='{{ .Values.credsPath }}/org.onap.policy.trust.jks'" >> {{ .Values.credsPath }}/.ci;
+ echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+ echo "export TRUSTSTORE_PASSWD='${cadi_truststore_password}'" >> {{ .Values.credsPath }}/.ci;
+ chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
subChartsOnly:
enabled: true
@@ -63,7 +73,7 @@ subChartsOnly:
flavor: small
# application image
-image: onap/policy-gui:2.2.0
+image: onap/policy-gui:2.2.2
pullPolicy: Always
# flag to enable debugging - application support required
@@ -71,7 +81,7 @@ debugEnabled: false
# log configuration
log:
- path: /var/log/nginx/
+ path: /var/log/onap/policy/gui
#################################################################
# Application configuration defaults.