Code Review / oom.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Update Gizmo and Champ security config
[oom.git] / kubernetes / aai / charts / aai-gizmo / templates / deployment.yaml
diff --git a/kubernetes/aai/charts/aai-gizmo/templates/deployment.yaml b/kubernetes/aai/charts/aai-gizmo/templates/deployment.yaml
index 0fb8552..ba90fdc 100644 (file)
--- a/kubernetes/aai/charts/aai-gizmo/templates/deployment.yaml
+++ b/kubernetes/aai/charts/aai-gizmo/templates/deployment.yaml
@@ -31,6 +31,14 @@ spec:
         app: {{ include "common.name" . }}
         release: {{ .Release.Name }}
     spec:
+    {{ if .Values.global.installSidecarSecurity }}
+      initContainers:
+        - name: {{ .Values.global.tproxyConfig.name }}
+          image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}"
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          securityContext:
+            privileged: true
+    {{ end }}
       containers:
         - name: {{ .Chart.Name }}
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -73,8 +81,11 @@ spec:
           - mountPath: /opt/app/crud-service/config/crud-api.properties
             subPath: crud-api.properties
             name: {{ include "common.fullname" . }}-config
-          - mountPath: /opt/app/crud-service/config/schemaIngest.properties
-            subPath: schemaIngest.properties
+          - mountPath: /opt/app/crud-service/config/schema-ingest.properties
+            subPath: schema-ingest.properties
+            name: {{ include "common.fullname" . }}-config
+          - mountPath: /opt/app/crud-service/config/edgeprops-ingest.properties
+            subPath: edgeprops-ingest.properties
             name: {{ include "common.fullname" . }}-config
           - mountPath: /opt/app/crud-service/config/model/
             name: {{ include "common.fullname" . }}-model-config
@@ -89,7 +100,7 @@ spec:
             name: {{ include "common.fullname" . }}-logback-config
             subPath: logback.xml
           resources:
-{{ toYaml .Values.resources | indent 12 }}
+{{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
         nodeSelector:
 {{ toYaml .Values.nodeSelector | indent 10 }}
@@ -111,6 +122,84 @@ spec:
           - mountPath: /usr/share/filebeat/data
             name: {{ include "common.fullname" . }}-data-filebeat
 
+    {{ if .Values.global.installSidecarSecurity }}
+        - name: {{ .Values.global.rproxy.name }}
+          image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}"
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          env:
+          - name: CONFIG_HOME
+            value: "/opt/app/rproxy/config"
+          - name: KEY_STORE_PASSWORD
+            value: {{ .Values.config.keyStorePassword }}
+          - name: spring_profiles_active
+            value: {{ .Values.global.rproxy.activeSpringProfiles }}
+          volumeMounts:
+          - name: {{ include "common.fullname" . }}-rproxy-config
+            mountPath: /opt/app/rproxy/config/forward-proxy.properties
+            subPath: forward-proxy.properties
+          - name: {{ include "common.fullname" . }}-rproxy-config
+            mountPath: /opt/app/rproxy/config/primary-service.properties
+            subPath: primary-service.properties
+          - name: {{ include "common.fullname" . }}-rproxy-config
+            mountPath: /opt/app/rproxy/config/reverse-proxy.properties
+            subPath: reverse-proxy.properties
+          - name: {{ include "common.fullname" . }}-rproxy-config
+            mountPath: /opt/app/rproxy/config/cadi.properties
+            subPath: cadi.properties
+          - name: {{ include "common.fullname" . }}-rproxy-log-config
+            mountPath: /opt/app/rproxy/config/logback-spring.xml
+            subPath: logback-spring.xml
+          - name: {{ include "common.fullname" . }}-rproxy-auth-certs
+            mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
+            subPath: tomcat_keystore
+          - name: {{ include "common.fullname" . }}-rproxy-auth-certs
+            mountPath: /opt/app/rproxy/config/auth/client-cert.p12
+            subPath: client-cert.p12
+          - name: {{ include "common.fullname" . }}-rproxy-auth-certs
+            mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12
+            subPath: org.onap.aai.p12
+          - name: {{ include "common.fullname" . }}-rproxy-auth-config
+            mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
+            subPath: uri-authorization.json
+          - name: {{ include "common.fullname" . }}-rproxy-security-config
+            mountPath: /opt/app/rproxy/config/security/keyfile
+            subPath: keyfile
+
+          ports:
+          - containerPort: {{ .Values.global.rproxy.port }}
+
+        - name: {{ .Values.global.fproxy.name }}
+          image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}"
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          env:
+          - name: CONFIG_HOME
+            value: "/opt/app/fproxy/config"
+          - name: KEY_STORE_PASSWORD
+            value: {{ .Values.config.keyStorePassword }}
+          - name: TRUST_STORE_PASSWORD
+            value: {{ .Values.config.trustStorePassword }}
+          - name: spring_profiles_active
+            value: {{ .Values.global.fproxy.activeSpringProfiles }}
+          volumeMounts:
+          - name: {{ include "common.fullname" . }}-fproxy-config
+            mountPath: /opt/app/fproxy/config/fproxy.properties
+            subPath: fproxy.properties
+          - name: {{ include "common.fullname" . }}-fproxy-log-config
+            mountPath: /opt/app/fproxy/config/logback-spring.xml
+            subPath: logback-spring.xml
+          - name: {{ include "common.fullname" . }}-fproxy-auth-certs
+            mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
+            subPath: tomcat_keystore
+          - name: {{ include "common.fullname" . }}-fproxy-auth-certs
+            mountPath: /opt/app/fproxy/config/auth/fproxy_truststore
+            subPath: fproxy_truststore
+          - name: {{ include "common.fullname" . }}-fproxy-auth-certs
+            mountPath: /opt/app/fproxy/config/auth/client-cert.p12
+            subPath: client-cert.p12
+          ports:
+          - containerPort: {{ .Values.global.fproxy.port }}
+    {{ end }}
+
       volumes:
         - name: localtime
           hostPath:
@@ -131,8 +220,10 @@ spec:
             items:
             - key: crud-api.properties
               path: crud-api.properties
-            - key: schemaIngest.properties
-              path: schemaIngest.properties
+            - key: schema-ingest.properties
+              path: schema-ingest.properties
+            - key: edgeprops-ingest.properties
+              path: edgeprops-ingest.properties
             - key: crud-beans.xml
               path: crud-beans.xml
         - name: {{ include "common.fullname" . }}-logback-config
@@ -144,5 +235,32 @@ spec:
         - name: {{ include "common.fullname" . }}-model-config
           configMap:
             name: {{ include "common.fullname" . }}-model-configmap
+    {{ if .Values.global.installSidecarSecurity }}
+        - name: {{ include "common.fullname" . }}-rproxy-config
+          configMap:
+            name: {{ include "common.fullname" . }}-rproxy-config
+        - name: {{ include "common.fullname" . }}-rproxy-log-config
+          configMap:
+            name: {{ include "common.fullname" . }}-rproxy-log-config
+        - name: {{ include "common.fullname" . }}-rproxy-auth-config
+          secret:
+            secretName: {{ include "common.fullname" . }}-rproxy-auth-config
+        - name: {{ include "common.fullname" . }}-rproxy-auth-certs
+          secret:
+            secretName: aai-rproxy-auth-certs
+        - name: {{ include "common.fullname" . }}-rproxy-security-config
+          secret:
+            secretName: aai-rproxy-security-config
+        - name: {{ include "common.fullname" . }}-fproxy-config
+          configMap:
+            name: {{ include "common.fullname" . }}-fproxy-config
+        - name: {{ include "common.fullname" . }}-fproxy-log-config
+          configMap:
+            name: {{ include "common.fullname" . }}-fproxy-log-config
+        - name: {{ include "common.fullname" . }}-fproxy-auth-certs
+          secret:
+            secretName: aai-fproxy-auth-certs
+    {{ end }}
+
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
Introduces the ONAP Platform OOM (ONAP Operations Manager) to efficiently Deploy, Manage, Operate the ONAP platform and its components (e.g. MSO, DCAE, SDC, etc.) and infrastructure (VMs, Containers).