From 822eb097fc30cd687de96a1fe78b2dab24332e39 Mon Sep 17 00:00:00 2001 From: Abdelmuhaimen Seaudi Date: Sat, 4 Sep 2021 11:08:36 +0200 Subject: [OOM] Use cert-initializer truststore instead of hard-coded ONAP Root CA By adding the certInitializer directives in cds blueprint processor deployment, we get access to the AAF ONAP Root CA, instead of static file. Issue-ID: CCSDK-3356 Signed-off-by: Abdelmuhaimen Seaudi Change-Id: Ifc3d1797905868b268cbfd06237866bf8dc3d3f5 --- .../cds-blueprints-processor/requirements.yaml | 4 ++++ .../templates/deployment.yaml | 8 +++++--- .../cds-blueprints-processor/values.yaml | 23 +++++++++++++++++++++- .../components/cds-command-executor/values.yaml | 2 +- .../cds/components/cds-py-executor/values.yaml | 2 +- .../cds/components/cds-sdc-listener/values.yaml | 2 +- kubernetes/cds/components/cds-ui/values.yaml | 2 +- 7 files changed, 35 insertions(+), 8 deletions(-) diff --git a/kubernetes/cds/components/cds-blueprints-processor/requirements.yaml b/kubernetes/cds/components/cds-blueprints-processor/requirements.yaml index 7a3a920087..baf1a760ab 100755 --- a/kubernetes/cds/components/cds-blueprints-processor/requirements.yaml +++ b/kubernetes/cds/components/cds-blueprints-processor/requirements.yaml @@ -22,3 +22,7 @@ dependencies: - name: serviceAccount version: ~8.x-0 repository: '@local' + - name: certInitializer + version: ~8.x-0 + repository: '@local' + diff --git a/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml index fd5265d2ce..d92f09a4c8 100755 --- a/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml +++ b/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml @@ -48,7 +48,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - command: - sh args: @@ -113,6 +113,8 @@ spec: value: {{ if (gt (int (.Values.replicaCount)) 2) }} {{ .Values.cluster.enabled | quote }} {{ else }} "false" {{ end }} - name: CLUSTER_ID value: {{ .Values.cluster.clusterName }} + - name: AAF_CREDSPATH + value: {{ .Values.certInitializer.credsPath }} - name: CLUSTER_NODE_ID valueFrom: fieldRef: @@ -157,7 +159,7 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} - volumeMounts: + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -191,7 +193,7 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/cds/components/cds-blueprints-processor/values.yaml b/kubernetes/cds/components/cds-blueprints-processor/values.yaml index 829bb220cd..d21598a4ba 100755 --- a/kubernetes/cds/components/cds-blueprints-processor/values.yaml +++ b/kubernetes/cds/components/cds-blueprints-processor/values.yaml @@ -47,11 +47,32 @@ secrets: password: '{{ .Values.config.sdncDB.dbRootPass }}' passwordPolicy: required +################################################################# +# AAF part +################################################################# +certInitializer: + nameOverride: cds-blueprints-processor-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: sdnc-cds + fqi: sdnc-cds@sdnc-cds.onap.org + public_fqdn: sdnc-cds.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + fqi_namespace: org.onap.sdnc-cds + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh; + /opt/app/aaf_config/bin/agent.sh local showpass + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop + ################################################################# # Application configuration defaults. ################################################################# # application image -image: onap/ccsdk-blueprintsprocessor:1.1.5 +image: onap/ccsdk-blueprintsprocessor:1.2.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/cds/components/cds-command-executor/values.yaml b/kubernetes/cds/components/cds-command-executor/values.yaml index cb3668656a..1e8beab654 100755 --- a/kubernetes/cds/components/cds-command-executor/values.yaml +++ b/kubernetes/cds/components/cds-command-executor/values.yaml @@ -32,7 +32,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/ccsdk-commandexecutor:1.1.5 +image: onap/ccsdk-commandexecutor:1.2.0 pullPolicy: Always # application configuration diff --git a/kubernetes/cds/components/cds-py-executor/values.yaml b/kubernetes/cds/components/cds-py-executor/values.yaml index 02805cf5fa..c7a2734a8b 100755 --- a/kubernetes/cds/components/cds-py-executor/values.yaml +++ b/kubernetes/cds/components/cds-py-executor/values.yaml @@ -30,7 +30,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/ccsdk-py-executor:1.1.5 +image: onap/ccsdk-py-executor:1.2.0 pullPolicy: Always # default number of instances diff --git a/kubernetes/cds/components/cds-sdc-listener/values.yaml b/kubernetes/cds/components/cds-sdc-listener/values.yaml index f71dafeeb1..fd15bd0ecc 100644 --- a/kubernetes/cds/components/cds-sdc-listener/values.yaml +++ b/kubernetes/cds/components/cds-sdc-listener/values.yaml @@ -29,7 +29,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/ccsdk-sdclistener:1.1.5 +image: onap/ccsdk-sdclistener:1.2.0 name: sdc-listener pullPolicy: Always diff --git a/kubernetes/cds/components/cds-ui/values.yaml b/kubernetes/cds/components/cds-ui/values.yaml index 8f5f806baf..f579cc358d 100644 --- a/kubernetes/cds/components/cds-ui/values.yaml +++ b/kubernetes/cds/components/cds-ui/values.yaml @@ -44,7 +44,7 @@ certInitializer: {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop # application image -image: onap/ccsdk-cds-ui-server:1.1.5 +image: onap/ccsdk-cds-ui-server:1.2.0 pullPolicy: Always # application configuration -- cgit 1.2.3-korg