From 0df1f8ec5332651b5ce2731dd25ee2319f393b4f Mon Sep 17 00:00:00 2001 From: seshukm Date: Mon, 17 Aug 2020 21:45:49 +0530 Subject: [SO] move subcharts to components folder Move subcharts to components folder in order to be able to enable/disable them one by one. Also use certInitializer to retrieve truststore in order to be able to discuss with other ONAP components. Issue-ID: SO-2046 Change-Id: Ia5c2a590a2ad75e4b69be0748e9d79fda996af37 Signed-off-by: seshukm Signed-off-by: Sylvain Desbureaux --- kubernetes/so/templates/_cadiValues.tpl | 19 ------------- kubernetes/so/templates/_certificates.tpl | 32 ---------------------- kubernetes/so/templates/_livenessProbe.tpl | 17 ------------ kubernetes/so/templates/_profileProperty.tpl | 3 -- kubernetes/so/templates/configmap.yaml | 2 +- kubernetes/so/templates/deployment.yaml | 41 +++++++++++++--------------- 6 files changed, 20 insertions(+), 94 deletions(-) delete mode 100644 kubernetes/so/templates/_cadiValues.tpl delete mode 100644 kubernetes/so/templates/_certificates.tpl delete mode 100644 kubernetes/so/templates/_livenessProbe.tpl delete mode 100644 kubernetes/so/templates/_profileProperty.tpl (limited to 'kubernetes/so/templates') diff --git a/kubernetes/so/templates/_cadiValues.tpl b/kubernetes/so/templates/_cadiValues.tpl deleted file mode 100644 index 426facc4b1..0000000000 --- a/kubernetes/so/templates/_cadiValues.tpl +++ /dev/null @@ -1,19 +0,0 @@ -{{- define "cadi.keys" -}} -cadiLoglevel: DEBUG -cadiKeyFile: /org.onap.so.keyfile -cadiTrustStore: /app/org.onap.so.trust.jks -cadiTruststorePassword: {{ .Values.global.app.cadi.cadiTruststorePassword }} -cadiLatitude: {{ .Values.global.app.cadi.cadiLatitude }} -cadiLongitude: {{ .Values.global.app.cadi.cadiLongitude }} -aafEnv: {{ .Values.global.app.cadi.aafEnv }} -aafApiVersion: 2.0 -aafRootNs: {{ .Values.global.app.cadi.aafRootNs }} -aafId: {{ .Values.mso.config.cadi.aafId }} -aafPassword: {{ .Values.mso.config.cadi.aafPassword }} -aafLocateUrl: {{ .Values.global.app.cadi.aafLocateUrl }} -aafUrl: {{ .Values.global.app.cadi.aafUrl }} -apiEnforcement: {{ .Values.mso.config.cadi.apiEnforcement }} -{{- if (.Values.global.app.cadi.noAuthn) }} -noAuthn: {{ .Values.mso.config.cadi.noAuthn }} -{{- end }} -{{- end }} diff --git a/kubernetes/so/templates/_certificates.tpl b/kubernetes/so/templates/_certificates.tpl deleted file mode 100644 index 8bd25d27a1..0000000000 --- a/kubernetes/so/templates/_certificates.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{- define "so.certificate.container_importer" -}} -- name: {{ include "common.name" . }}-certs-importer - image: "{{ include "common.repository" . }}/{{ .Values.global.soBaseImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - "/bin/sh" - args: - - "-c" - - "update-ca-certificates --fresh && \ - cp -r {{ .Values.global.certificates.path }}/* /certificates" - volumeMounts: - - name: {{ include "common.name" . }}-certificates - mountPath: /certificates - - name: {{ include "common.name" . }}-onap-certificates - mountPath: {{ .Values.global.certificates.share_path }} -{{- end -}} - -{{- define "so.certificate.volume-mounts" -}} -- name: {{ include "common.name" . }}-certificates - mountPath: {{ .Values.global.certificates.path }} -- name: {{ include "common.name" . }}-onap-certificates - mountPath: {{ .Values.global.certificates.share_path }} -{{- end -}} - -{{- define "so.certificate.volumes" -}} -- name: {{ include "common.name" . }}-certificates - emptyDir: - medium: Memory -- name: {{ include "common.name" . }}-onap-certificates - secret: - secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "so-onap-certs") }} -{{- end -}} diff --git a/kubernetes/so/templates/_livenessProbe.tpl b/kubernetes/so/templates/_livenessProbe.tpl deleted file mode 100644 index 4181beb1f8..0000000000 --- a/kubernetes/so/templates/_livenessProbe.tpl +++ /dev/null @@ -1,17 +0,0 @@ -{{- define "helpers.livenessProbe" -}} -livenessProbe: - httpGet: - path: {{- index .Values.livenessProbe.path|indent 2}} - port: {{ index .Values.containerPort }} - scheme: {{- index .Values.livenessProbe.scheme| indent 2}} - {{- if eq .Values.global.security.aaf.enabled true }} - httpHeaders: - - name: Authorization - value: {{ index .Values.global.aaf.auth.header }} - {{- end }} - initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} - periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} - timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}} - successThreshold: {{ index .Values.livenessProbe.successThreshold}} - failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} -{{- end -}} diff --git a/kubernetes/so/templates/_profileProperty.tpl b/kubernetes/so/templates/_profileProperty.tpl deleted file mode 100644 index 113bc343d0..0000000000 --- a/kubernetes/so/templates/_profileProperty.tpl +++ /dev/null @@ -1,3 +0,0 @@ -{{- define "helpers.profileProperty" -}} - {{ if eq .condition true }}{{.value1}}{{else}}{{.value2}} {{ end }} -{{- end -}} diff --git a/kubernetes/so/templates/configmap.yaml b/kubernetes/so/templates/configmap.yaml index 6aa4b5f4f0..ab7b5f3624 100755 --- a/kubernetes/so/templates/configmap.yaml +++ b/kubernetes/so/templates/configmap.yaml @@ -15,7 +15,7 @@ apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} + ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/templates/deployment.yaml b/kubernetes/so/templates/deployment.yaml index 83452ccba8..d378cae606 100755 --- a/kubernetes/so/templates/deployment.yaml +++ b/kubernetes/so/templates/deployment.yaml @@ -37,7 +37,8 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} + initContainers: + {{ include "so.certificate.container_importer" . | indent 6 | trim }} - name: {{ include "common.name" . }}-readiness command: - /app/ready.py @@ -52,12 +53,23 @@ spec: fieldPath: metadata.namespace image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness containers: - name: {{ include "common.name" . }} image: {{ include "common.repository" . }}/{{ .Values.image }} - resources: -{{ include "common.resources" . | indent 12 }} + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - -c + - | + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + {{- if .Values.global.security.aaf.enabled }} + export KEYSTORE_PASSWORD="${cadi_keystore_password}" + {{- end }} + /app/start-app.sh + {{- end }} env: - name: DB_HOST valueFrom: @@ -77,27 +89,12 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} - name: DB_ADMIN_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} - {{- if eq .Values.global.security.aaf.enabled true }} - - name: TRUSTSTORE - value: /app/org.onap.so.trust.jks - - name: TRUSTSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: trustStorePassword - - name: KEYSTORE - value: /app/org.onap.so.jks - - name: KEYSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: keyStorePassword - {{- end }} + {{ include "so.certificates.env" . | indent 8 | trim }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} - name: logs mountPath: /app/logs - name: config @@ -105,7 +102,7 @@ spec: readOnly: true - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap -{{ include "helpers.livenessProbe" .| indent 8 }} +{{ include "so.helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} -- cgit 1.2.3-korg