From: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Date: Wed, 31 Mar 2021 18:10:50 +0000 (+0000)
Subject: Merge "[CCSDK] Correct permissions of mounted configmaps" into guilin
X-Git-Tag: 7.0.1~6
X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=20a7b21e9ceb5d2018d83b1a6b7b8672db84eaeb;hp=f6cbd51b0e4762120396383a8ca3042c3880eb42;p=oom.git

Merge "[CCSDK] Correct permissions of mounted configmaps" into guilin
---

diff --git a/kubernetes/cds/charts/cds-ui/resources/certs/org.onap.sdnc-cds.p12 b/kubernetes/cds/charts/cds-ui/resources/certs/org.onap.sdnc-cds.p12
new file mode 100644
index 0000000000..8240f4c590
Binary files /dev/null and b/kubernetes/cds/charts/cds-ui/resources/certs/org.onap.sdnc-cds.p12 differ
diff --git a/kubernetes/cds/charts/cds-ui/templates/deployment.yaml b/kubernetes/cds/charts/cds-ui/templates/deployment.yaml
index 4d3d8347db..a0774ec859 100644
--- a/kubernetes/cds/charts/cds-ui/templates/deployment.yaml
+++ b/kubernetes/cds/charts/cds-ui/templates/deployment.yaml
@@ -52,6 +52,13 @@ spec:
             initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
             periodSeconds: {{ .Values.liveness.periodSeconds }}
           {{ end }}
+          command:
+          - sh
+          args:
+          - -c
+          - |
+            echo "cadi_keystore_password_p12=$PASSPHRASE_VALUE" > .enc
+            node .
           env:
             - name: HOST
               value: 0.0.0.0
@@ -71,6 +78,10 @@ spec:
               value: "{{ .Values.config.api.processor.grpc.port }}"
             - name: API_BLUEPRINT_PROCESSOR_GRPC_AUTH_TOKEN
               value: {{ .Values.config.api.processor.grpc.authToken }}
+            - name: KEYSTORE
+              value: "/certs/org.onap.sdnc-cds.p12"
+            - name: PASSPHRASE_VALUE
+              {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-certs-pass" "key" "password") | indent 14 }}
           readinessProbe:
             tcpSocket:
               port: {{ .Values.service.internalPort }}
@@ -80,6 +91,8 @@ spec:
             - mountPath: /etc/localtime
               name: localtime
               readOnly: true
+            - mountPath: /certs
+              name: certs
           resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
@@ -94,5 +107,8 @@ spec:
         - name: localtime
           hostPath:
             path: /etc/localtime
+        - name: certs
+          secret:
+            secretName: {{ include "common.fullname" . }}-certs
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/cds/charts/cds-ui/templates/secret.yaml b/kubernetes/cds/charts/cds-ui/templates/secret.yaml
new file mode 100644
index 0000000000..6dcf31f6ca
--- /dev/null
+++ b/kubernetes/cds/charts/cds-ui/templates/secret.yaml
@@ -0,0 +1,31 @@
+{{/*
+# Copyright © 2021 Orange
+# Modifications Copyright © 2018  Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.fullname" . }}-certs
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }}
+---
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/cds/charts/cds-ui/values.yaml b/kubernetes/cds/charts/cds-ui/values.yaml
index 496aa85fea..d94c59f02a 100644
--- a/kubernetes/cds/charts/cds-ui/values.yaml
+++ b/kubernetes/cds/charts/cds-ui/values.yaml
@@ -21,6 +21,20 @@ global:
   loggingRepository: docker.elastic.co
   loggingImage: beats/filebeat:5.5.0
 
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+  - uid: cds-certs-pass
+    type: password
+    externalSecret: '{{ tpl (default "" .Values.certs.certsExternalSecret) . }}'
+    password: '{{ .Values.certs.password }}'
+
+certs:
+  password: "DG*HkOIe5W^F}XYI6o!2sD(6"
+  #certsExternalSecret:
+
 subChartsOnly:
   enabled: true
 
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
index 262e074f03..6496792a37 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
@@ -87,7 +87,7 @@ spec:
         {{- end -}}
         {{- if .Values.affinity }}
         affinity: {{ toYaml .Values.affinity | nindent 10 }}
-        {{- end -}}
+        {{- end }}
         # Filebeat sidecar container
         - name: {{ include "common.name" . }}-filebeat-onap
           image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
index 0655d7c13f..28eee93a4e 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
@@ -105,7 +105,7 @@ spec:
         {{- if .Values.affinity }}
         affinity:
 {{ toYaml .Values.affinity | indent 10 }}
-        {{- end -}}
+        {{- end }}
       # Filebeat sidecar container
         - name: {{ include "common.name" . }}-filebeat-onap
           image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
diff --git a/kubernetes/vid/resources/certs/org.onap.vid.jks b/kubernetes/vid/resources/certs/org.onap.vid.jks
index a05f12d857..caecf7c6b5 100644
Binary files a/kubernetes/vid/resources/certs/org.onap.vid.jks and b/kubernetes/vid/resources/certs/org.onap.vid.jks differ
diff --git a/kubernetes/vid/values.yaml b/kubernetes/vid/values.yaml
index 3c9b8ceb63..fbec75b9d3 100644
--- a/kubernetes/vid/values.yaml
+++ b/kubernetes/vid/values.yaml
@@ -50,7 +50,7 @@ config:
     userName: vidadmin
 #    userCredentialsExternalSecret: some secret
 #    userPassword: password
-  vidkeystorepassword: 'F:.\,csU\&ew8\;tdVitnfo\}O\!g'
+  vidkeystorepassword: KmWCGdBQgHnqJTtXnSzijoQfeJD8KQ6ZmJhDeOsRAaNsGwt4pn9idfvI5pLOxwTi
   asdcclientrestauth: "Basic dmlkOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU="
   asdcclientrestport: "8443"
   vidaaiport: "8443"