From 95dc1c9693b60b828fe5d6884933c2054d815e6a Mon Sep 17 00:00:00 2001 From: Ramesh Parthasarathy Date: Wed, 5 Feb 2020 17:02:28 +0000 Subject: These OOM changes are related AAF Integration Here we have the ability to optionally disable AAF integration. A global variable global.security.aaf.enabled=true will turn on AAF security. with global.security.aaf.enabled=false it will use spring.security to ensure backward compatibilty. updated based on review comments Issue-ID: SO-2452 Signed-off-by: Ramesh Parthasarathy(rp6768) Change-Id: Ia83622ad681cfd122ee906ccd1654b10b5e31fe4 --- .../resources/config/overrides/override.yaml | 14 ++++++----- .../so-sdc-controller/templates/configmap.yaml | 1 + .../so-sdc-controller/templates/deployment.yaml | 27 ++++++++++++++-------- 3 files changed, 26 insertions(+), 16 deletions(-) (limited to 'kubernetes/so/charts/so-sdc-controller') diff --git a/kubernetes/so/charts/so-sdc-controller/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-sdc-controller/resources/config/overrides/override.yaml index 44544f49e7..8d02cc1f5c 100755 --- a/kubernetes/so/charts/so-sdc-controller/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-sdc-controller/resources/config/overrides/override.yaml @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. aai: - auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 + auth: {{.Values.aai.auth}} server: port: {{ index .Values.containerPort }} spring: @@ -44,20 +44,22 @@ request: pool-name: reqdb-pool registerMbeans: false mso: - msoKey: 07a7159d3bf51a0e53be7a8f89699be7 + msoKey: {{ index .Values.mso.msoKey }} logPath: ./logs/sdc + config: + cadi: {{ include "cadi.keys" . | nindent 8}} catalog: db: spring: endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082 db: - auth: Basic YnBlbDpwYXNzd29yZDEk + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}} site-name: onapheat camundaURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/ adapters: requestDb: endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083 - auth: Basic YnBlbDpwYXNzd29yZDEk + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}} aai: endpoint: https://aai.{{ include "common.namespace" . }}:8443 asdc-connections: @@ -67,7 +69,7 @@ mso: consumerId: SO-COpenSource-Env11 environmentName: AUTO asdcAddress: sdc-be.{{ include "common.namespace" . }}:8443 - password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F + password: {{ index .Values "mso" "asdc-connections" "asdc-controller1" "password" }} pollingInterval: 60 pollingTimeout: 60 relevantArtifactTypes: HEAT,HEAT_ENV,HEAT_VOL @@ -82,7 +84,7 @@ mso: config: activity: endpoint: http://sdc-wfd-be:8080 - key: 566B754875657232314F5548556D3665 + key: {{ .Values.mso.asdc.config.key }} components: count: 3, componentNames: SO,AAI,SDNC diff --git a/kubernetes/so/charts/so-sdc-controller/templates/configmap.yaml b/kubernetes/so/charts/so-sdc-controller/templates/configmap.yaml index d873beb62c..b57205223e 100755 --- a/kubernetes/so/charts/so-sdc-controller/templates/configmap.yaml +++ b/kubernetes/so/charts/so-sdc-controller/templates/configmap.yaml @@ -15,6 +15,7 @@ apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} + ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml b/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml index 931a89516b..91e9be6376 100755 --- a/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml +++ b/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml @@ -85,6 +85,22 @@ spec: secretKeyRef: name: {{ include "common.release" . }}-so-db-secrets key: mariadb.admin.password + {{- if eq .Values.global.security.aaf.enabled true }} + - name: TRUSTSTORE + value: /app/org.onap.so.trust.jks + - name: TRUSTSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name}}-so-client-certs-secret + key: trustStorePassword + - name: KEYSTORE + value: /app/org.onap.so.jks + - name: KEYSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name}}-so-client-certs-secret + key: keyStorePassword + {{- end }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap @@ -95,16 +111,7 @@ spec: - name: config mountPath: /app/config readOnly: true - livenessProbe: - httpGet: - path: {{- index .Values.livenessProbe.path|indent 2}} - port: {{ index .Values.containerPort }} - scheme: {{- index .Values.livenessProbe.scheme| indent 2}} - initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} - periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} - timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}} - successThreshold: {{ index .Values.livenessProbe.successThreshold}} - failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} +{{ include "helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} -- cgit 1.2.3-korg