summaryrefslogtreecommitdiffstats
path: root/kubernetes/portal/charts/portal-app
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/portal/charts/portal-app')
-rw-r--r--kubernetes/portal/charts/portal-app/resources/certs/keystoreONAPPortal.p12bin4175 -> 0 bytes
-rw-r--r--kubernetes/portal/charts/portal-app/resources/certs/truststoreONAPall.jksbin117990 -> 0 bytes
-rwxr-xr-xkubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties13
-rw-r--r--kubernetes/portal/charts/portal-app/resources/server/server.xml24
-rw-r--r--kubernetes/portal/charts/portal-app/templates/configmap.yaml15
-rw-r--r--kubernetes/portal/charts/portal-app/templates/deployment.yaml54
-rw-r--r--kubernetes/portal/charts/portal-app/templates/secret.yaml15
-rw-r--r--kubernetes/portal/charts/portal-app/values.yaml34
8 files changed, 97 insertions, 58 deletions
diff --git a/kubernetes/portal/charts/portal-app/resources/certs/keystoreONAPPortal.p12 b/kubernetes/portal/charts/portal-app/resources/certs/keystoreONAPPortal.p12
deleted file mode 100644
index 9f52189096..0000000000
--- a/kubernetes/portal/charts/portal-app/resources/certs/keystoreONAPPortal.p12
+++ /dev/null
Binary files differ
diff --git a/kubernetes/portal/charts/portal-app/resources/certs/truststoreONAPall.jks b/kubernetes/portal/charts/portal-app/resources/certs/truststoreONAPall.jks
deleted file mode 100644
index ff844b109d..0000000000
--- a/kubernetes/portal/charts/portal-app/resources/certs/truststoreONAPall.jks
+++ /dev/null
Binary files differ
diff --git a/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties b/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties
index 8d21859b29..63348f02d6 100755
--- a/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties
+++ b/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties
@@ -1,4 +1,5 @@
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -111,14 +112,16 @@ auditlog_del_day_from = 365
#External system notification URL
external_system_notification_url= https://jira.onap.org/browse/
+#cookie domain
+cookie_domain = onap.org
+
+{{- if .Values.global.aafEnabled }}
# External Access System Basic Auth Credentials & Rest endpoint(These credentials doesn't work as these are place holders for now)
ext_central_access_user_name = aaf_admin@people.osaaf.org
-ext_central_access_password = VTCIC7wfMI0Zy61wkqKQC0bF0EK2YmL2JLl1fQU2YC4=
-ext_central_access_url = https://aaf-service:8100/authz/
+ext_central_access_password = thiswillbereplacedatruntime
+ext_central_access_url = {{ .Values.aafURL }}/authz/
ext_central_access_user_domain = @people.osaaf.org
# External Central Auth system access
remote_centralized_system_access = true
-
-#cookie domain
-cookie_domain = onap.org
+{{- end }}
diff --git a/kubernetes/portal/charts/portal-app/resources/server/server.xml b/kubernetes/portal/charts/portal-app/resources/server/server.xml
index c9515c1f41..dec68376d2 100644
--- a/kubernetes/portal/charts/portal-app/resources/server/server.xml
+++ b/kubernetes/portal/charts/portal-app/resources/server/server.xml
@@ -14,7 +14,7 @@
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-
+
Modifications to this file for use in ONAP are also subject to the Apache-2.0 license.
-->
<!-- Note: A "Server" is not itself a "Container", so you may not
@@ -22,7 +22,7 @@
Documentation at /docs/config/server.html
-->
<Server port="8005" shutdown="SHUTDOWN">
- <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
+ <Listener className="org.apache.catalina.startup.VersionLoggerListener" logArgs="false"/>
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
@@ -70,7 +70,10 @@
-->
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
- redirectPort="8443" />
+ {{ if .Values.global.aafEnabled }}
+ redirectPort="8443"
+ {{ end }}
+ />
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
@@ -88,14 +91,19 @@
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
-
- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
+ {{ if .Values.global.aafEnabled }}
+ <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
- keystoreFile="{{.Values.global.keystoreFile}}" keystorePass="{{.Values.global.keypass}}"
+ keystoreFile="{{.Values.aafConfig.credsPath}}/{{.Values.aafConfig.keystoreFile}}"
+ keystorePass="${javax.net.ssl.keyStorePassword}"
clientAuth="false" sslProtocol="TLS" />
-
+ {{ end }}
<!-- Define an AJP 1.3 Connector on port 8009 -->
- <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
+ <Connector port="8009" protocol="AJP/1.3"
+ {{ if .Values.global.aafEnabled }}
+ redirectPort="8443"
+ {{ end }}
+ />
<!-- An Engine represents the entry point (within Catalina) that processes
diff --git a/kubernetes/portal/charts/portal-app/templates/configmap.yaml b/kubernetes/portal/charts/portal-app/templates/configmap.yaml
index d19ffeb9a8..d514fe6411 100644
--- a/kubernetes/portal/charts/portal-app/templates/configmap.yaml
+++ b/kubernetes/portal/charts/portal-app/templates/configmap.yaml
@@ -1,4 +1,5 @@
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -25,3 +26,17 @@ metadata:
data:
{{ tpl (.Files.Glob "resources/config/deliveries/properties/ONAPPORTAL/*").AsConfig . | indent 2 }}
{{ tpl (.Files.Glob "resources/server/*").AsConfig . | indent 2 }}
+
+{{ if .Values.global.aafEnabled }}
+{{- if .Values.aafConfig.addconfig -}}
+---
+apiVersion: v1
+kind: ConfigMap
+{{- $suffix := "aaf-add-config" }}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
+data:
+ aaf-add-config.sh: |-
+ /opt/app/aaf_config/bin/agent.sh;/opt/app/aaf_config/bin/agent.sh local showpass \
+ {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} > {{ .Values.aafConfig.credsPath }}/mycreds.prop
+{{- end -}}
+{{- end -}}
diff --git a/kubernetes/portal/charts/portal-app/templates/deployment.yaml b/kubernetes/portal/charts/portal-app/templates/deployment.yaml
index eb0dee0f73..14bbd3c7f6 100644
--- a/kubernetes/portal/charts/portal-app/templates/deployment.yaml
+++ b/kubernetes/portal/charts/portal-app/templates/deployment.yaml
@@ -1,4 +1,5 @@
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -45,33 +46,27 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ {{- if .Values.global.aafEnabled }}
+{{ include "common.aaf-config" . | indent 6 }}
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /start-apache-tomcat.sh
- - -i
- - ""
- - -n
- - ""
- - -b
- - "{{ .Values.global.env.tomcatDir }}"
+ command: ["bash","-c"]
+ {{- if .Values.global.aafEnabled }}
+ args: ["export $(grep '^c' {{ .Values.aafConfig.credsPath }}/mycreds.prop | xargs -0);\
+ export _JAVA_OPTIONS=\"-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \
+ -Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\
+ /start-apache-tomcat.sh -i \"\" -n \"\" -b {{ .Values.global.env.tomcatDir }}"]
env:
- - name: CATALINA_OPTS
+ - name: _CATALINA_OPTS
value: >
- -Djavax.net.ssl.keyStore={{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}}
- -Djavax.net.ssl.keyStorePassword={{ .Values.global.trustpass }}
- -Djavax.net.ssl.trustStore={{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}}
- -Djavax.net.ssl.trustStorePassword={{ .Values.global.trustpass }}
- - name: javax.net.ssl.keyStore
- value: {{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}}
- - name: javax.net.ssl.keyStorePassword
- value: {{ .Values.global.trustpass }}
- - name: javax.net.ssl.trustStore
- value: {{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}}
- - name: javax.net.ssl.trustStorePassword
- value: {{ .Values.global.trustpass }}
+ -Djavax.net.ssl.keyStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.keystoreFile }}"
+ -Djavax.net.ssl.trustStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.truststoreFile }}"
+ {{- else }}
+ args: ["/start-apache-tomcat.sh -i "" -n "" -b {{ .Values.global.env.tomcatDir }}"]
+ {{- end }}
ports:
- containerPort: {{ .Values.service.internalPort }}
- containerPort: {{ .Values.service.internalPort2 }}
@@ -90,6 +85,9 @@ spec:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
+ {{- if .Values.global.aafEnabled }}
+{{ include "common.aaf-config-volume-mountpath" . | indent 8 }}
+ {{- end }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -117,16 +115,10 @@ spec:
- name: properties-onapportal
mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/web.xml"
subPath: web.xml
- - name: authz-onapportal
- mountPath: "{{ .Values.global.env.tomcatDir }}/{{ .Values.global.keystoreFile}}"
- subPath: {{ .Values.global.keystoreFile}}
- - name: authz-onapportal
- mountPath: "{{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}}"
- subPath: {{ .Values.global.truststoreFile}}
- name: var-log-onap
mountPath: /var/log/onap
resources:
-{{ include "common.resources" . | indent 12 }}
+{{ include "common.resources" . }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
@@ -147,6 +139,9 @@ spec:
- name: var-log-onap
mountPath: /var/log/onap
volumes:
+ {{- if .Values.global.aafEnabled }}
+{{ include "common.aaf-config-volumes" . | indent 8 }}
+ {{- end }}
- name: localtime
hostPath:
path: /etc/localtime
@@ -154,9 +149,6 @@ spec:
configMap:
name: {{ include "common.fullname" . }}-onapportal
defaultMode: 0755
- - name: authz-onapportal
- secret:
- secretName: {{ include "common.fullname" . }}-authz-onapportal
- name: filebeat-conf
configMap:
name: portal-filebeat
diff --git a/kubernetes/portal/charts/portal-app/templates/secret.yaml b/kubernetes/portal/charts/portal-app/templates/secret.yaml
index 85b0f40567..a4019efa2b 100644
--- a/kubernetes/portal/charts/portal-app/templates/secret.yaml
+++ b/kubernetes/portal/charts/portal-app/templates/secret.yaml
@@ -1,4 +1,5 @@
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,16 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-authz-onapportal
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }}
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/portal/charts/portal-app/values.yaml b/kubernetes/portal/charts/portal-app/values.yaml
index 59a11ad6cf..9a17ab0f6f 100644
--- a/kubernetes/portal/charts/portal-app/values.yaml
+++ b/kubernetes/portal/charts/portal-app/values.yaml
@@ -1,5 +1,5 @@
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018,2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -22,15 +22,47 @@ global:
readinessImage: readiness-check:2.0.0
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ #AAF service
+ aafEnabled: true
+ aafAgentImage: onap/aaf/aaf_agent:2.1.20
#################################################################
# Application configuration defaults.
#################################################################
+
# application image
repository: nexus3.onap.org:10001
image: onap/portal-app:2.6.0
pullPolicy: Always
+#AAF local config
+
+aafURL: https://aaf-service:8100/
+aafConfig:
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: portal
+ fqi: portal@portal.onap.org
+ publicFqdn: portal.onap.org
+ cadi_latitude: "38.0"
+ cadi_longitude: "-72.0"
+ credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ permission_user: 1000
+ permission_group: 999
+ addconfig: true
+ secret_uid: &aaf_secret_uid portal-app-aaf-deploy-creds
+ keystoreFile: "org.onap.portal.p12"
+ truststoreFile: "org.onap.portal.trust.jks"
+
+secrets:
+ - uid: *aaf_secret_uid
+ type: basicAuth
+ externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}'
+ login: '{{ .Values.aafConfig.aafDeployFqi }}'
+ password: '{{ .Values.aafConfig.aafDeployPass }}'
+ passwordPolicy: required
+
# default number of instances
replicaCount: 1