From 020cdb94ca5c6ca3fb4690b1118c08779f3b4d95 Mon Sep 17 00:00:00 2001
From: Krzysztof Opasiak <k.opasiak@samsung.com>
Date: Fri, 1 May 2020 01:46:37 +0200
Subject: [COMMON] Add new template for obtaining certificate

Add new template that can be used to obtain certificate by
component. Make also a PoC with NBI.

Strongly based on aaf-config template.

Issue-ID: AAF-1134
Change-Id: I10cb2a7b36a8dc436be337518cc15431aabbbc5d
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
---
 kubernetes/nbi/requirements.yaml                   |  3 +++
 .../nbi/templates/configmap-aaf-add-config.yaml    | 28 ----------------------
 kubernetes/nbi/templates/deployment.yaml           | 12 +++++-----
 kubernetes/nbi/values.yaml                         | 20 +++++++---------
 4 files changed, 18 insertions(+), 45 deletions(-)
 delete mode 100644 kubernetes/nbi/templates/configmap-aaf-add-config.yaml

(limited to 'kubernetes/nbi')

diff --git a/kubernetes/nbi/requirements.yaml b/kubernetes/nbi/requirements.yaml
index 4bd4fd863e..7ce343627a 100644
--- a/kubernetes/nbi/requirements.yaml
+++ b/kubernetes/nbi/requirements.yaml
@@ -20,6 +20,9 @@ dependencies:
     # a part of this chart's package and will not
     # be published independently to a repo (at this point)
     repository: '@local'
+  - name: certInitializer
+    version: ~6.x-0
+    repository: '@local'
   - name: mongo
     version: ~6.x-0
     repository: '@local'
diff --git a/kubernetes/nbi/templates/configmap-aaf-add-config.yaml b/kubernetes/nbi/templates/configmap-aaf-add-config.yaml
deleted file mode 100644
index fe099b140d..0000000000
--- a/kubernetes/nbi/templates/configmap-aaf-add-config.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
-{{ if .Values.global.aafEnabled }}
-{{/*
-# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies, Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if .Values.aafConfig.addconfig -}}
-apiVersion: v1
-kind: ConfigMap
-{{- $suffix := "aaf-add-config" }}
-metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
-data:
-  aaf-add-config.sh: |-
-    /opt/app/aaf_config/bin/agent.sh;/opt/app/aaf_config/bin/agent.sh local showpass \
-        {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} > {{ .Values.aafConfig.credsPath }}/mycreds.prop
-{{- end -}}
-{{- end -}}
diff --git a/kubernetes/nbi/templates/deployment.yaml b/kubernetes/nbi/templates/deployment.yaml
index 1b4195c733..22dd4a1ded 100644
--- a/kubernetes/nbi/templates/deployment.yaml
+++ b/kubernetes/nbi/templates/deployment.yaml
@@ -33,7 +33,7 @@ spec:
       name: {{ include "common.fullname" . }}
     spec:
 {{- if .Values.global.aafEnabled }}
-      initContainers: {{ include "common.aaf-config" . | nindent 6 }}
+      initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
 {{- end }}
       containers:
         - name: {{ include "common.name" . }}
@@ -49,11 +49,11 @@ spec:
           args:
           - -c
           - |
-            export $(grep '^c' {{ .Values.aafConfig.credsPath }}/mycreds.prop | xargs -0)
+            export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
             export JAVA_OPTS="-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \
-              -Dserver.ssl.key-store={{ .Values.aafConfig.credsPath }}/org.onap.nbi.p12 \
+              -Dserver.ssl.key-store={{ .Values.certInitializer.credsPath }}/org.onap.nbi.p12 \
               -Dserver.ssl.key-store-type=PKCS12 \
-              -Djavax.net.ssl.trustStore={{ .Values.aafConfig.credsPath }}/org.onap.nbi.trust.jks \
+              -Djavax.net.ssl.trustStore={{ .Values.certInitializer.credsPath }}/org.onap.nbi.trust.jks \
               -Dserver.ssl.key-store-password=$cadi_keystore_password_p12  \
               -Djavax.net.ssl.trustStoreType=jks\
               -Djava.security.egd=file:/dev/./urandom -Dserver.port=8443"
@@ -122,7 +122,7 @@ spec:
               value: "msb-discovery.{{ include "common.namespace" . }}"
             - name: MSB_DISCOVERY_PORT
               value: "10081"
-          volumeMounts: {{ include "common.aaf-config-volume-mountpath" . | nindent 12 }}
+          volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 12 }}
             - mountPath: /etc/localtime
               name: localtime
               readOnly: true
@@ -148,7 +148,7 @@ spec:
         #     name: esr-server-logs
         #   - mountPath: /usr/share/filebeat/data
         #     name: esr-server-filebeat
-      volumes: {{ include "common.aaf-config-volumes" . | nindent 8 }}
+      volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
         - name: localtime
           hostPath:
             path: /etc/localtime
diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml
index 6381d83e27..4fe092e603 100644
--- a/kubernetes/nbi/values.yaml
+++ b/kubernetes/nbi/values.yaml
@@ -36,7 +36,8 @@ global:
 #################################################################
 # AAF part
 #################################################################
-aafConfig:
+certInitializer:
+  nameOverride: nbi-cert-initializer
   aafDeployFqi: deployer@people.osaaf.org
   aafDeployPass: demo123456!
   # aafDeployCredsExternalSecret: some secret
@@ -45,13 +46,16 @@ aafConfig:
   public_fqdn: nbi.onap.org
   cadi_longitude: "0.0"
   cadi_latitude: "0.0"
-  credsPath: /opt/app/osaaf/local
   app_ns: org.osaaf.aaf
+  credsPath: /opt/app/osaaf/local
+  aaf_add_config: >
+    /opt/app/aaf_config/bin/agent.sh;
+    /opt/app/aaf_config/bin/agent.sh local showpass
+    {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
+
+aafConfig:
   permission_user: 1000
   permission_group: 999
-  addconfig: true
-  secret_uid: &aaf_secret_uid nbi-aaf-deploy-creds
-
 
 #################################################################
 # Secrets metaconfig
@@ -63,12 +67,6 @@ secrets:
     externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
     login: '{{ .Values.config.db.userName }}'
     password: '{{ .Values.config.db.userPassword }}'
-  - uid: *aaf_secret_uid
-    type: basicAuth
-    externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}'
-    login: '{{ .Values.aafConfig.aafDeployFqi }}'
-    password: '{{ .Values.aafConfig.aafDeployPass }}'
-    passwordPolicy: required
 
 subChartsOnly:
   enabled: true
-- 
cgit 1.2.3-korg