diff options
Diffstat (limited to 'kubernetes/portal/charts/portal-app')
-rw-r--r-- | kubernetes/portal/charts/portal-app/resources/certs/keystoreONAPPortal.p12 | bin | 4175 -> 0 bytes | |||
-rw-r--r-- | kubernetes/portal/charts/portal-app/resources/certs/truststoreONAPall.jks | bin | 117990 -> 0 bytes | |||
-rwxr-xr-x | kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties | 13 | ||||
-rw-r--r-- | kubernetes/portal/charts/portal-app/resources/server/server.xml | 24 | ||||
-rw-r--r-- | kubernetes/portal/charts/portal-app/templates/configmap.yaml | 15 | ||||
-rw-r--r-- | kubernetes/portal/charts/portal-app/templates/deployment.yaml | 54 | ||||
-rw-r--r-- | kubernetes/portal/charts/portal-app/templates/secret.yaml | 15 | ||||
-rw-r--r-- | kubernetes/portal/charts/portal-app/values.yaml | 34 |
8 files changed, 97 insertions, 58 deletions
diff --git a/kubernetes/portal/charts/portal-app/resources/certs/keystoreONAPPortal.p12 b/kubernetes/portal/charts/portal-app/resources/certs/keystoreONAPPortal.p12 Binary files differdeleted file mode 100644 index 9f52189096..0000000000 --- a/kubernetes/portal/charts/portal-app/resources/certs/keystoreONAPPortal.p12 +++ /dev/null diff --git a/kubernetes/portal/charts/portal-app/resources/certs/truststoreONAPall.jks b/kubernetes/portal/charts/portal-app/resources/certs/truststoreONAPall.jks Binary files differdeleted file mode 100644 index ff844b109d..0000000000 --- a/kubernetes/portal/charts/portal-app/resources/certs/truststoreONAPall.jks +++ /dev/null diff --git a/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties b/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties index 8d21859b29..63348f02d6 100755 --- a/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties +++ b/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties @@ -1,4 +1,5 @@ # Copyright © 2018 Amdocs, Bell Canada, AT&T +# Modifications Copyright © 2020 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -111,14 +112,16 @@ auditlog_del_day_from = 365 #External system notification URL external_system_notification_url= https://jira.onap.org/browse/ +#cookie domain +cookie_domain = onap.org + +{{- if .Values.global.aafEnabled }} # External Access System Basic Auth Credentials & Rest endpoint(These credentials doesn't work as these are place holders for now) ext_central_access_user_name = aaf_admin@people.osaaf.org -ext_central_access_password = VTCIC7wfMI0Zy61wkqKQC0bF0EK2YmL2JLl1fQU2YC4= -ext_central_access_url = https://aaf-service:8100/authz/ +ext_central_access_password = thiswillbereplacedatruntime +ext_central_access_url = {{ .Values.aafURL }}/authz/ ext_central_access_user_domain = @people.osaaf.org # External Central Auth system access remote_centralized_system_access = true - -#cookie domain -cookie_domain = onap.org +{{- end }} diff --git a/kubernetes/portal/charts/portal-app/resources/server/server.xml b/kubernetes/portal/charts/portal-app/resources/server/server.xml index c9515c1f41..dec68376d2 100644 --- a/kubernetes/portal/charts/portal-app/resources/server/server.xml +++ b/kubernetes/portal/charts/portal-app/resources/server/server.xml @@ -14,7 +14,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - + Modifications to this file for use in ONAP are also subject to the Apache-2.0 license. --> <!-- Note: A "Server" is not itself a "Container", so you may not @@ -22,7 +22,7 @@ Documentation at /docs/config/server.html --> <Server port="8005" shutdown="SHUTDOWN"> - <Listener className="org.apache.catalina.startup.VersionLoggerListener" /> + <Listener className="org.apache.catalina.startup.VersionLoggerListener" logArgs="false"/> <!-- Security listener. Documentation at /docs/config/listeners.html <Listener className="org.apache.catalina.security.SecurityListener" /> --> @@ -70,7 +70,10 @@ --> <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" - redirectPort="8443" /> + {{ if .Values.global.aafEnabled }} + redirectPort="8443" + {{ end }} + /> <!-- A "Connector" using the shared thread pool--> <!-- <Connector executor="tomcatThreadPool" @@ -88,14 +91,19 @@ maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" /> --> - - <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" + {{ if .Values.global.aafEnabled }} + <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" - keystoreFile="{{.Values.global.keystoreFile}}" keystorePass="{{.Values.global.keypass}}" + keystoreFile="{{.Values.aafConfig.credsPath}}/{{.Values.aafConfig.keystoreFile}}" + keystorePass="${javax.net.ssl.keyStorePassword}" clientAuth="false" sslProtocol="TLS" /> - + {{ end }} <!-- Define an AJP 1.3 Connector on port 8009 --> - <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> + <Connector port="8009" protocol="AJP/1.3" + {{ if .Values.global.aafEnabled }} + redirectPort="8443" + {{ end }} + /> <!-- An Engine represents the entry point (within Catalina) that processes diff --git a/kubernetes/portal/charts/portal-app/templates/configmap.yaml b/kubernetes/portal/charts/portal-app/templates/configmap.yaml index d19ffeb9a8..d514fe6411 100644 --- a/kubernetes/portal/charts/portal-app/templates/configmap.yaml +++ b/kubernetes/portal/charts/portal-app/templates/configmap.yaml @@ -1,4 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2020 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -25,3 +26,17 @@ metadata: data: {{ tpl (.Files.Glob "resources/config/deliveries/properties/ONAPPORTAL/*").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/server/*").AsConfig . | indent 2 }} + +{{ if .Values.global.aafEnabled }} +{{- if .Values.aafConfig.addconfig -}} +--- +apiVersion: v1 +kind: ConfigMap +{{- $suffix := "aaf-add-config" }} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }} +data: + aaf-add-config.sh: |- + /opt/app/aaf_config/bin/agent.sh;/opt/app/aaf_config/bin/agent.sh local showpass \ + {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} > {{ .Values.aafConfig.credsPath }}/mycreds.prop +{{- end -}} +{{- end -}} diff --git a/kubernetes/portal/charts/portal-app/templates/deployment.yaml b/kubernetes/portal/charts/portal-app/templates/deployment.yaml index eb0dee0f73..14bbd3c7f6 100644 --- a/kubernetes/portal/charts/portal-app/templates/deployment.yaml +++ b/kubernetes/portal/charts/portal-app/templates/deployment.yaml @@ -1,4 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2020 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -45,33 +46,27 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + {{- if .Values.global.aafEnabled }} +{{ include "common.aaf-config" . | indent 6 }} + {{- end }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /start-apache-tomcat.sh - - -i - - "" - - -n - - "" - - -b - - "{{ .Values.global.env.tomcatDir }}" + command: ["bash","-c"] + {{- if .Values.global.aafEnabled }} + args: ["export $(grep '^c' {{ .Values.aafConfig.credsPath }}/mycreds.prop | xargs -0);\ + export _JAVA_OPTIONS=\"-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \ + -Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\ + /start-apache-tomcat.sh -i \"\" -n \"\" -b {{ .Values.global.env.tomcatDir }}"] env: - - name: CATALINA_OPTS + - name: _CATALINA_OPTS value: > - -Djavax.net.ssl.keyStore={{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}} - -Djavax.net.ssl.keyStorePassword={{ .Values.global.trustpass }} - -Djavax.net.ssl.trustStore={{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}} - -Djavax.net.ssl.trustStorePassword={{ .Values.global.trustpass }} - - name: javax.net.ssl.keyStore - value: {{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}} - - name: javax.net.ssl.keyStorePassword - value: {{ .Values.global.trustpass }} - - name: javax.net.ssl.trustStore - value: {{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}} - - name: javax.net.ssl.trustStorePassword - value: {{ .Values.global.trustpass }} + -Djavax.net.ssl.keyStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.keystoreFile }}" + -Djavax.net.ssl.trustStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.truststoreFile }}" + {{- else }} + args: ["/start-apache-tomcat.sh -i "" -n "" -b {{ .Values.global.env.tomcatDir }}"] + {{- end }} ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.internalPort2 }} @@ -90,6 +85,9 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: + {{- if .Values.global.aafEnabled }} +{{ include "common.aaf-config-volume-mountpath" . | indent 8 }} + {{- end }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -117,16 +115,10 @@ spec: - name: properties-onapportal mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/web.xml" subPath: web.xml - - name: authz-onapportal - mountPath: "{{ .Values.global.env.tomcatDir }}/{{ .Values.global.keystoreFile}}" - subPath: {{ .Values.global.keystoreFile}} - - name: authz-onapportal - mountPath: "{{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}}" - subPath: {{ .Values.global.truststoreFile}} - name: var-log-onap mountPath: /var/log/onap resources: -{{ include "common.resources" . | indent 12 }} +{{ include "common.resources" . }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} @@ -147,6 +139,9 @@ spec: - name: var-log-onap mountPath: /var/log/onap volumes: + {{- if .Values.global.aafEnabled }} +{{ include "common.aaf-config-volumes" . | indent 8 }} + {{- end }} - name: localtime hostPath: path: /etc/localtime @@ -154,9 +149,6 @@ spec: configMap: name: {{ include "common.fullname" . }}-onapportal defaultMode: 0755 - - name: authz-onapportal - secret: - secretName: {{ include "common.fullname" . }}-authz-onapportal - name: filebeat-conf configMap: name: portal-filebeat diff --git a/kubernetes/portal/charts/portal-app/templates/secret.yaml b/kubernetes/portal/charts/portal-app/templates/secret.yaml index 85b0f40567..a4019efa2b 100644 --- a/kubernetes/portal/charts/portal-app/templates/secret.yaml +++ b/kubernetes/portal/charts/portal-app/templates/secret.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 Amdocs, Bell Canada, AT&T +# Modifications Copyright © 2020 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,16 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-authz-onapportal - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/portal/charts/portal-app/values.yaml b/kubernetes/portal/charts/portal-app/values.yaml index 59a11ad6cf..9a17ab0f6f 100644 --- a/kubernetes/portal/charts/portal-app/values.yaml +++ b/kubernetes/portal/charts/portal-app/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2018,2020 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,15 +22,47 @@ global: readinessImage: readiness-check:2.0.0 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + #AAF service + aafEnabled: true + aafAgentImage: onap/aaf/aaf_agent:2.1.20 ################################################################# # Application configuration defaults. ################################################################# + # application image repository: nexus3.onap.org:10001 image: onap/portal-app:2.6.0 pullPolicy: Always +#AAF local config + +aafURL: https://aaf-service:8100/ +aafConfig: + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: portal + fqi: portal@portal.onap.org + publicFqdn: portal.onap.org + cadi_latitude: "38.0" + cadi_longitude: "-72.0" + credsPath: /opt/app/osaaf/local + app_ns: org.osaaf.aaf + permission_user: 1000 + permission_group: 999 + addconfig: true + secret_uid: &aaf_secret_uid portal-app-aaf-deploy-creds + keystoreFile: "org.onap.portal.p12" + truststoreFile: "org.onap.portal.trust.jks" + +secrets: + - uid: *aaf_secret_uid + type: basicAuth + externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}' + login: '{{ .Values.aafConfig.aafDeployFqi }}' + password: '{{ .Values.aafConfig.aafDeployPass }}' + passwordPolicy: required + # default number of instances replicaCount: 1 |