From 59ffd500ea34c201fbb3edc39e64655fa8381be0 Mon Sep 17 00:00:00 2001 From: Keren Joseph Date: Tue, 12 Sep 2017 10:13:15 +0300 Subject: moving certs and keys to k8s secrets changed location of used certs and keys files, updated deploy yamls and create/delete all Issue-ID: OOM-293 Change-Id: I53766b7028d6b725bf381875105b196246ff2ee1 Signed-off-by: Keren Joseph --- .../aai/templates/data-router-deployment.yaml | 10 ++++++++ .../aai/templates/modelloader-deployment.yaml | 5 ++++ .../templates/search-data-service-deployment.yaml | 5 ++++ kubernetes/aai/templates/sparky-be-deployment.yaml | 15 ++++++++++++ kubernetes/config/.helmignore | 3 ++- kubernetes/config/certs/aai/aai-os-cert.p12 | Bin 0 -> 4357 bytes kubernetes/config/certs/aai/client-cert-onap.p12 | Bin 0 -> 2556 bytes kubernetes/config/certs/aai/inventory-ui-keystore | Bin 0 -> 7201 bytes kubernetes/config/certs/aai/tomcat_keystore | Bin 0 -> 2214 bytes kubernetes/config/certs/message-router/mykey | 27 +++++++++++++++++++++ kubernetes/config/certs/mso/aai.crt | 27 +++++++++++++++++++++ kubernetes/config/certs/mso/encryption.key | 1 + kubernetes/config/certs/policy/policy-keystore | Bin 0 -> 5640 bytes .../appconfig/auth/client-cert-onap.p12 | Bin 2556 -> 0 bytes .../aai/data-router/appconfig/auth/tomcat_keystore | Bin 2214 -> 0 bytes .../model-loader/appconfig/auth/aai-os-cert.p12 | Bin 4357 -> 0 bytes .../sparky-be/appconfig/auth/inventory-ui-keystore | Bin 7201 -> 0 bytes .../init/src/config/message-router/dmaap/mykey | 27 --------------------- .../config/docker/init/src/config/mso/mso/aai.crt | 27 --------------------- .../docker/init/src/config/mso/mso/encryption.key | 1 - .../opt/policy/config/drools/policy-keystore | Bin 5640 -> 0 bytes .../templates/message-router-dmaap.yaml | 4 +-- kubernetes/mso/templates/mso-deployment.yaml | 10 ++++++++ kubernetes/oneclick/createAll.bash | 10 ++++++++ kubernetes/oneclick/deleteAll.bash | 14 ++++++++++- kubernetes/policy/templates/dep-drools.yaml | 5 ++++ 26 files changed, 132 insertions(+), 59 deletions(-) create mode 100644 kubernetes/config/certs/aai/aai-os-cert.p12 create mode 100644 kubernetes/config/certs/aai/client-cert-onap.p12 create mode 100644 kubernetes/config/certs/aai/inventory-ui-keystore create mode 100644 kubernetes/config/certs/aai/tomcat_keystore create mode 100755 kubernetes/config/certs/message-router/mykey create mode 100755 kubernetes/config/certs/mso/aai.crt create mode 100644 kubernetes/config/certs/mso/encryption.key create mode 100755 kubernetes/config/certs/policy/policy-keystore delete mode 100644 kubernetes/config/docker/init/src/config/aai/data-router/appconfig/auth/client-cert-onap.p12 delete mode 100644 kubernetes/config/docker/init/src/config/aai/data-router/appconfig/auth/tomcat_keystore delete mode 100644 kubernetes/config/docker/init/src/config/aai/model-loader/appconfig/auth/aai-os-cert.p12 delete mode 100644 kubernetes/config/docker/init/src/config/aai/sparky-be/appconfig/auth/inventory-ui-keystore delete mode 100755 kubernetes/config/docker/init/src/config/message-router/dmaap/mykey delete mode 100755 kubernetes/config/docker/init/src/config/mso/mso/aai.crt delete mode 100644 kubernetes/config/docker/init/src/config/mso/mso/encryption.key delete mode 100755 kubernetes/config/docker/init/src/config/policy/opt/policy/config/drools/policy-keystore (limited to 'kubernetes') diff --git a/kubernetes/aai/templates/data-router-deployment.yaml b/kubernetes/aai/templates/data-router-deployment.yaml index f823061c33..0033208642 100644 --- a/kubernetes/aai/templates/data-router-deployment.yaml +++ b/kubernetes/aai/templates/data-router-deployment.yaml @@ -35,6 +35,10 @@ spec: volumeMounts: - mountPath: /opt/app/data-router/config/ name: data-router-config + - mountPath: /opt/app/data-router/config/auth/tomcat_keystore + name: data-router-tomcat-key + - mountPath: /opt/app/data-router/config/auth/client-cert-onap.p12 + name: data-router-client-cert - mountPath: /opt/app/data-router/dynamic/ name: data-router-dynamic - mountPath: /logs/ @@ -56,6 +60,12 @@ spec: - name: data-router-logs hostPath: path: "/dockerdata-nfs/{{ .Values.nsPrefix }}/aai/data-router/logs/" + - name: data-router-tomcat-key + secret: + secretName: secret-{{ .Values.nsPrefix }}-aai + - name: data-router-client-cert + secret: + secretName: secret-{{ .Values.nsPrefix }}-aai restartPolicy: Always imagePullSecrets: - name: "{{ .Values.nsPrefix }}-docker-registry-key" diff --git a/kubernetes/aai/templates/modelloader-deployment.yaml b/kubernetes/aai/templates/modelloader-deployment.yaml index 5391273d9d..ec6a9178a7 100644 --- a/kubernetes/aai/templates/modelloader-deployment.yaml +++ b/kubernetes/aai/templates/modelloader-deployment.yaml @@ -20,6 +20,8 @@ spec: volumeMounts: - mountPath: /opt/app/model-loader/config/ name: aai-model-loader-config + - mountPath: /opt/app/model-loader/config/auth/aai-os-cert.p12 + name: aai-os-cert - mountPath: /logs/ name: aai-model-loader-logs image: "{{ .Values.image.modelLoaderImage }}:{{ .Values.image.modelLoaderVersion }}" @@ -35,6 +37,9 @@ spec: - name: aai-model-loader-logs hostPath: path: "/dockerdata-nfs/{{ .Values.nsPrefix }}/aai/model-loader/logs/" + - name: aai-os-cert + secret: + secretName: secret-{{ .Values.nsPrefix }}-aai restartPolicy: Always imagePullSecrets: - name: "{{ .Values.nsPrefix }}-docker-registry-key" diff --git a/kubernetes/aai/templates/search-data-service-deployment.yaml b/kubernetes/aai/templates/search-data-service-deployment.yaml index f2db9370fd..8f4acef7cb 100644 --- a/kubernetes/aai/templates/search-data-service-deployment.yaml +++ b/kubernetes/aai/templates/search-data-service-deployment.yaml @@ -27,6 +27,8 @@ spec: volumeMounts: - mountPath: /opt/app/search-data-service/config/ name: aai-search-data-service-config + - mountPath: /opt/app/search-data-service/config/auth/tomcat_keystore + name: aai-tomcat-key - mountPath: /logs/ name: aai-search-data-service-logs ports: @@ -40,6 +42,9 @@ spec: - name: aai-search-data-service-config hostPath: path: "/dockerdata-nfs/{{ .Values.nsPrefix }}/aai/search-data-service/appconfig/" + - name: aai-tomcat-key + secret: + secretName: secret-{{ .Values.nsPrefix }}-aai - name: aai-search-data-service-logs hostPath: path: "/dockerdata-nfs/{{ .Values.nsPrefix }}/aai/search-data-service/logs/" diff --git a/kubernetes/aai/templates/sparky-be-deployment.yaml b/kubernetes/aai/templates/sparky-be-deployment.yaml index 6a8ff9308d..f4c44e28ed 100644 --- a/kubernetes/aai/templates/sparky-be-deployment.yaml +++ b/kubernetes/aai/templates/sparky-be-deployment.yaml @@ -27,6 +27,12 @@ spec: volumeMounts: - mountPath: /opt/app/sparky/config/ name: aai-sparky-be-config + - mountPath: /opt/app/sparky/config/auth/client-cert-onap.p12 + name: aai-sparky-be-client-cert + - mountPath: /opt/app/sparky/config/auth/aai-os-cert.p12 + name: aai-sparky-be-aai-os-cert + - mountPath: /opt/app/sparky/config/auth/inventory-ui-keystore + name: aai-sparky-be-inventory-key - mountPath: /logs/ name: aai-sparky-be-logs ports: @@ -43,6 +49,15 @@ spec: - name: aai-sparky-be-logs hostPath: path: "/dockerdata-nfs/{{ .Values.nsPrefix }}/aai/sparky-be/logs/" + - name: aai-sparky-be-client-cert + secret: + secretName: secret-{{ .Values.nsPrefix }}-aai + - name: aai-sparky-be-aai-os-cert + secret: + secretName: secret-{{ .Values.nsPrefix }}-aai + - name: aai-sparky-be-inventory-key + secret: + secretName: secret-{{ .Values.nsPrefix }}-aai restartPolicy: Always imagePullSecrets: - name: "{{ .Values.nsPrefix }}-docker-registry-key" diff --git a/kubernetes/config/.helmignore b/kubernetes/config/.helmignore index 4c38baed31..bc7bb96055 100644 --- a/kubernetes/config/.helmignore +++ b/kubernetes/config/.helmignore @@ -22,4 +22,5 @@ #ignore config docker image files docker -createConfig.sh \ No newline at end of file +createConfig.sh +certs diff --git a/kubernetes/config/certs/aai/aai-os-cert.p12 b/kubernetes/config/certs/aai/aai-os-cert.p12 new file mode 100644 index 0000000000..ee57120fa0 Binary files /dev/null and b/kubernetes/config/certs/aai/aai-os-cert.p12 differ diff --git a/kubernetes/config/certs/aai/client-cert-onap.p12 b/kubernetes/config/certs/aai/client-cert-onap.p12 new file mode 100644 index 0000000000..dbf4fcacec Binary files /dev/null and b/kubernetes/config/certs/aai/client-cert-onap.p12 differ diff --git a/kubernetes/config/certs/aai/inventory-ui-keystore b/kubernetes/config/certs/aai/inventory-ui-keystore new file mode 100644 index 0000000000..efa01f8d79 Binary files /dev/null and b/kubernetes/config/certs/aai/inventory-ui-keystore differ diff --git a/kubernetes/config/certs/aai/tomcat_keystore b/kubernetes/config/certs/aai/tomcat_keystore new file mode 100644 index 0000000000..9eec841aa2 Binary files /dev/null and b/kubernetes/config/certs/aai/tomcat_keystore differ diff --git a/kubernetes/config/certs/message-router/mykey b/kubernetes/config/certs/message-router/mykey new file mode 100755 index 0000000000..c2b8b8779b --- /dev/null +++ b/kubernetes/config/certs/message-router/mykey @@ -0,0 +1,27 @@ +_sNOLphPzrU7L0L3oWv0pYwgV_ddGF1XoBsQEIAp34jfP-fGJFPfFYaMpDEZ3gwH59rNw6qyMZHk +k-4irklvVcWk36lC3twNvc0DueRCVrws1bkuhOLCXdxHJx-YG-1xM8EJfRmzh79WPlPkbAdyPmFF +Ah44V0GjAnInPOFZA6MHP9rNx9B9qECHRfmvzU13vJCcgTsrmOr-CEiWfRsnzPjsICxpq9OaVT_D +zn6rNaroGm1OiZNCrCgvRkCUHPOOCw3j9G1GeaImoZNYtozbz9u4sj13PU-MxIIAa64b1bMMMjpz +Upc8lVPI4FnJKg6axMmEGn5zJ6JUq9mtOVyPj__2GEuDgpx5H4AwodXXVjFsVgR8UJwI_BvS2JVp +JoQk0J1RqXmAXVamlsMAfzmmbARXgmrBfnuhveZnh9ymFVU-YZeujdANniXAwBGI7c6hG_BXkH7i +Eyf4Fn41_SV78PskP6qgqJahr9r3bqdjNbKBztIKCOEVrE_w3IM5r02l-iStk_NBRkj6cq_7VCpG +afxZ2CtZMwuZMiypO_wOgbdpCSKNzsL-NH2b4b08OlKiWb263gz634KJmV5WEfCl-6eH-JUFbWOS +JwQfActLNT2ZQPl2MyZQNBzJEWoJRgS6k7tPRO-zqeUtYYHGHVMCxMuMHGQcoilNNHEFeBCG_fBh +yAKb9g9F86Cbx9voMLiyTX2T3rwVHiSJFOzfNxGmfN5JWOthIun_c5hEY1tLQ15BomzkDwk7BAj7 +VbRCrVD45B6xrmSTMBSWYmLyr6mnQxQqeh9cMbD-0ZAncE3roxRnRvPKjFFa208ykYUp2V83r_PJ +fV5I9ZPKSjk9DwFyrjkcQQEYDhdK6IFqcd6nEthjYVkmunu2fsX0bIOm9GGdIbKGqBnpdgBO5hyT +rBr9HSlZrHcGdti1R823ckDF0Ekcl6kioDr5NLIpLtg9zUEDRm3QrbX2mv5Zs8W0pYnOqglxy3lz +bJZTN7oR7VasHUtjmp0RT9nLZkUs5TZ6MHhlIq3ZsQ6w_Q9Rv1-ofxfwfCC4EBrWKbWAGCf6By4K +Ew8321-2YnodhmsK5BrT4zQ1DZlmUvK8BmYjZe7wTljKjgYcsLTBfX4eMhJ7MIW1kpnl8AbiBfXh +QzN56Mki51Q8PSQWHm0W9tnQ0z6wKdck6zBJ8JyNzewZahFKueDTn-9DOqIDfr3YHvQLLzeXyJ8e +h4AgjW-hvlLzRGtkCknjLIgXVa3rMTycseAwbW-mgdCqqkw3SdEG8feAcyntmvE8j2jbtSDStQMB +9JdvyNLuQdNG4pxpusgvVso0-8NQF0YVa9VFwg9U6IPSx5p8FcW68OAHt_fEgT4ZtiH7o9aur4o9 +oYqUh2lALCY-__9QLq1KkNjMKs33Jz9E8LbRerG9PLclkTrxCjYAeUWBjCwSI7OB7xkuaYDSjkjj +a46NLpdBN1GNcsFFcZ79GFAK0_DsyxGLX8Tq6q0Bvhs8whD8wlSxpTGxYkyqNX-vcb7SDN_0WkCE +XSdZWkqTHXcYbOvoCOb_e6SFAztuMenuHWY0utX0gBfx_X5lPDFyoYXErxFQHiA7t27keshXNa6R +ukQRRS8kMjre1U74sc-fRNXkXpl57rG4rgxaEX0eBeowa53KAsVvUAoSac2aC_nfzXrDvoyf9Xi3 +JpEZNhUDLpFCEycV4I7jGQ9wo9qNaosvlsr6kbLDNdb_1xrGVgjT3xEvRNJNPqslSAu-yD-UFhC3 +AmCdYUnugw_eEFqXCHTARcRkdPPvl2XsmEKY2IqEeO5tz4DyXQFaL-5hEVh6lYEU1EOWHk3UGIXe +Vc5_Ttp82qNLmlJPbZvgmNTJzYTHDQ_27KBcp7IVVZgPDjVKdWqQvZ18KhxvfF3Idgy82LBZniFV +IbtxllXiPRxoPQriSXMnXjh3XkvSDI2pFxXfEvLRn1tvcFOwPNCz3QfPIzYg8uYXN5bRt3ZOrR_g +ZhIlrc7HO0VbNbeqEVPKMZ-cjkqGj4VAuDKoQc0eQ6X_wCoAGO78nPpLeIvZPx1X3z5YoqNA \ No newline at end of file diff --git a/kubernetes/config/certs/mso/aai.crt b/kubernetes/config/certs/mso/aai.crt new file mode 100755 index 0000000000..4ffa426c1e --- /dev/null +++ b/kubernetes/config/certs/mso/aai.crt @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEiTCCA3GgAwIBAgIJAIPKfDLcn3MpMA0GCSqGSIb3DQEBCwUAMIGtMQswCQYD +VQQGEwJVUzELMAkGA1UECAwCTkoxEzARBgNVBAcMCkJlZG1pbnN0ZXIxEjAQBgNV +BAoMCU9wZW5FQ09NUDETMBEGA1UECwwKc2ltcGxlZGVtbzEqMCgGA1UEAwwhT3Bl +bkVDT01QIHNpbXBsZWRlbW8gU2VydmVyIENBIFgxMScwJQYJKoZIhvcNAQkBFhhz +aW1wbGVkZW1vQG9wZW5lY29tcC5vcmcwHhcNMTYxMTMwMTUzODM5WhcNMTcxMTMw +MTUzODM5WjCBuTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5KMRMwEQYDVQQHDApC +ZWRtaW5zdGVyMRIwEAYDVQQKDAlPcGVuRUNPTVAxEzARBgNVBAsMClNpbXBsZURl +bW8xKTAnBgNVBAMMIGFhaS5hcGkuc2ltcGxlZGVtby5vcGVuZWNvbXAub3JnMTQw +MgYJKoZIhvcNAQkBFiVhYWktaG9zdEBhcGkuc2ltcGxlZGVtby5vcGVuZWNvbXAu +b3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQrQl8A0rT0Jjlos +Mr/7LEhT5UOif4GGPOk+3NCIxT3lOqAbUf+d9ZXyT2jWFRiKWua03vQ+Dxc8c2h2 +RRuH8LwEiOiWqPjWRxNqsARzZMI3ryHFCFBZh0FcpjH9kEeKVlLDYuV68k+ZucKd +NiqUNn61lD7kbmEGwvzKwf91FrJ09+CBMx1OnWKm3gCNKDqAEFMZCOdn2MgesJYB +/03lzPBS1jDfBXImXRcTBzpgA+wdCLn0cIQ1eLWUwS5tUqUJNh36nHdVyJ0P2Yjd +JLuxhFcmBKOz1ShyyO+BBtKBO8EGbU6qKflOiwOw0Fsn8LjKcrHQ58NPui5y04BU +Rypf3QIDAQABo4GdMIGaMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgO4MB0G +A1UdDgQWBBQyMUOsE2J+CKzK0qd8KFBD2gaWyjBbBgNVHSAEVDBSMFAGBFUdIAAw +SDBGBggrBgEFBQcCAjA6GjhLZWVwIGF3YXkgZnJvbSBjaGlsZHJlbi4gIFRoaXMg +Y2VydGlmaWNhdGUgaXMgbm90IGEgdG95LjANBgkqhkiG9w0BAQsFAAOCAQEAnkoy +2tWJOyyyIQwtVojUxv1GWQPnw3WCUcKpuX4CJhHXLxNErW1fBg7bmo08BNmBPPpq +WrJsy5lbBgUo9kgpViux5Stfy1rRIRsRLfl/icgCvJmUAxkmRCZL7yUvwG4K7s+8 +DwT+nW/XuWNP6Hd/qHccexB6COJ8KwvTdVoxAkCdX8qw4MCb/f7Kb1yle/vwBM5Q +UUONCJ4bEns1vnb9DGlNDUJNwCfwORAaVJpVS38Mv4UnSTmb2KMePtCWcx/dNsYR +2XrSGqLDnTvHwOpyhbfFTmackysGoSuDytORXy8YbwEiF13BwEK8i3rgNN0Z2ojf +cpmE2xxmaa+A2uuN6g== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/kubernetes/config/certs/mso/encryption.key b/kubernetes/config/certs/mso/encryption.key new file mode 100644 index 0000000000..eb52241e7f --- /dev/null +++ b/kubernetes/config/certs/mso/encryption.key @@ -0,0 +1 @@ +aa3871669d893c7fb8abbcda31b88b4f diff --git a/kubernetes/config/certs/policy/policy-keystore b/kubernetes/config/certs/policy/policy-keystore new file mode 100755 index 0000000000..ab25c3a341 Binary files /dev/null and b/kubernetes/config/certs/policy/policy-keystore differ diff --git a/kubernetes/config/docker/init/src/config/aai/data-router/appconfig/auth/client-cert-onap.p12 b/kubernetes/config/docker/init/src/config/aai/data-router/appconfig/auth/client-cert-onap.p12 deleted file mode 100644 index dbf4fcacec..0000000000 Binary files a/kubernetes/config/docker/init/src/config/aai/data-router/appconfig/auth/client-cert-onap.p12 and /dev/null differ diff --git a/kubernetes/config/docker/init/src/config/aai/data-router/appconfig/auth/tomcat_keystore b/kubernetes/config/docker/init/src/config/aai/data-router/appconfig/auth/tomcat_keystore deleted file mode 100644 index 9eec841aa2..0000000000 Binary files a/kubernetes/config/docker/init/src/config/aai/data-router/appconfig/auth/tomcat_keystore and /dev/null differ diff --git a/kubernetes/config/docker/init/src/config/aai/model-loader/appconfig/auth/aai-os-cert.p12 b/kubernetes/config/docker/init/src/config/aai/model-loader/appconfig/auth/aai-os-cert.p12 deleted file mode 100644 index ee57120fa0..0000000000 Binary files a/kubernetes/config/docker/init/src/config/aai/model-loader/appconfig/auth/aai-os-cert.p12 and /dev/null differ diff --git a/kubernetes/config/docker/init/src/config/aai/sparky-be/appconfig/auth/inventory-ui-keystore b/kubernetes/config/docker/init/src/config/aai/sparky-be/appconfig/auth/inventory-ui-keystore deleted file mode 100644 index efa01f8d79..0000000000 Binary files a/kubernetes/config/docker/init/src/config/aai/sparky-be/appconfig/auth/inventory-ui-keystore and /dev/null differ diff --git a/kubernetes/config/docker/init/src/config/message-router/dmaap/mykey b/kubernetes/config/docker/init/src/config/message-router/dmaap/mykey deleted file mode 100755 index c2b8b8779b..0000000000 --- a/kubernetes/config/docker/init/src/config/message-router/dmaap/mykey +++ /dev/null @@ -1,27 +0,0 @@ -_sNOLphPzrU7L0L3oWv0pYwgV_ddGF1XoBsQEIAp34jfP-fGJFPfFYaMpDEZ3gwH59rNw6qyMZHk -k-4irklvVcWk36lC3twNvc0DueRCVrws1bkuhOLCXdxHJx-YG-1xM8EJfRmzh79WPlPkbAdyPmFF -Ah44V0GjAnInPOFZA6MHP9rNx9B9qECHRfmvzU13vJCcgTsrmOr-CEiWfRsnzPjsICxpq9OaVT_D -zn6rNaroGm1OiZNCrCgvRkCUHPOOCw3j9G1GeaImoZNYtozbz9u4sj13PU-MxIIAa64b1bMMMjpz -Upc8lVPI4FnJKg6axMmEGn5zJ6JUq9mtOVyPj__2GEuDgpx5H4AwodXXVjFsVgR8UJwI_BvS2JVp -JoQk0J1RqXmAXVamlsMAfzmmbARXgmrBfnuhveZnh9ymFVU-YZeujdANniXAwBGI7c6hG_BXkH7i -Eyf4Fn41_SV78PskP6qgqJahr9r3bqdjNbKBztIKCOEVrE_w3IM5r02l-iStk_NBRkj6cq_7VCpG -afxZ2CtZMwuZMiypO_wOgbdpCSKNzsL-NH2b4b08OlKiWb263gz634KJmV5WEfCl-6eH-JUFbWOS -JwQfActLNT2ZQPl2MyZQNBzJEWoJRgS6k7tPRO-zqeUtYYHGHVMCxMuMHGQcoilNNHEFeBCG_fBh -yAKb9g9F86Cbx9voMLiyTX2T3rwVHiSJFOzfNxGmfN5JWOthIun_c5hEY1tLQ15BomzkDwk7BAj7 -VbRCrVD45B6xrmSTMBSWYmLyr6mnQxQqeh9cMbD-0ZAncE3roxRnRvPKjFFa208ykYUp2V83r_PJ -fV5I9ZPKSjk9DwFyrjkcQQEYDhdK6IFqcd6nEthjYVkmunu2fsX0bIOm9GGdIbKGqBnpdgBO5hyT -rBr9HSlZrHcGdti1R823ckDF0Ekcl6kioDr5NLIpLtg9zUEDRm3QrbX2mv5Zs8W0pYnOqglxy3lz -bJZTN7oR7VasHUtjmp0RT9nLZkUs5TZ6MHhlIq3ZsQ6w_Q9Rv1-ofxfwfCC4EBrWKbWAGCf6By4K -Ew8321-2YnodhmsK5BrT4zQ1DZlmUvK8BmYjZe7wTljKjgYcsLTBfX4eMhJ7MIW1kpnl8AbiBfXh -QzN56Mki51Q8PSQWHm0W9tnQ0z6wKdck6zBJ8JyNzewZahFKueDTn-9DOqIDfr3YHvQLLzeXyJ8e -h4AgjW-hvlLzRGtkCknjLIgXVa3rMTycseAwbW-mgdCqqkw3SdEG8feAcyntmvE8j2jbtSDStQMB -9JdvyNLuQdNG4pxpusgvVso0-8NQF0YVa9VFwg9U6IPSx5p8FcW68OAHt_fEgT4ZtiH7o9aur4o9 -oYqUh2lALCY-__9QLq1KkNjMKs33Jz9E8LbRerG9PLclkTrxCjYAeUWBjCwSI7OB7xkuaYDSjkjj -a46NLpdBN1GNcsFFcZ79GFAK0_DsyxGLX8Tq6q0Bvhs8whD8wlSxpTGxYkyqNX-vcb7SDN_0WkCE -XSdZWkqTHXcYbOvoCOb_e6SFAztuMenuHWY0utX0gBfx_X5lPDFyoYXErxFQHiA7t27keshXNa6R -ukQRRS8kMjre1U74sc-fRNXkXpl57rG4rgxaEX0eBeowa53KAsVvUAoSac2aC_nfzXrDvoyf9Xi3 -JpEZNhUDLpFCEycV4I7jGQ9wo9qNaosvlsr6kbLDNdb_1xrGVgjT3xEvRNJNPqslSAu-yD-UFhC3 -AmCdYUnugw_eEFqXCHTARcRkdPPvl2XsmEKY2IqEeO5tz4DyXQFaL-5hEVh6lYEU1EOWHk3UGIXe -Vc5_Ttp82qNLmlJPbZvgmNTJzYTHDQ_27KBcp7IVVZgPDjVKdWqQvZ18KhxvfF3Idgy82LBZniFV -IbtxllXiPRxoPQriSXMnXjh3XkvSDI2pFxXfEvLRn1tvcFOwPNCz3QfPIzYg8uYXN5bRt3ZOrR_g -ZhIlrc7HO0VbNbeqEVPKMZ-cjkqGj4VAuDKoQc0eQ6X_wCoAGO78nPpLeIvZPx1X3z5YoqNA \ No newline at end of file diff --git a/kubernetes/config/docker/init/src/config/mso/mso/aai.crt b/kubernetes/config/docker/init/src/config/mso/mso/aai.crt deleted file mode 100755 index 4ffa426c1e..0000000000 --- a/kubernetes/config/docker/init/src/config/mso/mso/aai.crt +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEiTCCA3GgAwIBAgIJAIPKfDLcn3MpMA0GCSqGSIb3DQEBCwUAMIGtMQswCQYD -VQQGEwJVUzELMAkGA1UECAwCTkoxEzARBgNVBAcMCkJlZG1pbnN0ZXIxEjAQBgNV -BAoMCU9wZW5FQ09NUDETMBEGA1UECwwKc2ltcGxlZGVtbzEqMCgGA1UEAwwhT3Bl -bkVDT01QIHNpbXBsZWRlbW8gU2VydmVyIENBIFgxMScwJQYJKoZIhvcNAQkBFhhz -aW1wbGVkZW1vQG9wZW5lY29tcC5vcmcwHhcNMTYxMTMwMTUzODM5WhcNMTcxMTMw -MTUzODM5WjCBuTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5KMRMwEQYDVQQHDApC -ZWRtaW5zdGVyMRIwEAYDVQQKDAlPcGVuRUNPTVAxEzARBgNVBAsMClNpbXBsZURl -bW8xKTAnBgNVBAMMIGFhaS5hcGkuc2ltcGxlZGVtby5vcGVuZWNvbXAub3JnMTQw -MgYJKoZIhvcNAQkBFiVhYWktaG9zdEBhcGkuc2ltcGxlZGVtby5vcGVuZWNvbXAu -b3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQrQl8A0rT0Jjlos -Mr/7LEhT5UOif4GGPOk+3NCIxT3lOqAbUf+d9ZXyT2jWFRiKWua03vQ+Dxc8c2h2 -RRuH8LwEiOiWqPjWRxNqsARzZMI3ryHFCFBZh0FcpjH9kEeKVlLDYuV68k+ZucKd -NiqUNn61lD7kbmEGwvzKwf91FrJ09+CBMx1OnWKm3gCNKDqAEFMZCOdn2MgesJYB -/03lzPBS1jDfBXImXRcTBzpgA+wdCLn0cIQ1eLWUwS5tUqUJNh36nHdVyJ0P2Yjd -JLuxhFcmBKOz1ShyyO+BBtKBO8EGbU6qKflOiwOw0Fsn8LjKcrHQ58NPui5y04BU -Rypf3QIDAQABo4GdMIGaMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgO4MB0G -A1UdDgQWBBQyMUOsE2J+CKzK0qd8KFBD2gaWyjBbBgNVHSAEVDBSMFAGBFUdIAAw -SDBGBggrBgEFBQcCAjA6GjhLZWVwIGF3YXkgZnJvbSBjaGlsZHJlbi4gIFRoaXMg -Y2VydGlmaWNhdGUgaXMgbm90IGEgdG95LjANBgkqhkiG9w0BAQsFAAOCAQEAnkoy -2tWJOyyyIQwtVojUxv1GWQPnw3WCUcKpuX4CJhHXLxNErW1fBg7bmo08BNmBPPpq -WrJsy5lbBgUo9kgpViux5Stfy1rRIRsRLfl/icgCvJmUAxkmRCZL7yUvwG4K7s+8 -DwT+nW/XuWNP6Hd/qHccexB6COJ8KwvTdVoxAkCdX8qw4MCb/f7Kb1yle/vwBM5Q -UUONCJ4bEns1vnb9DGlNDUJNwCfwORAaVJpVS38Mv4UnSTmb2KMePtCWcx/dNsYR -2XrSGqLDnTvHwOpyhbfFTmackysGoSuDytORXy8YbwEiF13BwEK8i3rgNN0Z2ojf -cpmE2xxmaa+A2uuN6g== ------END CERTIFICATE----- \ No newline at end of file diff --git a/kubernetes/config/docker/init/src/config/mso/mso/encryption.key b/kubernetes/config/docker/init/src/config/mso/mso/encryption.key deleted file mode 100644 index eb52241e7f..0000000000 --- a/kubernetes/config/docker/init/src/config/mso/mso/encryption.key +++ /dev/null @@ -1 +0,0 @@ -aa3871669d893c7fb8abbcda31b88b4f diff --git a/kubernetes/config/docker/init/src/config/policy/opt/policy/config/drools/policy-keystore b/kubernetes/config/docker/init/src/config/policy/opt/policy/config/drools/policy-keystore deleted file mode 100755 index ab25c3a341..0000000000 Binary files a/kubernetes/config/docker/init/src/config/policy/opt/policy/config/drools/policy-keystore and /dev/null differ diff --git a/kubernetes/message-router/templates/message-router-dmaap.yaml b/kubernetes/message-router/templates/message-router-dmaap.yaml index 59c57f85f6..0579541cb1 100644 --- a/kubernetes/message-router/templates/message-router-dmaap.yaml +++ b/kubernetes/message-router/templates/message-router-dmaap.yaml @@ -69,7 +69,7 @@ spec: hostPath: path: /dockerdata-nfs/{{ .Values.nsPrefix }}/message-router/dmaap/cadi.properties - name: mykey - hostPath: - path: /dockerdata-nfs/{{ .Values.nsPrefix }}/message-router/dmaap/mykey + secret: + secretName: secret-{{ .Values.nsPrefix }}-message-router imagePullSecrets: - name: "{{ .Values.nsPrefix }}-docker-registry-key" diff --git a/kubernetes/mso/templates/mso-deployment.yaml b/kubernetes/mso/templates/mso-deployment.yaml index 0f3034f4cc..9414990201 100644 --- a/kubernetes/mso/templates/mso-deployment.yaml +++ b/kubernetes/mso/templates/mso-deployment.yaml @@ -49,6 +49,10 @@ spec: volumeMounts: - mountPath: /shared name: mso + - mountPath: /shared/aai.crt + name: mso-aai-crt + - mountPath: /shared/encryption.key + name: mso-key - mountPath: /docker-files name: mso-docker-files env: @@ -72,5 +76,11 @@ spec: - name: mso-docker-files hostPath: path: /dockerdata-nfs/{{ .Values.nsPrefix }}/mso/docker-files + - name: mso-aai-crt + secret: + secretName: secret-{{ .Values.nsPrefix }}-mso + - name: mso-key + secret: + secretName: secret-{{ .Values.nsPrefix }}-mso imagePullSecrets: - name: "{{ .Values.nsPrefix }}-docker-registry-key" diff --git a/kubernetes/oneclick/createAll.bash b/kubernetes/oneclick/createAll.bash index 7b8e2f8886..0ecee0392a 100755 --- a/kubernetes/oneclick/createAll.bash +++ b/kubernetes/oneclick/createAll.bash @@ -26,6 +26,14 @@ create_registry_key() { kubectl --namespace $1-$2 create secret docker-registry $3 --docker-server=$4 --docker-username=$5 --docker-password=$6 --docker-email=$7 } +create_certs_secret() { + if [ -d $LOCATION/config/certs/$i/ ]; then + printf "\nCreating certs and keys secret **********\n" + _CERTS_FILES=$(find $LOCATION/config/certs/$2/ -type f | awk '$0="--from-file="$0' ORS=' ') + kubectl create secret generic secret-$1-$2 $_CERTS_FILES -n $1-$2 + fi +} + create_onap_helm() { HELM_VALUES_ADDITION="" if [[ ! -z $HELM_VALUES_FILEPATH ]]; then @@ -118,6 +126,8 @@ for i in ${HELM_APPS[@]}; do printf "\nCreating registry secret **********\n" create_registry_key $NS $i ${NS}-docker-registry-key $ONAP_DOCKER_REGISTRY $DU $DP $ONAP_DOCKER_MAIL + create_certs_secret $NS $i + printf "\nCreating deployments and services **********\n" create_onap_helm $NS $i $start diff --git a/kubernetes/oneclick/deleteAll.bash b/kubernetes/oneclick/deleteAll.bash index 40d070124a..f7c48fd18d 100755 --- a/kubernetes/oneclick/deleteAll.bash +++ b/kubernetes/oneclick/deleteAll.bash @@ -16,6 +16,13 @@ delete_registry_key() { kubectl --namespace $1-$2 delete secret ${1}-docker-registry-key } +delete_certs_secret() { + if [ -d $LOCATION/config/certs/$i/ ]; then + kubectl delete secret secret-$1-$2 -n $1-$2 + fi +} + + delete_app_helm() { helm delete $1-$2 --purge } @@ -36,8 +43,9 @@ EOF NS= INCL_SVC=false APP= +LOCATION="../" -while getopts ":n:u:s:a:" PARAM; do +while getopts ":n:u:s:a:l:" PARAM; do case $PARAM in u) usage @@ -53,6 +61,9 @@ while getopts ":n:u:s:a:" PARAM; do exit 1 fi ;; + l) + LOCATION=${OPTARG} + ;; ?) usage exit @@ -74,6 +85,7 @@ printf "\n********** Cleaning up ONAP: ${ONAP_APPS[*]}\n" for i in ${HELM_APPS[@]}; do + delete_certs_secret $NS $i delete_app_helm $NS $i delete_namespace $NS $i diff --git a/kubernetes/policy/templates/dep-drools.yaml b/kubernetes/policy/templates/dep-drools.yaml index 75055c10d8..7da046e156 100644 --- a/kubernetes/policy/templates/dep-drools.yaml +++ b/kubernetes/policy/templates/dep-drools.yaml @@ -66,6 +66,8 @@ spec: volumeMounts: - mountPath: /tmp/policy-install/config name: drools + - mountPath: /tmp/policy-install/config/policy-keystore + name: drools-keystore - mountPath: /usr/share/maven/conf/settings.xml name: drools-settingsxml volumes: @@ -75,5 +77,8 @@ spec: - name: drools hostPath: path: /dockerdata-nfs/{{ .Values.nsPrefix }}/policy/opt/policy/config/drools/ + - name: drools-keystore + secret: + secretName: secret-{{ .Values.nsPrefix }}-policy imagePullSecrets: - name: "{{ .Values.nsPrefix }}-docker-registry-key" -- cgit 1.2.3-korg