From 019b59c486b07007875976862807a6acaa92be82 Mon Sep 17 00:00:00 2001
From: ChrisC <christophe.closset@intl.att.com>
Date: Fri, 3 Apr 2020 13:58:44 +0200
Subject: Portal-app auto cert gen

Migrate to auto cert gen using latest templates
Minor updates to align portal-sdk to latest templates

Issue-ID: PORTAL-847
Depends-On: Ie3f5ae5c2a37d816afc42d2c67ebe8e40e749c79
Signed-off-by: ChrisC <christophe.closset@intl.att.com>
Change-Id: Ib457b0940d549168ebc173d9b1f953bb933088a1
---
 .../charts/portal-sdk/resources/server/server.xml  |  2 +-
 .../charts/portal-sdk/templates/configmap.yaml     | 18 +++++-
 .../charts/portal-sdk/templates/deployment.yaml    | 67 +++-------------------
 kubernetes/portal/charts/portal-sdk/values.yaml    | 40 ++++++-------
 4 files changed, 44 insertions(+), 83 deletions(-)

(limited to 'kubernetes/portal/charts/portal-sdk')

diff --git a/kubernetes/portal/charts/portal-sdk/resources/server/server.xml b/kubernetes/portal/charts/portal-sdk/resources/server/server.xml
index 506a1ca4cd..dffcfbe419 100644
--- a/kubernetes/portal/charts/portal-sdk/resources/server/server.xml
+++ b/kubernetes/portal/charts/portal-sdk/resources/server/server.xml
@@ -94,7 +94,7 @@
     {{ if .Values.global.aafEnabled }}
     <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
                maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
-               keystoreFile="{{.Values.persistence.aafCredsPath}}/{{.Values.aafConfig.keystoreFile}}"
+               keystoreFile="{{.Values.aafConfig.credsPath}}/{{.Values.aafConfig.keystoreFile}}"
                keystorePass="${javax.net.ssl.keyStorePassword}"
                clientAuth="false" sslProtocol="TLS" />
     {{ end }}
diff --git a/kubernetes/portal/charts/portal-sdk/templates/configmap.yaml b/kubernetes/portal/charts/portal-sdk/templates/configmap.yaml
index 154276ea26..1dbdeedd5a 100644
--- a/kubernetes/portal/charts/portal-sdk/templates/configmap.yaml
+++ b/kubernetes/portal/charts/portal-sdk/templates/configmap.yaml
@@ -1,5 +1,5 @@
 # Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018, 2020 AT&T
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -25,4 +25,18 @@ metadata:
     heritage: {{ .Release.Service }}
 data:
 {{ tpl (.Files.Glob "resources/config/deliveries/properties/ONAPPORTALSDK/*").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/server/*").AsConfig . | indent 2 }}
\ No newline at end of file
+{{ tpl (.Files.Glob "resources/server/*").AsConfig . | indent 2 }}
+
+{{ if .Values.global.aafEnabled }}
+{{- if .Values.aafConfig.addconfig -}}
+---
+apiVersion: v1
+kind: ConfigMap
+{{- $suffix := "aaf-add-config" }}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
+data:
+  aaf-add-config.sh: |-
+    /opt/app/aaf_config/bin/agent.sh;/opt/app/aaf_config/bin/agent.sh local showpass \
+    {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} > {{ .Values.aafConfig.credsPath }}/mycreds.prop
+{{- end -}}
+{{- end -}}
\ No newline at end of file
diff --git a/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml b/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml
index 8465d06ad8..2de9a1bd24 100644
--- a/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml
+++ b/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml
@@ -47,71 +47,23 @@ spec:
               apiVersion: v1
               fieldPath: metadata.namespace
       {{- if .Values.global.aafEnabled }}
-      - name: {{ include "common.name" . }}-aaf-readiness
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        command:
-          - /root/ready.py
-        args:
-          - --container-name
-          - aaf-locate
-          - --container-name
-          - aaf-cm
-        env:
-          - name: NAMESPACE
-            valueFrom:
-              fieldRef:
-                apiVersion: v1
-                fieldPath: metadata.namespace
-      - name: {{ include "common.name" . }}-aaf-config
-        image: "{{ include "common.repository" . }}/{{ .Values.global.aafAgentImage }}"
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        command: ["bash","-c"]
-        args: ["/opt/app/aaf_config/bin/agent.sh;/opt/app/aaf_config/bin/agent.sh local showpass \
-        {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} > {{ .Values.persistence.aafCredsPath }}/mycreds.prop"]
-        volumeMounts:
-          - mountPath: {{ .Values.persistence.aafCredsPath }}
-            name: {{ include "common.fullname" . }}-aaf-config-vol
-        env:
-          - name: APP_FQI
-            value: "{{ .Values.aafConfig.fqi }}"
-          - name: aaf_locate_url
-            value: "https://aaf-locate.{{ .Release.Namespace }}:8095"
-          - name: aaf_locator_container
-            value: "{{ .Values.global.aafLocatorContainer }}"
-          - name: aaf_locator_container_ns
-            value: "{{ .Release.Namespace }}"
-          - name: aaf_locator_fqdn
-            value: "{{ .Values.aafConfig.fqdn }}"
-          - name: aaf_locator_public_fqdn
-            value: "{{.Values.aafConfig.publicFqdn}}"
-          - name: aaf_locator_app_ns
-            value: "{{ .Values.global.aafAppNs }}"
-          - name: DEPLOY_FQI
-            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-deploy-creds" "key" "login") | indent 12 }}
-          - name: DEPLOY_PASSWORD
-            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-deploy-creds" "key" "password") | indent 12 }}
-          - name: cadi_longitude
-            value: "{{ .Values.aafConfig.cadiLongitude }}"
-          - name: cadi_latitude
-            value: "{{ .Values.aafConfig.cadiLatitude }}"
-      {{ end }}
+{{ include "common.aaf-config" . | indent 6 }}
+      {{- end }}
       containers:
       - name: {{ include "common.name" . }}
         image: "{{ include "common.repository" . }}/{{ .Values.image }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command: ["bash","-c"]
         {{- if .Values.global.aafEnabled }}
-        args: ["export $(grep '^c' {{ .Values.persistence.aafCredsPath }}/mycreds.prop | xargs -0);\
+        args: ["export $(grep '^c' {{ .Values.aafConfig.credsPath }}/mycreds.prop | xargs -0);\
         export _JAVA_OPTIONS=\"-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \
         -Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\
-        cat /dev/null > {{ .Values.persistence.aafCredsPath }}/mycreds.prop;\
         /start-apache-tomcat.sh -b {{ .Values.global.env.tomcatDir }}"]
         env:
           - name: _CATALINA_OPTS
             value: >
-              -Djavax.net.ssl.keyStore="{{ .Values.persistence.aafCredsPath }}/{{ .Values.aafConfig.keystoreFile }}"
-              -Djavax.net.ssl.trustStore="{{ .Values.persistence.aafCredsPath }}/{{ .Values.aafConfig.truststoreFile }}"
+              -Djavax.net.ssl.keyStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.keystoreFile }}"
+              -Djavax.net.ssl.trustStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.truststoreFile }}"
         {{- else }}
         args: ["/start-apache-tomcat.sh -b {{ .Values.global.env.tomcatDir }}"]
         {{- end }}
@@ -131,8 +83,7 @@ spec:
           periodSeconds: {{ .Values.readiness.periodSeconds }}
         volumeMounts:
         {{- if .Values.global.aafEnabled }}
-        - mountPath: {{ .Values.persistence.aafCredsPath }}
-          name: {{ include "common.fullname" . }}-aaf-config-vol
+{{ include "common.aaf-config-volume-mountpath" . | indent 8 }}
         {{- end }}
         - name: properties-onapportalsdk
           mountPath: "{{ .Values.global.env.tomcatDir }}/conf/server.xml"
@@ -160,7 +111,7 @@ spec:
         - name: var-log-onap
           mountPath: /var/log/onap
         resources:
-{{ include "common.resources" . | indent 12 }}
+{{ include "common.resources" . }}
       {{- if .Values.nodeSelector }}
       nodeSelector:
 {{ toYaml .Values.nodeSelector | indent 10 }}
@@ -198,9 +149,7 @@ spec:
         - name: portal-tomcat-logs
           emptyDir: {}
         {{- if .Values.global.aafEnabled }}
-        - name: {{ include "common.fullname" . }}-aaf-config-vol
-          emptyDir:
-            medium: Memory
+{{ include "common.aaf-config-volumes" . | indent 8 }}
         {{- end }}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/portal/charts/portal-sdk/values.yaml b/kubernetes/portal/charts/portal-sdk/values.yaml
index 34c29b5be1..77ceb274d2 100644
--- a/kubernetes/portal/charts/portal-sdk/values.yaml
+++ b/kubernetes/portal/charts/portal-sdk/values.yaml
@@ -23,47 +23,45 @@ global:
   loggingRepository: docker.elastic.co
   loggingImage: beats/filebeat:5.5.0
   persistence: {}
-  #AAF global config overrides
+  #AAF service
   aafEnabled: true
-  aafAgentImage: onap/aaf/aaf_agent:2.1.15
-  aafAppNs: org.osaaf.aaf
-  aafLocatorContainer: oom
+
 #################################################################
 # Application configuration defaults.
 #################################################################
-secrets:
-  - uid: aaf-deploy-creds
-    type: basicAuth
-    externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}'
-    login: '{{ .Values.aafConfig.aafDeployFqi }}'
-    password: '{{ .Values.aafConfig.aafDeployPass }}'
-    passwordPolicy: required
-
-## Persist cert data to a memory volume
-persistence:
-  aafCredsPath: /opt/app/osaaf/local
 
 # application image
 repository: nexus3.onap.org:10001
 image: onap/portal-sdk:2.6.0
 pullPolicy: Always
 
-#AAF service
-aafURL: https://aaf-service:8100/
-aafLocateUrl: https://aaf-locate:8095
-
 #AAF local config
+aafURL: https://aaf-service:8100/
 aafConfig:
   aafDeployFqi: deployer@people.osaaf.org
   aafDeployPass: demo123456!
   fqdn: portal
   fqi: portal@portal.onap.org
   publicFqdn: portal.onap.org
-  cadiLatitude: 0.0
-  cadiLongitude: 0.0
+  cadi_latitude: "38.0"
+  cadi_longitude: "-72.0"
+  credsPath: /opt/app/osaaf/local
+  app_ns: org.osaaf.aaf
+  permission_user: 1000
+  permission_group: 999
+  addconfig:  true
+  secret_uid: &aaf_secret_uid portal-sdk-aaf-deploy-creds
   keystoreFile: "org.onap.portal.p12"
   truststoreFile: "org.onap.portal.trust.jks"
 
+secrets:
+  - uid: *aaf_secret_uid
+    type: basicAuth
+    externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}'
+    login: '{{ .Values.aafConfig.aafDeployFqi }}'
+    password: '{{ .Values.aafConfig.aafDeployPass }}'
+    passwordPolicy: required
+
 # flag to enable debugging - application support required
 debugEnabled: false
 
-- 
cgit 1.2.3-korg