Portal-app auto cert gen

author ChrisC <christophe.closset@intl.att.com>

Fri, 3 Apr 2020 11:58:44 +0000 (13:58 +0200)

committer ChrisC <christophe.closset@intl.att.com>

Tue, 7 Apr 2020 07:45:52 +0000 (09:45 +0200)
author ChrisC <christophe.closset@intl.att.com>
Fri, 3 Apr 2020 11:58:44 +0000 (13:58 +0200)
committer ChrisC <christophe.closset@intl.att.com>
Tue, 7 Apr 2020 07:45:52 +0000 (09:45 +0200)
diff --git a/kubernetes/portal/charts/portal-app/resources/certs/keystoreONAPPortal.p12 b/kubernetes/portal/charts/portal-app/resources/certs/keystoreONAPPortal.p12

deleted file mode 100644 (file)

index 9f52189..0000000

Binary files a/kubernetes/portal/charts/portal-app/resources/certs/keystoreONAPPortal.p12 and /dev/null differ
diff --git a/kubernetes/portal/charts/portal-app/resources/certs/truststoreONAPall.jks b/kubernetes/portal/charts/portal-app/resources/certs/truststoreONAPall.jks

deleted file mode 100644 (file)

index ff844b1..0000000

Binary files a/kubernetes/portal/charts/portal-app/resources/certs/truststoreONAPall.jks and /dev/null differ
diff --git a/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties b/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties

index 8d21859..63348f0 100755 (executable)
--- a/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties
+++ b/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties
@@ -1,4 +1,5 @@
  # Copyright © 2018 Amdocs, Bell Canada, AT&T
  # Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2020 AT&T
  #
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
  #
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
@@ -111,14 +112,16 @@ auditlog_del_day_from = 365
  #External system notification URL
  external_system_notification_url= https://jira.onap.org/browse/
  
  #External system notification URL
  external_system_notification_url= https://jira.onap.org/browse/
  
+#cookie domain
+cookie_domain = onap.org
+
+{{- if .Values.global.aafEnabled }}
  # External Access System Basic Auth Credentials & Rest endpoint(These credentials doesn't work as these are place holders for now)
  ext_central_access_user_name = aaf_admin@people.osaaf.org
  # External Access System Basic Auth Credentials & Rest endpoint(These credentials doesn't work as these are place holders for now)
  ext_central_access_user_name = aaf_admin@people.osaaf.org
-ext_central_access_password = VTCIC7wfMI0Zy61wkqKQC0bF0EK2YmL2JLl1fQU2YC4=
-ext_central_access_url = https://aaf-service:8100/authz/
+ext_central_access_password = thiswillbereplacedatruntime
+ext_central_access_url = {{ .Values.aafURL }}/authz/
  ext_central_access_user_domain = @people.osaaf.org
  
  # External Central Auth system access
  remote_centralized_system_access = true
  ext_central_access_user_domain = @people.osaaf.org
  
  # External Central Auth system access
  remote_centralized_system_access = true
-
-#cookie domain
-cookie_domain = onap.org
+{{- end }}
diff --git a/kubernetes/portal/charts/portal-app/resources/server/server.xml b/kubernetes/portal/charts/portal-app/resources/server/server.xml

index c9515c1..dec6837 100644 (file)
--- a/kubernetes/portal/charts/portal-app/resources/server/server.xml
+++ b/kubernetes/portal/charts/portal-app/resources/server/server.xml
@@ -14,7 +14,7 @@
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
    limitations under the License.
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
    limitations under the License.
-  
+
    Modifications to this file for use in ONAP are also subject to the Apache-2.0 license.
  -->
  <!-- Note:  A "Server" is not itself a "Container", so you may not
    Modifications to this file for use in ONAP are also subject to the Apache-2.0 license.
  -->
  <!-- Note:  A "Server" is not itself a "Container", so you may not
@@ -22,7 +22,7 @@
       Documentation at /docs/config/server.html
   -->
  <Server port="8005" shutdown="SHUTDOWN">
       Documentation at /docs/config/server.html
   -->
  <Server port="8005" shutdown="SHUTDOWN">
-  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
+  <Listener className="org.apache.catalina.startup.VersionLoggerListener" logArgs="false"/>
    <!-- Security listener. Documentation at /docs/config/listeners.html
    <Listener className="org.apache.catalina.security.SecurityListener" />
    -->
    <!-- Security listener. Documentation at /docs/config/listeners.html
    <Listener className="org.apache.catalina.security.SecurityListener" />
    -->
@@ -70,7 +70,10 @@
      -->
      <Connector port="8080" protocol="HTTP/1.1"
                 connectionTimeout="20000"
      -->
      <Connector port="8080" protocol="HTTP/1.1"
                 connectionTimeout="20000"
-               redirectPort="8443" />
+    {{ if .Values.global.aafEnabled }}
+               redirectPort="8443"
+    {{ end }}
+    />
      <!-- A "Connector" using the shared thread pool-->
      <!--
      <Connector executor="tomcatThreadPool"
      <!-- A "Connector" using the shared thread pool-->
      <!--
      <Connector executor="tomcatThreadPool"
@@ -88,14 +91,19 @@
                 maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
                 clientAuth="false" sslProtocol="TLS" />
      -->
                 maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
                 clientAuth="false" sslProtocol="TLS" />
      -->
-       
-        <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
+    {{ if .Values.global.aafEnabled }}
+    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
                 maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
                 maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
-               keystoreFile="{{.Values.global.keystoreFile}}" keystorePass="{{.Values.global.keypass}}" 
+               keystoreFile="{{.Values.aafConfig.credsPath}}/{{.Values.aafConfig.keystoreFile}}"
+               keystorePass="${javax.net.ssl.keyStorePassword}"
                 clientAuth="false" sslProtocol="TLS" />
                 clientAuth="false" sslProtocol="TLS" />
-
+    {{ end }}
      <!-- Define an AJP 1.3 Connector on port 8009 -->
      <!-- Define an AJP 1.3 Connector on port 8009 -->
-    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
+    <Connector port="8009" protocol="AJP/1.3"
+    {{ if .Values.global.aafEnabled }}
+              redirectPort="8443"
+    {{ end }}
+    />
  
  
      <!-- An Engine represents the entry point (within Catalina) that processes
  
  
      <!-- An Engine represents the entry point (within Catalina) that processes
diff --git a/kubernetes/portal/charts/portal-app/templates/configmap.yaml b/kubernetes/portal/charts/portal-app/templates/configmap.yaml

index d19ffeb..d514fe6 100644 (file)
--- a/kubernetes/portal/charts/portal-app/templates/configmap.yaml
+++ b/kubernetes/portal/charts/portal-app/templates/configmap.yaml
@@ -1,4 +1,5 @@
  # Copyright © 2017 Amdocs, Bell Canada
  # Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2020 AT&T
  #
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
  #
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
@@ -25,3 +26,17 @@ metadata:
  data:
  {{ tpl (.Files.Glob "resources/config/deliveries/properties/ONAPPORTAL/*").AsConfig . | indent 2 }}
  {{ tpl (.Files.Glob "resources/server/*").AsConfig . | indent 2 }}
  data:
  {{ tpl (.Files.Glob "resources/config/deliveries/properties/ONAPPORTAL/*").AsConfig . | indent 2 }}
  {{ tpl (.Files.Glob "resources/server/*").AsConfig . | indent 2 }}
+
+{{ if .Values.global.aafEnabled }}
+{{- if .Values.aafConfig.addconfig -}}
+---
+apiVersion: v1
+kind: ConfigMap
+{{- $suffix := "aaf-add-config" }}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
+data:
+  aaf-add-config.sh: |-
+    /opt/app/aaf_config/bin/agent.sh;/opt/app/aaf_config/bin/agent.sh local showpass \
+    {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} > {{ .Values.aafConfig.credsPath }}/mycreds.prop
+{{- end -}}
+{{- end -}}
diff --git a/kubernetes/portal/charts/portal-app/templates/deployment.yaml b/kubernetes/portal/charts/portal-app/templates/deployment.yaml

index eb0dee0..14bbd3c 100644 (file)
--- a/kubernetes/portal/charts/portal-app/templates/deployment.yaml
+++ b/kubernetes/portal/charts/portal-app/templates/deployment.yaml
@@ -1,4 +1,5 @@
  # Copyright © 2017 Amdocs, Bell Canada
  # Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2020 AT&T
  #
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
  #
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
@@ -45,33 +46,27 @@ spec:
              fieldRef:
                apiVersion: v1
                fieldPath: metadata.namespace
              fieldRef:
                apiVersion: v1
                fieldPath: metadata.namespace
+      {{- if .Values.global.aafEnabled }}
+{{ include "common.aaf-config" . | indent 6 }}
+      {{- end }}
        containers:
        - name: {{ include "common.name" . }}
          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
        containers:
        - name: {{ include "common.name" . }}
          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        command:
-          - /start-apache-tomcat.sh
-          - -i
-          - ""
-          - -n
-          - ""
-          - -b
-          - "{{ .Values.global.env.tomcatDir }}"
+        command: ["bash","-c"]
+        {{- if .Values.global.aafEnabled }}
+        args: ["export $(grep '^c' {{ .Values.aafConfig.credsPath }}/mycreds.prop | xargs -0);\
+               export _JAVA_OPTIONS=\"-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \
+              -Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\
+              /start-apache-tomcat.sh -i \"\" -n \"\" -b {{ .Values.global.env.tomcatDir }}"]
          env:
          env:
-          - name: CATALINA_OPTS
+          - name: _CATALINA_OPTS
              value: >
              value: >
-              -Djavax.net.ssl.keyStore={{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}}
-              -Djavax.net.ssl.keyStorePassword={{ .Values.global.trustpass }}
-              -Djavax.net.ssl.trustStore={{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}}
-              -Djavax.net.ssl.trustStorePassword={{ .Values.global.trustpass }}
-          - name: javax.net.ssl.keyStore
-            value: {{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}} 
-          - name: javax.net.ssl.keyStorePassword
-            value: {{ .Values.global.trustpass }}
-          - name: javax.net.ssl.trustStore
-            value: {{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}}
-          - name: javax.net.ssl.trustStorePassword
-            value: {{ .Values.global.trustpass }}
+              -Djavax.net.ssl.keyStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.keystoreFile }}"
+              -Djavax.net.ssl.trustStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.truststoreFile }}"
+        {{- else }}
+        args: ["/start-apache-tomcat.sh -i "" -n "" -b {{ .Values.global.env.tomcatDir }}"]
+        {{- end }}
          ports:
          - containerPort: {{ .Values.service.internalPort }}
          - containerPort: {{ .Values.service.internalPort2 }}
          ports:
          - containerPort: {{ .Values.service.internalPort }}
          - containerPort: {{ .Values.service.internalPort2 }}
@@ -90,6 +85,9 @@ spec:
            initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
            periodSeconds: {{ .Values.readiness.periodSeconds }}
          volumeMounts:
            initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
            periodSeconds: {{ .Values.readiness.periodSeconds }}
          volumeMounts:
+        {{- if .Values.global.aafEnabled }}
+{{ include "common.aaf-config-volume-mountpath" . | indent 8 }}
+        {{- end }}
          - mountPath: /etc/localtime
            name: localtime
            readOnly: true
          - mountPath: /etc/localtime
            name: localtime
            readOnly: true
@@ -117,16 +115,10 @@ spec:
          - name: properties-onapportal
            mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/web.xml"
            subPath: web.xml
          - name: properties-onapportal
            mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/web.xml"
            subPath: web.xml
-        - name: authz-onapportal
-          mountPath: "{{ .Values.global.env.tomcatDir }}/{{ .Values.global.keystoreFile}}"
-          subPath: {{ .Values.global.keystoreFile}}
-        - name: authz-onapportal
-          mountPath: "{{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}}"
-          subPath: {{ .Values.global.truststoreFile}}          
          - name: var-log-onap
            mountPath: /var/log/onap
          resources:
          - name: var-log-onap
            mountPath: /var/log/onap
          resources:
-{{ include "common.resources" . | indent 12 }}
+{{ include "common.resources" . }}
        {{- if .Values.nodeSelector }}
        nodeSelector:
  {{ toYaml .Values.nodeSelector | indent 10 }}
        {{- if .Values.nodeSelector }}
        nodeSelector:
  {{ toYaml .Values.nodeSelector | indent 10 }}
@@ -147,6 +139,9 @@ spec:
          - name: var-log-onap
            mountPath: /var/log/onap
        volumes:
          - name: var-log-onap
            mountPath: /var/log/onap
        volumes:
+        {{- if .Values.global.aafEnabled }}
+{{ include "common.aaf-config-volumes" . | indent 8 }}
+        {{- end }}
          - name: localtime
            hostPath:
              path: /etc/localtime
          - name: localtime
            hostPath:
              path: /etc/localtime
@@ -154,9 +149,6 @@ spec:
            configMap:
              name: {{ include "common.fullname" . }}-onapportal
              defaultMode: 0755
            configMap:
              name: {{ include "common.fullname" . }}-onapportal
              defaultMode: 0755
-        - name: authz-onapportal
-          secret:
-            secretName: {{ include "common.fullname" . }}-authz-onapportal
          - name: filebeat-conf
            configMap:
              name: portal-filebeat
          - name: filebeat-conf
            configMap:
              name: portal-filebeat
diff --git a/kubernetes/portal/charts/portal-app/templates/secret.yaml b/kubernetes/portal/charts/portal-app/templates/secret.yaml

index 85b0f40..a4019ef 100644 (file)
--- a/kubernetes/portal/charts/portal-app/templates/secret.yaml
+++ b/kubernetes/portal/charts/portal-app/templates/secret.yaml
@@ -1,4 +1,5 @@
  # Copyright © 2018 Amdocs, Bell Canada, AT&T
  # Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2020 AT&T
  #
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
  #
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
@@ -12,16 +13,4 @@
  # See the License for the specific language governing permissions and
  # limitations under the License.
  
  # See the License for the specific language governing permissions and
  # limitations under the License.
  
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "common.fullname" . }}-authz-onapportal
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }}
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/portal/charts/portal-app/values.yaml b/kubernetes/portal/charts/portal-app/values.yaml

index 59a11ad..433352c 100644 (file)
--- a/kubernetes/portal/charts/portal-app/values.yaml
+++ b/kubernetes/portal/charts/portal-app/values.yaml
@@ -1,5 +1,5 @@
  # Copyright © 2017 Amdocs, Bell Canada
  # Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018,2020 AT&T
  #
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
  #
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
@@ -22,15 +22,46 @@ global:
    readinessImage: readiness-check:2.0.0
    loggingRepository: docker.elastic.co
    loggingImage: beats/filebeat:5.5.0
    readinessImage: readiness-check:2.0.0
    loggingRepository: docker.elastic.co
    loggingImage: beats/filebeat:5.5.0
+  #AAF service
+  aafEnabled: true
  
  #################################################################
  # Application configuration defaults.
  #################################################################
  
  #################################################################
  # Application configuration defaults.
  #################################################################
+
  # application image
  repository: nexus3.onap.org:10001
  image: onap/portal-app:2.6.0
  pullPolicy: Always
  
  # application image
  repository: nexus3.onap.org:10001
  image: onap/portal-app:2.6.0
  pullPolicy: Always
  
+#AAF local config
+
+aafURL: https://aaf-service:8100/
+aafConfig:
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  fqdn: portal
+  fqi: portal@portal.onap.org
+  publicFqdn: portal.onap.org
+  cadi_latitude: "38.0"
+  cadi_longitude: "-72.0"
+  credsPath: /opt/app/osaaf/local
+  app_ns: org.osaaf.aaf
+  permission_user: 1000
+  permission_group: 999
+  addconfig: true
+  secret_uid: &aaf_secret_uid portal-app-aaf-deploy-creds
+  keystoreFile: "org.onap.portal.p12"
+  truststoreFile: "org.onap.portal.trust.jks"
+
+secrets:
+  - uid: *aaf_secret_uid
+    type: basicAuth
+    externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}'
+    login: '{{ .Values.aafConfig.aafDeployFqi }}'
+    password: '{{ .Values.aafConfig.aafDeployPass }}'
+    passwordPolicy: required
+
  # default number of instances
  replicaCount: 1
  
  # default number of instances
  replicaCount: 1
  
diff --git a/kubernetes/portal/charts/portal-sdk/resources/server/server.xml b/kubernetes/portal/charts/portal-sdk/resources/server/server.xml

index 506a1ca..dffcfbe 100644 (file)
--- a/kubernetes/portal/charts/portal-sdk/resources/server/server.xml
+++ b/kubernetes/portal/charts/portal-sdk/resources/server/server.xml
@@ -94,7 +94,7 @@
      {{ if .Values.global.aafEnabled }}
      <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
                 maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
      {{ if .Values.global.aafEnabled }}
      <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
                 maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
-               keystoreFile="{{.Values.persistence.aafCredsPath}}/{{.Values.aafConfig.keystoreFile}}"
+               keystoreFile="{{.Values.aafConfig.credsPath}}/{{.Values.aafConfig.keystoreFile}}"
                 keystorePass="${javax.net.ssl.keyStorePassword}"
                 clientAuth="false" sslProtocol="TLS" />
      {{ end }}
                 keystorePass="${javax.net.ssl.keyStorePassword}"
                 clientAuth="false" sslProtocol="TLS" />
      {{ end }}
diff --git a/kubernetes/portal/charts/portal-sdk/templates/configmap.yaml b/kubernetes/portal/charts/portal-sdk/templates/configmap.yaml

index 154276e..1dbdeed 100644 (file)
--- a/kubernetes/portal/charts/portal-sdk/templates/configmap.yaml
+++ b/kubernetes/portal/charts/portal-sdk/templates/configmap.yaml
@@ -1,5 +1,5 @@
  # Copyright © 2017 Amdocs, Bell Canada
  # Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018, 2020 AT&T
  #
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
  #
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
@@ -25,4 +25,18 @@ metadata:
      heritage: {{ .Release.Service }}
  data:
  {{ tpl (.Files.Glob "resources/config/deliveries/properties/ONAPPORTALSDK/*").AsConfig . | indent 2 }}
      heritage: {{ .Release.Service }}
  data:
  {{ tpl (.Files.Glob "resources/config/deliveries/properties/ONAPPORTALSDK/*").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/server/*").AsConfig . | indent 2 }}
-\ No newline at end of file
+{{ tpl (.Files.Glob "resources/server/*").AsConfig . | indent 2 }}
+
+{{ if .Values.global.aafEnabled }}
+{{- if .Values.aafConfig.addconfig -}}
+---
+apiVersion: v1
+kind: ConfigMap
+{{- $suffix := "aaf-add-config" }}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
+data:
+  aaf-add-config.sh: |-
+    /opt/app/aaf_config/bin/agent.sh;/opt/app/aaf_config/bin/agent.sh local showpass \
+    {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} > {{ .Values.aafConfig.credsPath }}/mycreds.prop
+{{- end -}}
+{{- end -}}
+\ No newline at end of file
diff --git a/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml b/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml

index 8465d06..2de9a1b 100644 (file)
--- a/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml
+++ b/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml
@@ -47,71 +47,23 @@ spec:
                apiVersion: v1
                fieldPath: metadata.namespace
        {{- if .Values.global.aafEnabled }}
                apiVersion: v1
                fieldPath: metadata.namespace
        {{- if .Values.global.aafEnabled }}
-      - name: {{ include "common.name" . }}-aaf-readiness
-        image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        command:
-          - /root/ready.py
-        args:
-          - --container-name
-          - aaf-locate
-          - --container-name
-          - aaf-cm
-        env:
-          - name: NAMESPACE
-            valueFrom:
-              fieldRef:
-                apiVersion: v1
-                fieldPath: metadata.namespace
-      - name: {{ include "common.name" . }}-aaf-config
-        image: "{{ include "common.repository" . }}/{{ .Values.global.aafAgentImage }}"
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        command: ["bash","-c"]
-        args: ["/opt/app/aaf_config/bin/agent.sh;/opt/app/aaf_config/bin/agent.sh local showpass \
-        {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} > {{ .Values.persistence.aafCredsPath }}/mycreds.prop"]
-        volumeMounts:
-          - mountPath: {{ .Values.persistence.aafCredsPath }}
-            name: {{ include "common.fullname" . }}-aaf-config-vol
-        env:
-          - name: APP_FQI
-            value: "{{ .Values.aafConfig.fqi }}"
-          - name: aaf_locate_url
-            value: "https://aaf-locate.{{ .Release.Namespace }}:8095"
-          - name: aaf_locator_container
-            value: "{{ .Values.global.aafLocatorContainer }}"
-          - name: aaf_locator_container_ns
-            value: "{{ .Release.Namespace }}"
-          - name: aaf_locator_fqdn
-            value: "{{ .Values.aafConfig.fqdn }}"
-          - name: aaf_locator_public_fqdn
-            value: "{{.Values.aafConfig.publicFqdn}}"
-          - name: aaf_locator_app_ns
-            value: "{{ .Values.global.aafAppNs }}"
-          - name: DEPLOY_FQI
-            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-deploy-creds" "key" "login") | indent 12 }}
-          - name: DEPLOY_PASSWORD
-            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-deploy-creds" "key" "password") | indent 12 }}
-          - name: cadi_longitude
-            value: "{{ .Values.aafConfig.cadiLongitude }}"
-          - name: cadi_latitude
-            value: "{{ .Values.aafConfig.cadiLatitude }}"
-      {{ end }}
+{{ include "common.aaf-config" . | indent 6 }}
+      {{- end }}
        containers:
        - name: {{ include "common.name" . }}
          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
          command: ["bash","-c"]
          {{- if .Values.global.aafEnabled }}
        containers:
        - name: {{ include "common.name" . }}
          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
          command: ["bash","-c"]
          {{- if .Values.global.aafEnabled }}
-        args: ["export $(grep '^c' {{ .Values.persistence.aafCredsPath }}/mycreds.prop | xargs -0);\
+        args: ["export $(grep '^c' {{ .Values.aafConfig.credsPath }}/mycreds.prop | xargs -0);\
          export _JAVA_OPTIONS=\"-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \
          -Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\
          export _JAVA_OPTIONS=\"-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \
          -Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\
-        cat /dev/null > {{ .Values.persistence.aafCredsPath }}/mycreds.prop;\
          /start-apache-tomcat.sh -b {{ .Values.global.env.tomcatDir }}"]
          env:
            - name: _CATALINA_OPTS
              value: >
          /start-apache-tomcat.sh -b {{ .Values.global.env.tomcatDir }}"]
          env:
            - name: _CATALINA_OPTS
              value: >
-              -Djavax.net.ssl.keyStore="{{ .Values.persistence.aafCredsPath }}/{{ .Values.aafConfig.keystoreFile }}"
-              -Djavax.net.ssl.trustStore="{{ .Values.persistence.aafCredsPath }}/{{ .Values.aafConfig.truststoreFile }}"
+              -Djavax.net.ssl.keyStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.keystoreFile }}"
+              -Djavax.net.ssl.trustStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.truststoreFile }}"
          {{- else }}
          args: ["/start-apache-tomcat.sh -b {{ .Values.global.env.tomcatDir }}"]
          {{- end }}
          {{- else }}
          args: ["/start-apache-tomcat.sh -b {{ .Values.global.env.tomcatDir }}"]
          {{- end }}
@@ -131,8 +83,7 @@ spec:
            periodSeconds: {{ .Values.readiness.periodSeconds }}
          volumeMounts:
          {{- if .Values.global.aafEnabled }}
            periodSeconds: {{ .Values.readiness.periodSeconds }}
          volumeMounts:
          {{- if .Values.global.aafEnabled }}
-        - mountPath: {{ .Values.persistence.aafCredsPath }}
-          name: {{ include "common.fullname" . }}-aaf-config-vol
+{{ include "common.aaf-config-volume-mountpath" . | indent 8 }}
          {{- end }}
          - name: properties-onapportalsdk
            mountPath: "{{ .Values.global.env.tomcatDir }}/conf/server.xml"
          {{- end }}
          - name: properties-onapportalsdk
            mountPath: "{{ .Values.global.env.tomcatDir }}/conf/server.xml"
@@ -160,7 +111,7 @@ spec:
          - name: var-log-onap
            mountPath: /var/log/onap
          resources:
          - name: var-log-onap
            mountPath: /var/log/onap
          resources:
-{{ include "common.resources" . | indent 12 }}
+{{ include "common.resources" . }}
        {{- if .Values.nodeSelector }}
        nodeSelector:
  {{ toYaml .Values.nodeSelector | indent 10 }}
        {{- if .Values.nodeSelector }}
        nodeSelector:
  {{ toYaml .Values.nodeSelector | indent 10 }}
@@ -198,9 +149,7 @@ spec:
          - name: portal-tomcat-logs
            emptyDir: {}
          {{- if .Values.global.aafEnabled }}
          - name: portal-tomcat-logs
            emptyDir: {}
          {{- if .Values.global.aafEnabled }}
-        - name: {{ include "common.fullname" . }}-aaf-config-vol
-          emptyDir:
-            medium: Memory
+{{ include "common.aaf-config-volumes" . | indent 8 }}
          {{- end }}
        imagePullSecrets:
        - name: "{{ include "common.namespace" . }}-docker-registry-key"
          {{- end }}
        imagePullSecrets:
        - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/portal/charts/portal-sdk/values.yaml b/kubernetes/portal/charts/portal-sdk/values.yaml

index 34c29b5..77ceb27 100644 (file)
--- a/kubernetes/portal/charts/portal-sdk/values.yaml
+++ b/kubernetes/portal/charts/portal-sdk/values.yaml
@@ -23,47 +23,45 @@ global:
    loggingRepository: docker.elastic.co
    loggingImage: beats/filebeat:5.5.0
    persistence: {}
    loggingRepository: docker.elastic.co
    loggingImage: beats/filebeat:5.5.0
    persistence: {}
-  #AAF global config overrides
+  #AAF service
    aafEnabled: true
    aafEnabled: true
-  aafAgentImage: onap/aaf/aaf_agent:2.1.15
-  aafAppNs: org.osaaf.aaf
-  aafLocatorContainer: oom
+
  #################################################################
  # Application configuration defaults.
  #################################################################
  #################################################################
  # Application configuration defaults.
  #################################################################
-secrets:
-  - uid: aaf-deploy-creds
-    type: basicAuth
-    externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}'
-    login: '{{ .Values.aafConfig.aafDeployFqi }}'
-    password: '{{ .Values.aafConfig.aafDeployPass }}'
-    passwordPolicy: required
-
-## Persist cert data to a memory volume
-persistence:
-  aafCredsPath: /opt/app/osaaf/local
  
  # application image
  repository: nexus3.onap.org:10001
  image: onap/portal-sdk:2.6.0
  pullPolicy: Always
  
  
  # application image
  repository: nexus3.onap.org:10001
  image: onap/portal-sdk:2.6.0
  pullPolicy: Always
  
-#AAF service
-aafURL: https://aaf-service:8100/
-aafLocateUrl: https://aaf-locate:8095
-
  #AAF local config
  #AAF local config
+aafURL: https://aaf-service:8100/
  aafConfig:
    aafDeployFqi: deployer@people.osaaf.org
    aafDeployPass: demo123456!
    fqdn: portal
    fqi: portal@portal.onap.org
    publicFqdn: portal.onap.org
  aafConfig:
    aafDeployFqi: deployer@people.osaaf.org
    aafDeployPass: demo123456!
    fqdn: portal
    fqi: portal@portal.onap.org
    publicFqdn: portal.onap.org
-  cadiLatitude: 0.0
-  cadiLongitude: 0.0
+  cadi_latitude: "38.0"
+  cadi_longitude: "-72.0"
+  credsPath: /opt/app/osaaf/local
+  app_ns: org.osaaf.aaf
+  permission_user: 1000
+  permission_group: 999
+  addconfig:  true
+  secret_uid: &aaf_secret_uid portal-sdk-aaf-deploy-creds
    keystoreFile: "org.onap.portal.p12"
    truststoreFile: "org.onap.portal.trust.jks"
  
    keystoreFile: "org.onap.portal.p12"
    truststoreFile: "org.onap.portal.trust.jks"
  
+secrets:
+  - uid: *aaf_secret_uid
+    type: basicAuth
+    externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}'
+    login: '{{ .Values.aafConfig.aafDeployFqi }}'
+    password: '{{ .Values.aafConfig.aafDeployPass }}'
+    passwordPolicy: required
+
  # flag to enable debugging - application support required
  debugEnabled: false
  
  # flag to enable debugging - application support required
  debugEnabled: false
  
diff --git a/kubernetes/portal/values.yaml b/kubernetes/portal/values.yaml

index 8c84cbd..1015c86 100644 (file)
--- a/kubernetes/portal/values.yaml
+++ b/kubernetes/portal/values.yaml
@@ -1,5 +1,5 @@
  # Copyright © 2017 Amdocs, Bell Canada
  # Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018, 2020 AT&T
  #
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
  #
  # Licensed under the Apache License, Version 2.0 (the "License");
  # you may not use this file except in compliance with the License.
@@ -21,18 +21,11 @@ global:
    portalFEPort: "30225"
    # application's front end hostname.  Must be resolvable on the client side environment
    portalHostName: "portal.api.simpledemo.onap.org"
    portalFEPort: "30225"
    # application's front end hostname.  Must be resolvable on the client side environment
    portalHostName: "portal.api.simpledemo.onap.org"
-  keystoreFile: "keystoreONAPPortal.p12"
-  truststoreFile: "truststoreONAPall.jks"
-  keypass: ",@{9!OOv%HO@#c+0Z}axu!xV"
-  trustpass: "changeit"
-
  config:
    logstashServiceName: log-ls
    logstashPort: 5044
  config:
    logstashServiceName: log-ls
    logstashPort: 5044
-  
  portal-mariadb:
    nameOverride: portal-db
  portal-mariadb:
    nameOverride: portal-db
-
  mariadb:
    service:
      name: portal-db
  mariadb:
    service:
      name: portal-db
@@ -48,10 +41,8 @@ cassandra:
  zookeeper:
    service:
      name: portal-zookeeper
  zookeeper:
    service:
      name: portal-zookeeper
-
  messageRouter:
    service:
      name: message-router
  messageRouter:
    service:
      name: message-router
-
  ingress:
    enabled: false
 \ No newline at end of file
  ingress:
    enabled: false
 \ No newline at end of file
author	ChrisC <christophe.closset@intl.att.com>
	Fri, 3 Apr 2020 11:58:44 +0000 (13:58 +0200)
committer	ChrisC <christophe.closset@intl.att.com>
	Tue, 7 Apr 2020 07:45:52 +0000 (09:45 +0200)
kubernetes/portal/charts/portal-app/resources/certs/keystoreONAPPortal.p12	[deleted file]	patch \| blob \| history
kubernetes/portal/charts/portal-app/resources/certs/truststoreONAPall.jks	[deleted file]	patch \| blob \| history
kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties		patch \| blob \| history
kubernetes/portal/charts/portal-app/resources/server/server.xml		patch \| blob \| history
kubernetes/portal/charts/portal-app/templates/configmap.yaml		patch \| blob \| history
kubernetes/portal/charts/portal-app/templates/deployment.yaml		patch \| blob \| history
kubernetes/portal/charts/portal-app/templates/secret.yaml		patch \| blob \| history
kubernetes/portal/charts/portal-app/values.yaml		patch \| blob \| history
kubernetes/portal/charts/portal-sdk/resources/server/server.xml		patch \| blob \| history
kubernetes/portal/charts/portal-sdk/templates/configmap.yaml		patch \| blob \| history
kubernetes/portal/charts/portal-sdk/templates/deployment.yaml		patch \| blob \| history
kubernetes/portal/charts/portal-sdk/values.yaml		patch \| blob \| history
kubernetes/portal/values.yaml		patch \| blob \| history