[MSB] Use certInitializer for MSB

MSB is currently using an hardcoded certificate. In order to follow
SECOMMON requirements, let's use a freshly generated certificate instead

Issue-ID: MSB-521
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I157e44a6e30391c36c0142acfa08604c37b79cc4

diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat
index 6fc63e4..61ddfb2 100644 (file)
--- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat
+++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat
@@ -29,6 +29,8 @@ dmaap.mr@mr.dmaap.onap.org|dmaap.mr|local|/opt/app/osaaf/local||mailto:|org.onap
 dmaap.mr@mr.dmaap.onap.org|dmaapmr|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap.mr|root|30|{'message-router mr.api.simpledemo.onap.org message-router.onap dmaapmr dmaap.mr dmaap-mr dmaap.mr.onap dmaap-mr.onap dmaap-mr dmaapmr.onap'}|aaf_admin@osaaf.org|{'pkcs12', 'script'}
 dmaap.mr@mr.dmaap.onap.org|dmaap-mr|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap.mr|root|30|{'message-router mr.api.simpledemo.onap.org message-router.onap dmaapmr dmaap.mr dmaap-mr dmaap.mr.onap dmaap-mr.onap dmaap-mr dmaapmr.onap'}|@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
 holmes@holmes.onap.org|holmes|local|/opt/app/osaaf/local||mailto:|org.onap.holmes|root|30|{'holmes.api.simpledemo.onap.org', 'holmes.onap'}|aaf_admin@osaaf.org|{'pkcs12'}
+msb-eag@msb-eag.onap.org|msb-eag|local|/opt/app/osaaf/local||mailto:|org.onap.msb-eag|root|30|{'msb-eag', 'msb-eag.api.simpledemo.onap.org', 'msb-eag.onap'}|mmanager@osaaf.org|{'file', 'pkcs12'}
+msb-iag@msb-iag.onap.org|msb-iag|local|/opt/app/osaaf/local||mailto:|org.onap.msb-iag|root|30|{'msb-iag', 'msb-iag.api.simpledemo.onap.org', 'msb-iag.onap'}|mmanager@osaaf.org|{'file', 'pkcs12'}
 music@music.onap.org|music|aaf|/opt/app/aaf/local||mailto:|org.onap.music|root|30|{'music.api.simpledemo.onap.org', 'music.onap'}|mmanager@osaaf.org|{'pkcs12', 'script'}
 music@music.onap.org|music.onap|local|/opt/app/osaaf/local||mailto:|org.onap.music|root|30|{'music-api', 'music-api.onap', 'music-onap', 'music.api.simpledemo.onap.org', 'music.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
 nbi@nbi.onap.org|nbi|local|/opt/app/osaaf/local||mailto:|org.onap.nbi|root|30|{'nbi', 'nbi.api.simpledemo.onap.org', 'nbi.onap'}|aaf_admin@osaaf.org|{'file', 'pkcs12'}

diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat
index ff5caac..35c78c6 100644 (file)
--- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat
+++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat
@@ -16,6 +16,8 @@ policy@policy.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04d
 pomba@pomba.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.pomba|53344||
 holmes@holmes.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.holmes|53344||
 nbi@nbi.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.nbi|53344||
+msb-eag@msb-eag.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.msb-eag|53344||
+msb-iag@msb-iag.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.msb-iag|53344||
 music@music.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.music|53344||
 vid@vid.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.vid|53344||
 vid1@vid1.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.vid1|53344||

diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat
index 9b8149d..f4a6326 100644 (file)
--- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat
+++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat
@@ -52,6 +52,8 @@ org.onap.dmaap.mr.topic-002||org.onap.dmaap.mr||3
 org.onap.dmaap||org.onap||3
 org.onap.holmes||org.onap||3
 org.onap.music||org.onap||3
+org.onap.msb-eag||org.onap||3
+org.onap.msb-iag||org.onap||3
 org.onap.nbi||org.onap||3
 org.onap|ONAP|org|2|2
 org.onap.oof||org.onap||3

diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat
index 23b1d1d..f283282 100644 (file)
--- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat
+++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat
@@ -289,6 +289,12 @@ org.onap.dmaap.mr|topic|*|view||"{'org.onap.dmaap-bc|service', 'org.onap.dmaap.m
 org.onap.dmaap.mr|viewtest|*|view||"{'org.onap.dmaap.mr|viewtest'}"
 org.onap.holmes|access|*|*|AAF Namespace Write Access|"{'org.onap.holmes|admin'}"
 org.onap.holmes|access|*|read|AAF Namespace Read Access|"{'org.onap.holmes|owner'}"
+org.onap.msb-eag|access|*|*|AAF Namespace Write Access|"{'org.onap.msb-eag|admin', 'org.onap.msb-eag|service'}"
+org.onap.msb-eag|access|*|read|AAF Namespace Read Access|"{'org.onap.msb-eag|owner'}"
+org.onap.msb-eag|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}"
+org.onap.msb-iag|access|*|*|AAF Namespace Write Access|"{'org.onap.msb-iag|admin', 'org.onap.msb-iag|service'}"
+org.onap.msb-iag|access|*|read|AAF Namespace Read Access|"{'org.onap.msb-iag|owner'}"
+org.onap.msb-iag|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}"
 org.onap.music|access|*|*|AAF Namespace Write Access|"{'org.onap.music|admin'}"
 org.onap.music|access|*|read|AAF Namespace Read Access|"{'org.onap.music|owner'}"
 org.onap.music|certman|local|request,ignoreIPs,showpass||"{'org.onap.music|admin', 'org.osaaf.aaf|deploy'}"

diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat
index 240373e..7384e5e 100644 (file)
--- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat
+++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat
@@ -215,6 +215,12 @@ org.onap.dmaap|owner|AAF Namespace Owners|"{'org.onap.dmaap|access|*|read'}"
 org.onap.holmes|admin|AAF Namespace Administrators|"{'org.onap.holmes|access|*|*'}"
 org.onap.holmes|owner|AAF Namespace Owners|"{'org.onap.holmes|access|*|read'}"
 org.onap.holmes|service||
+org.onap.msb-eag|admin|AAF Namespace Administrators|"{'org.onap.msb-eag|access|*|*'}"
+org.onap.msb-eag|owner|AAF Namespace Owners|"{'org.onap.msb-eag|access|*|read'}"
+org.onap.msb-eag|service||"{'org.onap.msb-eag|access|*|*'}"
+org.onap.msb-iag|admin|AAF Namespace Administrators|"{'org.onap.msb-iag|access|*|*'}"
+org.onap.msb-iag|owner|AAF Namespace Owners|"{'org.onap.msb-iag|access|*|read'}"
+org.onap.msb-iag|service||"{'org.onap.msb-iag|access|*|*'}"
 org.onap.music|admin|AAF Namespace Administrators|"{'org.onap.music|access|*|*', 'org.onap.music|certman|local|request,ignoreIPs,showpass'}"
 org.onap.music|owner|AAF Namespace Owners|"{'org.onap.music|access|*|read'}"
 org.onap.music|service||
@@ -302,7 +308,7 @@ org.openecomp.dmaapBC|admin|AAF Admins|"{'org.openecomp.dmaapBC.access|*|*', 'or
 org.openecomp.dmaapBC|owner|AAF Owners|"{'org.openecomp.dmaapBC.access|*|read'}"
 org.openecomp|owner|OpenEcomp Owners|"{'org.openecomp.access|*|read'}"
 org.osaaf.aaf|admin|AAF Admins|"{'org.osaaf.aaf.access|*|*', 'org.osaaf.aaf|cache|all|clear', 'org.osaaf.aaf|cache|role|clear', 'org.osaaf.aaf|password|*|create,reset'}"
-org.osaaf.aaf|deploy|ONAP Deployment Role|"{'org.onap.aaf-sms|certman|local|request,ignoreIPs,showpass', 'org.onap.aai|certman|local|request,ignoreIPs,showpass', 'org.onap.appc|certman|local|request,ignoreIPs,showpass', 'org.onap.clamp|certman|local|request,ignoreIPs,showpass', 'org.onap.dcae|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-mm-prov|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-topic-mgr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-dr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-mr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap.mr|certman|local|request,ignoreIPs,showpass', 'org.onap.music|certman|local|request,ignoreIPs,showpass', 'org.onap.nbi|certman|local|request,ignoreIPs,showpass', 'org.onap.oof|certman|local|request,ignoreIPs,showpass', 'org.onap.policy|certman|local|request,ignoreIPs,showpass', 'org.onap.pomba|certman|local|request,ignoreIPs,showpass', 'org.onap.portal|certman|local|request,ignoreIPs,showpass', 'org.onap.sdc|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc-cds|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc|certman|local|request,ignoreIPs,showpass', 'org.onap.so|certman|local|request,ignoreIPs,showpass', 'org.onap.vfc|certman|local|request,ignoreIPs,showpass', 'org.onap.vid1|certman|local|request,ignoreIPs,showpass', 'org.onap.vid2|certman|local|request,ignoreIPs,showpass', 'org.onap.vid|certman|local|request,ignoreIPs,showpass', 'org.osaaf.aaf|certman|local|request,ignoreIPs,showpass'}"
+org.osaaf.aaf|deploy|ONAP Deployment Role|"{'org.onap.aaf-sms|certman|local|request,ignoreIPs,showpass', 'org.onap.aai|certman|local|request,ignoreIPs,showpass', 'org.onap.appc|certman|local|request,ignoreIPs,showpass', 'org.onap.clamp|certman|local|request,ignoreIPs,showpass', 'org.onap.dcae|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-mm-prov|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-topic-mgr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-dr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-mr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap.mr|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-eag|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-iag|certman|local|request,ignoreIPs,showpass', 'org.onap.music|certman|local|request,ignoreIPs,showpass', 'org.onap.nbi|certman|local|request,ignoreIPs,showpass', 'org.onap.oof|certman|local|request,ignoreIPs,showpass', 'org.onap.policy|certman|local|request,ignoreIPs,showpass', 'org.onap.pomba|certman|local|request,ignoreIPs,showpass', 'org.onap.portal|certman|local|request,ignoreIPs,showpass', 'org.onap.sdc|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc-cds|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc|certman|local|request,ignoreIPs,showpass', 'org.onap.so|certman|local|request,ignoreIPs,showpass', 'org.onap.vfc|certman|local|request,ignoreIPs,showpass', 'org.onap.vid1|certman|local|request,ignoreIPs,showpass', 'org.onap.vid2|certman|local|request,ignoreIPs,showpass', 'org.onap.vid|certman|local|request,ignoreIPs,showpass', 'org.osaaf.aaf|certman|local|request,ignoreIPs,showpass'}"
 org.osaaf.aaf|owner|AAF Owners|"{'org.osaaf.aaf.access|*|read,approve'}"
 org.osaaf.aaf|service||"{'org.osaaf.aaf|cache|*|clear'}"
 org.osaaf|admin|OSAAF Admins|"{'org.osaaf.access|*|*'}"

diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat
index 63190b8..7882ec5 100644 (file)
--- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat
+++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat
@@ -49,6 +49,10 @@ mmanager@people.osaaf.org|org.onap.dmaap-mr.sunil.owner|2020-11-26 12:31:54.000+
 mmanager@people.osaaf.org|org.onap.dmaap-mr.test.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap-mr.test|owner
 mmanager@people.osaaf.org|org.onap.dmaap.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap|owner
 mmanager@people.osaaf.org|org.onap.holmes.owner|2020-11-26 12:31:54.000+0000|org.onap.holmes|owner
+mmanager@people.osaaf.org|org.onap.msb-eag.admin|2020-11-26 12:31:54.000+0000|org.onap.msb-eag|admin
+mmanager@people.osaaf.org|org.onap.msb-eag.owner|2020-11-26 12:31:54.000+0000|org.onap.msb-eag|owner
+mmanager@people.osaaf.org|org.onap.msb-iag.admin|2020-11-26 12:31:54.000+0000|org.onap.msb-iag|admin
+mmanager@people.osaaf.org|org.onap.msb-iag.owner|2020-11-26 12:31:54.000+0000|org.onap.msb-iag|owner
 mmanager@people.osaaf.org|org.onap.music.admin|2020-11-26 12:31:54.000+0000|org.onap.music|admin
 mmanager@people.osaaf.org|org.onap.music.owner|2020-11-26 12:31:54.000+0000|org.onap.music|owner
 mmanager@people.osaaf.org|org.onap.nbi.owner|2020-11-26 12:31:54.000+0000|org.onap.nbi|owner
@@ -109,6 +113,8 @@ portal@portal.onap.org|org.onap.dmaap.mr.topic-000.owner|2020-11-26 12:31:54.000
 portal@portal.onap.org|org.onap.dmaap.mr.topic-001.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.topic-001|owner
 portal@portal.onap.org|org.onap.dmaap.mr.topic-002.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.topic-002|owner
 portal@portal.onap.org|org.onap.holmes.admin|2020-11-26 12:31:54.000+0000|org.onap.holmes|admin
+portal@portal.onap.org|org.onap.msb-eag.admin|2020-11-26 12:31:54.000+0000|org.onap.msb-eag|admin
+portal@portal.onap.org|org.onap.msb-iag.admin|2020-11-26 12:31:54.000+0000|org.onap.msb-iag|admin
 portal@portal.onap.org|org.onap.music.admin|2020-11-26 12:31:54.000+0000|org.onap.music|admin
 portal@portal.onap.org|org.onap.music.owner|2020-11-26 12:31:54.000+0000|org.onap.music|owner
 portal@portal.onap.org|org.onap.nbi.admin|2020-11-26 12:31:54.000+0000|org.onap.nbi|admin
@@ -208,6 +214,8 @@ aaf_admin@people.osaaf.org|org.onap.dmaap.mr.topic-000.owner|2020-11-26 12:31:54
 aaf_admin@people.osaaf.org|org.onap.dmaap.mr.topic-001.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.topic-001|owner
 aaf_admin@people.osaaf.org|org.onap.dmaap.mr.topic-002.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.topic-002|owner
 aaf_admin@people.osaaf.org|org.onap.holmes.admin|2020-11-26 12:31:54.000+0000|org.onap.holmes|admin
+aaf_admin@people.osaaf.org|org.onap.msb-eag.admin|2020-11-26 12:31:54.000+0000|org.onap.msb-eag|admin
+aaf_admin@people.osaaf.org|org.onap.msb-iag.admin|2020-11-26 12:31:54.000+0000|org.onap.msb-iag|admin
 aaf_admin@people.osaaf.org|org.onap.music.admin|2020-11-26 12:31:54.000+0000|org.onap.music|admin
 aaf_admin@people.osaaf.org|org.onap.music.owner|2020-11-26 12:31:54.000+0000|org.onap.music|owner
 aaf_admin@people.osaaf.org|org.onap.nbi.admin|2020-11-26 12:31:54.000+0000|org.onap.nbi|admin
@@ -303,6 +311,8 @@ policy@policy.onap.org|org.onap.policy.seeCerts|2020-11-26 12:31:54.000+0000|org
 pomba@pomba.onap.org|org.onap.aai.resources_all|2020-11-26 12:31:54.000+0000|org.onap.aai|resources_all
 pomba@pomba.onap.org|org.onap.aai.traversal_advanced|2020-11-26 12:31:54.000+0000|org.onap.aai|traversal_advanced
 holmes@holmes.onap.org|org.onap.holmes.service|2020-11-26 12:31:54.000+0000|org.onap.holmes|service
+msb-eag@msb-eag.onap.org|org.onap.msb-eag.service|2020-11-26 12:31:54.000+0000|org.onap.msb-eag|service
+msb-iag@msb-iag.onap.org|org.onap.msb-iag.service|2020-11-26 12:31:54.000+0000|org.onap.msb-iag|service
 nbi@nbi.onap.org|org.onap.nbi.seeCerts|2020-11-26 12:31:54.000+0000|org.onap.nbi|seeCerts
 nbi@nbi.onap.org|org.onap.nbi.service|2020-11-26 12:31:54.000+0000|org.onap.nbi|service
 music@music.onap.org|org.onap.music.service|2020-11-26 12:31:54.000+0000|org.onap.music|service

diff --git a/kubernetes/aaf/resources/data/identities.dat b/kubernetes/aaf/resources/data/identities.dat
index 7e97662..3b0114a 100644 (file)
--- a/kubernetes/aaf/resources/data/identities.dat
+++ b/kubernetes/aaf/resources/data/identities.dat
@@ -64,6 +64,8 @@ policy|ONAP Policy Application|POLICY|ONAP Application|314-123-1234|no_reply@peo
 pomba|ONAP Pomba Application|POMBA|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
 holmes|ONAP Holmes Application|HOLMES|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
 nbi|ONAP NBI Application|NBI|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
+msb-eag|ONAP MSB EAG Application|MSB EAG|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
+msb-iag|ONAP MSB IAG Application|MSB IAG|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
 music|ONAP MUSIC Application|MUSIC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
 # VID Identities
 vid|ONAP VID Application|VID|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager

diff --git a/kubernetes/msb/components/msb-eag/requirements.yaml b/kubernetes/msb/components/msb-eag/requirements.yaml
index c59eb6f..fe55201 100644 (file)
--- a/kubernetes/msb/components/msb-eag/requirements.yaml
+++ b/kubernetes/msb/components/msb-eag/requirements.yaml
@@ -1,4 +1,5 @@
 # Copyright © 2018 Amdocs, Bell Canada , ZTE
+# Copyright © 2021 Orange
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -17,4 +18,7 @@ dependencies:
     repository: '@local'
   - name: repositoryGenerator
     version: ~7.x-0
-    repository: '@local'
\ No newline at end of file
+    repository: '@local'
+  - name: certInitializer
+    version: ~7.x-0
+    repository: '@local'

diff --git a/kubernetes/msb/components/msb-eag/resources/config/log/logback.xml b/kubernetes/msb/components/msb-eag/resources/config/log/logback.xml
deleted file mode 100644 (file)
index 680cb73..0000000
--- a/kubernetes/msb/components/msb-eag/resources/config/log/logback.xml
+++ /dev/null
@@ -1,40 +0,0 @@
-<!--# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License. -->
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration debug="true" scan="true" scanPeriod="3 seconds">
-   <!--<jmxConfigurator /> -->
-   <!--  specify the base path of the log directory -->
-   <property name="logDir" value="/var/log/onap" />
-   <!--  specify the component name -->
-   <property name="componentName" value="msb" />
-   <!-- specify the sub component name -->
-   <property name="subComponentName" value="discovery" />
-   <!-- The directories where logs are written -->
-   <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
-   <property name="pattern" value="%d{&amp;quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&amp;quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />
-   <!--  log file names -->
-   <property name="errorLogName" value="error" />
-   <property name="metricsLogName" value="metrics" />
-   <property name="auditLogName" value="audit" />
-   <property name="debugLogName" value="debug" />
-   <property name="queueSize" value="256" />
-   <property name="maxFileSize" value="50MB" />
-   <property name="maxHistory" value="30" />
-   <property name="totalSizeCap" value="10GB" />
-   <!-- Example evaluator filter applied against console appender -->
-   <appender class="ch.qos.logback.core.ConsoleAppender" name="STDOUT">
-      <encoder>
-         <pattern>${pattern}</pattern>
-      </encoder>
-   </appender>

diff --git a/kubernetes/msb/components/msb-eag/resources/config/nginx/msbhttps.conf b/kubernetes/msb/components/msb-eag/resources/config/nginx/msbhttps.conf
new file mode 100644 (file)
index 0000000..7012575
--- /dev/null
+++ b/kubernetes/msb/components/msb-eag/resources/config/nginx/msbhttps.conf
@@ -0,0 +1,28 @@
+{{/*
+#
+# Copyright (C) 2017-2018 ZTE, Inc. and others. All rights reserved. (ZTE)
+# Copyright © 2021 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+*/}}
+server {
+  listen 443 ssl;
+  ssl_certificate {{ .Values.certInitializer.credsPath }}/certs/cert.crt;
+  ssl_certificate_key {{ .Values.certInitializer.credsPath }}/certs/cert.key;
+  ssl_protocols TLSv1.1 TLSv1.2;
+  ssl_dhparam ../ssl/dh-pubkey/dhparams.pem;
+  include ../msb-enabled/location-default/msblocations.conf;
+  # Add below settings for making SDC to work
+  underscores_in_headers on;
+}
\ No newline at end of file

diff --git a/kubernetes/msb/components/msb-eag/templates/configmap.yaml b/kubernetes/msb/components/msb-eag/templates/configmap.yaml
index 33c77e5..30c0a80 100644 (file)
--- a/kubernetes/msb/components/msb-eag/templates/configmap.yaml
+++ b/kubernetes/msb/components/msb-eag/templates/configmap.yaml
@@ -1,5 +1,6 @@
 {{/*
 # Copyright © 2018 Amdocs, Bell Canada , ZTE
+# Copyright © 2021 Orange
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -20,3 +21,11 @@ metadata:
   namespace: {{ include "common.namespace" . }}
 data:
 {{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-nginx
+  namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/nginx/*").AsConfig . | indent 2 }}

diff --git a/kubernetes/msb/components/msb-eag/templates/deployment.yaml b/kubernetes/msb/components/msb-eag/templates/deployment.yaml
index 36cb13d..113a174 100644 (file)
--- a/kubernetes/msb/components/msb-eag/templates/deployment.yaml
+++ b/kubernetes/msb/components/msb-eag/templates/deployment.yaml
@@ -1,5 +1,6 @@
 {{/*
 # Copyright © 2018 Amdocs, Bell Canada , ZTE
+# Copyright © 2021 Orange
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -38,6 +39,7 @@ spec:
     spec:
       serviceAccountName: msb
       initContainers:
+      {{ include "common.certInitializer.initContainer" . | indent 6 | trim }}
       - command:
         - /app/ready.py
         args:
@@ -83,19 +85,15 @@ spec:
           - name: ROUTE_LABELS
             value: {{ .Values.config.routeLabels }}
           volumeMounts:
+          {{ include "common.certInitializer.volumeMount" . | indent 10 | trim }}
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
-          - name: {{ include "common.fullname" . }}-cert
-            mountPath: /usr/local/openresty/nginx/ssl/cert/cert.crt
-            readOnly: true
-            subPath: "cert.crt"
-          - name: {{ include "common.fullname" . }}-cert
-            mountPath: /usr/local/openresty/nginx/html/cert/ca.crt
-            readOnly: true
-            subPath: "ca.crt"
           - mountPath: /usr/local/apiroute-works/logs
             name: {{ include "common.fullname" . }}-logs
+          - mountPath: /usr/local/openresty/nginx/msb-enabled/msbhttps.conf
+            name: {{ include "common.fullname" . }}-nginx-conf
+            subPath: msbhttps.conf
           resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
@@ -122,12 +120,13 @@ spec:
             name: {{ include "common.fullname" . }}-log-conf
             subPath: logback.xml
       volumes:
-        - name: {{ include "common.fullname" . }}-cert
-          secret:
-            secretName: {{ include "common.release" . }}-msb-https-cert
+        {{ include "common.certInitializer.volumes" . | indent 8 | trim }}
         - name: {{ include "common.fullname" . }}-log-conf
           configMap:
             name: {{ include "common.fullname" . }}-log
+        - name: {{ include "common.fullname" . }}-nginx-conf
+          configMap:
+            name: {{ include "common.fullname" . }}-nginx
         - name: {{ include "common.fullname" . }}-filebeat-conf
           configMap:
             name: {{ include "common.release" . }}-msb-filebeat-configmap

diff --git a/kubernetes/msb/components/msb-eag/values.yaml b/kubernetes/msb/components/msb-eag/values.yaml
index b8813b8..ff158b5 100644 (file)
--- a/kubernetes/msb/components/msb-eag/values.yaml
+++ b/kubernetes/msb/components/msb-eag/values.yaml
@@ -1,4 +1,5 @@
 # Copyright © 2018 Amdocs, Bell Canada , ZTE
+# Copyright © 2021 Orange
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -17,6 +18,45 @@
 global:
   nodePortPrefix: 302
 
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+  nameOverride: msb-eag-cert-initializer
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  # aafDeployCredsExternalSecret: some secret
+  fqdn: msb-eag
+  fqi: msb-eag@msb-eag.onap.org
+  fqi_namespace: org.onap.msb-eag
+  public_fqdn: msb-eag.onap.org
+  cadi_longitude: "0.0"
+  cadi_latitude: "0.0"
+  app_ns: org.osaaf.aaf
+  credsPath: /opt/app/osaaf/local
+  aaf_add_config: |
+    echo "*** retrieving passwords for certificates"
+    export $(/opt/app/aaf_config/bin/agent.sh local showpass \
+      {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c')
+    if [ -z "$cadi_keystore_password_p12" ]
+    then
+      echo "  /!\ certificates retrieval failed"
+      exit 1
+    else
+      mkdir -p {{ .Values.credsPath }}/certs
+      echo "*** retrieve certificate from pkcs12"
+      openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \
+        -out {{ .Values.credsPath }}/certs/cert.crt -nokeys \
+        -passin pass:$cadi_keystore_password_p12 \
+        -passout pass:$cadi_keystore_password_p12
+      echo "*** copy key to relevant place"
+      cp {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key {{ .Values.credsPath }}/certs/cert.key
+      echo "*** change ownership and read/write attributes"
+      chown -R 1000 {{ .Values.credsPath }}/certs
+      chmod 600 {{ .Values.credsPath }}/certs/cert.crt
+      chmod 600 {{ .Values.credsPath }}/certs/cert.key
+    fi
+
 #################################################################
 # Application configuration defaults.
 #################################################################

diff --git a/kubernetes/msb/components/msb-iag/requirements.yaml b/kubernetes/msb/components/msb-iag/requirements.yaml
index 467a52a..fe55201 100644 (file)
--- a/kubernetes/msb/components/msb-iag/requirements.yaml
+++ b/kubernetes/msb/components/msb-iag/requirements.yaml
@@ -1,4 +1,5 @@
 # Copyright © 2018 Amdocs, Bell Canada , ZTE
+# Copyright © 2021 Orange
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -18,3 +19,6 @@ dependencies:
   - name: repositoryGenerator
     version: ~7.x-0
     repository: '@local'
+  - name: certInitializer
+    version: ~7.x-0
+    repository: '@local'

diff --git a/kubernetes/msb/components/msb-iag/resources/config/log/logback.xml b/kubernetes/msb/components/msb-iag/resources/config/log/logback.xml
deleted file mode 100644 (file)
index 680cb73..0000000
--- a/kubernetes/msb/components/msb-iag/resources/config/log/logback.xml
+++ /dev/null
@@ -1,40 +0,0 @@
-<!--# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License. -->
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration debug="true" scan="true" scanPeriod="3 seconds">
-   <!--<jmxConfigurator /> -->
-   <!--  specify the base path of the log directory -->
-   <property name="logDir" value="/var/log/onap" />
-   <!--  specify the component name -->
-   <property name="componentName" value="msb" />
-   <!-- specify the sub component name -->
-   <property name="subComponentName" value="discovery" />
-   <!-- The directories where logs are written -->
-   <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
-   <property name="pattern" value="%d{&amp;quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&amp;quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />
-   <!--  log file names -->
-   <property name="errorLogName" value="error" />
-   <property name="metricsLogName" value="metrics" />
-   <property name="auditLogName" value="audit" />
-   <property name="debugLogName" value="debug" />
-   <property name="queueSize" value="256" />
-   <property name="maxFileSize" value="50MB" />
-   <property name="maxHistory" value="30" />
-   <property name="totalSizeCap" value="10GB" />
-   <!-- Example evaluator filter applied against console appender -->
-   <appender class="ch.qos.logback.core.ConsoleAppender" name="STDOUT">
-      <encoder>
-         <pattern>${pattern}</pattern>
-      </encoder>
-   </appender>

diff --git a/kubernetes/msb/components/msb-iag/resources/config/nginx/msbhttps.conf b/kubernetes/msb/components/msb-iag/resources/config/nginx/msbhttps.conf
new file mode 100644 (file)
index 0000000..7012575
--- /dev/null
+++ b/kubernetes/msb/components/msb-iag/resources/config/nginx/msbhttps.conf
@@ -0,0 +1,28 @@
+{{/*
+#
+# Copyright (C) 2017-2018 ZTE, Inc. and others. All rights reserved. (ZTE)
+# Copyright © 2021 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+*/}}
+server {
+  listen 443 ssl;
+  ssl_certificate {{ .Values.certInitializer.credsPath }}/certs/cert.crt;
+  ssl_certificate_key {{ .Values.certInitializer.credsPath }}/certs/cert.key;
+  ssl_protocols TLSv1.1 TLSv1.2;
+  ssl_dhparam ../ssl/dh-pubkey/dhparams.pem;
+  include ../msb-enabled/location-default/msblocations.conf;
+  # Add below settings for making SDC to work
+  underscores_in_headers on;
+}
\ No newline at end of file

diff --git a/kubernetes/msb/components/msb-iag/templates/configmap.yaml b/kubernetes/msb/components/msb-iag/templates/configmap.yaml
index 33c77e5..30c0a80 100644 (file)
--- a/kubernetes/msb/components/msb-iag/templates/configmap.yaml
+++ b/kubernetes/msb/components/msb-iag/templates/configmap.yaml
@@ -1,5 +1,6 @@
 {{/*
 # Copyright © 2018 Amdocs, Bell Canada , ZTE
+# Copyright © 2021 Orange
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -20,3 +21,11 @@ metadata:
   namespace: {{ include "common.namespace" . }}
 data:
 {{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.fullname" . }}-nginx
+  namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/nginx/*").AsConfig . | indent 2 }}

diff --git a/kubernetes/msb/components/msb-iag/templates/deployment.yaml b/kubernetes/msb/components/msb-iag/templates/deployment.yaml
index 00dc6b6..7bae325 100644 (file)
--- a/kubernetes/msb/components/msb-iag/templates/deployment.yaml
+++ b/kubernetes/msb/components/msb-iag/templates/deployment.yaml
@@ -1,5 +1,6 @@
 {{/*
 # Copyright © 2018 Amdocs, Bell Canada , ZTE
+# Copyright © 2021 Orange
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -38,6 +39,7 @@ spec:
     spec:
       serviceAccountName: msb
       initContainers:
+      {{ include "common.certInitializer.initContainer" . | indent 6 | trim }}
       - command:
         - /app/ready.py
         args:
@@ -83,19 +85,15 @@ spec:
           - name: ROUTE_LABELS
             value: {{ .Values.config.routeLabels }}
           volumeMounts:
+          {{ include "common.certInitializer.volumeMount" . | indent 10 | trim }}
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
-          - name: {{ include "common.fullname" . }}-cert
-            mountPath: /usr/local/openresty/nginx/ssl/cert/cert.crt
-            readOnly: true
-            subPath: "cert.crt"
-          - name: {{ include "common.fullname" . }}-cert
-            mountPath: /usr/local/openresty/nginx/html/cert/ca.crt
-            readOnly: true
-            subPath: "ca.crt"
           - mountPath: /usr/local/apiroute-works/logs
             name: {{ include "common.fullname" . }}-logs
+          - mountPath: /usr/local/openresty/nginx/msb-enabled/msbhttps.conf
+            name: {{ include "common.fullname" . }}-nginx-conf
+            subPath: msbhttps.conf
           resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
@@ -122,12 +120,13 @@ spec:
             name: {{ include "common.fullname" . }}-log-conf
             subPath: logback.xml
       volumes:
-        - name: {{ include "common.fullname" . }}-cert
-          secret:
-            secretName: {{ include "common.release" . }}-msb-https-cert
+        {{ include "common.certInitializer.volumes" . | indent 8 | trim }}
         - name: {{ include "common.fullname" . }}-log-conf
           configMap:
             name: {{ include "common.fullname" . }}-log
+        - name: {{ include "common.fullname" . }}-nginx-conf
+          configMap:
+            name: {{ include "common.fullname" . }}-nginx
         - name: {{ include "common.fullname" . }}-filebeat-conf
           configMap:
             name: {{ include "common.release" . }}-msb-filebeat-configmap

diff --git a/kubernetes/msb/components/msb-iag/values.yaml b/kubernetes/msb/components/msb-iag/values.yaml
index b91ddca..51e78e1 100644 (file)
--- a/kubernetes/msb/components/msb-iag/values.yaml
+++ b/kubernetes/msb/components/msb-iag/values.yaml
@@ -1,4 +1,5 @@
 # Copyright © 2018 Amdocs, Bell Canada , ZTE
+# Copyright © 2021 Orange
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -17,6 +18,45 @@
 global:
   nodePortPrefix: 302
 
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+  nameOverride: msb-iag-cert-initializer
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  # aafDeployCredsExternalSecret: some secret
+  fqdn: msb-iag
+  fqi: msb-iag@msb-iag.onap.org
+  fqi_namespace: org.onap.msb-iag
+  public_fqdn: msb-iag.onap.org
+  cadi_longitude: "0.0"
+  cadi_latitude: "0.0"
+  app_ns: org.osaaf.aaf
+  credsPath: /opt/app/osaaf/local
+  aaf_add_config: |
+    echo "*** retrieving passwords for certificates"
+    export $(/opt/app/aaf_config/bin/agent.sh local showpass \
+      {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c')
+    if [ -z "$cadi_keystore_password_p12" ]
+    then
+      echo "  /!\ certificates retrieval failed"
+      exit 1
+    else
+      mkdir -p {{ .Values.credsPath }}/certs
+      echo "*** retrieve certificate from pkcs12"
+      openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \
+        -out {{ .Values.credsPath }}/certs/cert.crt -nokeys \
+        -passin pass:$cadi_keystore_password_p12 \
+        -passout pass:$cadi_keystore_password_p12
+      echo "*** copy key to relevant place"
+      cp {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key {{ .Values.credsPath }}/certs/cert.key
+      echo "*** change ownership and read/write attributes"
+      chown -R 1000 {{ .Values.credsPath }}/certs
+      chmod 600 {{ .Values.credsPath }}/certs/cert.crt
+      chmod 600 {{ .Values.credsPath }}/certs/cert.key
+    fi
+
 #################################################################
 # Application configuration defaults.
 #################################################################

diff --git a/kubernetes/msb/requirements.yaml b/kubernetes/msb/requirements.yaml
index c52bec4..b335bfa 100644 (file)
--- a/kubernetes/msb/requirements.yaml
+++ b/kubernetes/msb/requirements.yaml
@@ -1,4 +1,5 @@
 # Copyright © 2018 Amdocs, Bell Canada , ZTE
+# Copyright © 2020 Orange
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

diff --git a/kubernetes/msb/resources/config/certificates/ca.crt b/kubernetes/msb/resources/config/certificates/ca.crt
deleted file mode 100644 (file)
index 62da777..0000000
--- a/kubernetes/msb/resources/config/certificates/ca.crt
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDkjCCAnoCCQCHtNgoWafiHzANBgkqhkiG9w0BAQsFADCBijELMAkGA1UEBhMC
-Q04xETAPBgNVBAgMCHNpY2h1YW5nMRAwDgYDVQQHDAdjaGVuZ2R1MQwwCgYDVQQK
-DAN6dGUxDjAMBgNVBAsMBXplbmFwMTgwNgYDVQQDDC9aVEUgT3BlblBhbGV0dGUg
-Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxNzAeFw0xNzAzMTcwMTU2MjBa
-Fw0yNzAzMTUwMTU2MjBaMIGKMQswCQYDVQQGEwJDTjERMA8GA1UECAwIc2ljaHVh
-bmcxEDAOBgNVBAcMB2NoZW5nZHUxDDAKBgNVBAoMA3p0ZTEOMAwGA1UECwwFemVu
-YXAxODA2BgNVBAMML1pURSBPcGVuUGFsZXR0ZSBSb290IENlcnRpZmljYXRlIEF1
-dGhvcml0eSAyMDE3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA23LK
-Eq56pVzsRbYJ6NMdk82QfLjnp+f7KzdQ46SfwldG3gmipasPwDXV9jT9FvUlX8s/
-mRphOyuZ7vDzL2QjlS/FBATTWrJ2VCJmBVlzVu4STZ6YrxpQrSAalGkiYd9uT2Yt
-2quNUPCsZSlJ8qJCYs098bJ2XTsK0JBby94j3nTdvNWhhErrheWdG/CHje32sKog
-6BxN4GzMeZ2fUd0vKsqBs89M0pApdjpRMqEGHg+Lri4iiE9kKa/Y8S3V6ggJZjbp
-7xs7N0miy/paeosjfFe5U6mhumUSZPFy8ueAgGxqBkwvLJwCY3HYcrsFGaXTu+c3
-p2q1Adygif1h43HrvQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAb/cgmsCxvQmvu
-5e4gpn5WEMo0k7F6IAghd8139i9vmtQ88reYZvfiVsp/5ZjNnNj75lLbjjexDkPA
-bdnAiJfRKOrMaPqY6Bem4v8lPu1B/kj1umn4BXOCC1kpcH/2JCmvI8uh49SSlT9J
-wUSKWw8Qhy9XKN692y02QZke9Xp2HoFvMUlntglmQUIRO5eBYLQCSWpfv/iyMs6w
-ar7Tk1p2rURpRh02P7WFQ5j5fxXEOrkMT7FX80EB3AddSthstj2iDlUcqfG3jXH/
-FA5r1q45kMUaMYxV9WIE67Vt0RaxrUJYWDR2kDSSox7LR5GpjWiSlPAfcLCeVuA3
-3lR7lW/J
------END CERTIFICATE-----

diff --git a/kubernetes/msb/resources/config/certificates/cert.crt b/kubernetes/msb/resources/config/certificates/cert.crt
deleted file mode 100644 (file)
index e718c8d..0000000
--- a/kubernetes/msb/resources/config/certificates/cert.crt
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID0TCCArmgAwIBAgIJAOQWcdss4QvKMA0GCSqGSIb3DQEBCwUAMIGKMQswCQYD
-VQQGEwJDTjERMA8GA1UECAwIc2ljaHVhbmcxEDAOBgNVBAcMB2NoZW5nZHUxDDAK
-BgNVBAoMA3p0ZTEOMAwGA1UECwwFemVuYXAxODA2BgNVBAMML1pURSBPcGVuUGFs
-ZXR0ZSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDE3MB4XDTIwMDUxMzAy
-MjIyN1oXDTIyMDUxMzAyMjIyN1owgYwxCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdT
-aWNodWFuMRAwDgYDVQQHDAdDaGVuZ2R1MQ0wCwYDVQQKDARPTkFQMQwwCgYDVQQL
-DANNU0IxEDAOBgNVBAMMB21zYi1pYWcxKjAoBgkqhkiG9w0BCQEWG29uYXAtZGlz
-Y3Vzc0BsaXN0cy5vbmFwLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBAMa1YlTIL8APcmASbxrD7Q9BhWL9Hwi+FKO4HsIrSiJj/A/FLVe3kV2axA7b
-5wdv44P0qQnh3pc0djlnZ47Fgli3lhEZ33+j5vrXHCjEFKiZZVeO+y/p+OcZVMNi
-L+MPJNTNgMkPoaljs/U6fn6fFyAgMMIqqigxHJaNvz7IH+UpqbWWzZo7+JqClBi8
-t5ZIDk18/3cPQWXIne+3MoYULdEayAS8/4wYoJANH1knmSG+J07f9uCXniiz4zFF
-ngMGHm4kuKXJCAl5E6S5fPzsLKqtwbbn9kJNyWoNFDuc7zW5dPfqPVckHHQ8Dx0q
-2111UgrzrBZMW1RKmcwB+1YXip8CAwEAAaM2MDQwMgYDVR0RBCswKYIHbXNiLWlh
-Z4IHbXNiLWVhZ4IVKi5zaW1wbGVkZW1vLm9uYXAub3JnMA0GCSqGSIb3DQEBCwUA
-A4IBAQC9KKJ5x+EBHfdODbMIAufYinlbNRQ4xdG7tlRk0cRXnZoWi6yObQXmZuHV
-56M2ZIylKNab2Z0VBluQqoLJvByAHQJO1r+qsAMG/LXBRC1x3y5344vtEPbikpMs
-GHtxHomAu/JtSAlSL1Wvj7co3OUgVH/yNbccysVtqxxrfPrBhLfH/yDrFehmQ00T
-P8mmJG3qeOUII0pgUjBkGL52+YMN0qy0SgryBx86fR9Y1bQLdWNfsM1CUXE2q9xs
-FmU5Ry1pemTo68THSJs4wOnjLZ4kWTseTcEmQ6X2lfah8Ch0ffd3tttguNXnT1Xc
-axgwv2Cypja3bPbq9t8kfJhbDrYO
------END CERTIFICATE-----

diff --git a/kubernetes/msb/templates/secrets.yaml b/kubernetes/msb/templates/secrets.yaml
deleted file mode 100644 (file)
index 7dcec5a..0000000
--- a/kubernetes/msb/templates/secrets.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-{{/*
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "common.release" . }}-msb-https-cert
-  labels: {{ include "common.labels" . | nindent 4 }}
-    app: {{ include "common.name" . }}
-    chart: {{ include "common.chart" . }}
-    release: {{ include "common.release" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/config/certificates/*").AsSecrets . | indent 2 }}

diff --git a/kubernetes/msb/templates/serviceaccout.yaml b/kubernetes/msb/templates/serviceaccount.yaml
similarity index 95%
rename from kubernetes/msb/templates/serviceaccout.yaml
rename to kubernetes/msb/templates/serviceaccount.yaml
index 3248a0f..50cbebf 100644 (file)
--- a/kubernetes/msb/templates/serviceaccout.yaml
+++ b/kubernetes/msb/templates/serviceaccount.yaml
@@ -16,8 +16,8 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: msb 
-  namespace: {{ include "common.namespace" . }} 
+  name: msb
+  namespace: {{ include "common.namespace" . }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding

diff --git a/kubernetes/msb/values.yaml b/kubernetes/msb/values.yaml
index 739fcea..5d3ffe0 100644 (file)
--- a/kubernetes/msb/values.yaml
+++ b/kubernetes/msb/values.yaml
@@ -23,4 +23,3 @@ global:
 config:
   logstashServiceName: log-ls
   logstashPort: 5044
-