From: Krzysztof Opasiak Date: Thu, 6 May 2021 22:18:45 +0000 (+0000) Subject: Merge "[COMMON][CASSANDRA] Use Startup probes" X-Git-Tag: 9.0.0~286 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=48d51d0cc0f93f60bf94722745c8be75372a4bdd;hp=e7616c3ea9d805edf625c9eac622f97d1e648d5a;p=oom.git Merge "[COMMON][CASSANDRA] Use Startup probes" --- diff --git a/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh index d955ecdf3c..ec1ce944c9 100755 --- a/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh +++ b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh @@ -17,6 +17,7 @@ */}} CERTS_DIR=${CERTS_DIR:-/certs} +MORE_CERTS_DIR=${MORE_CERTS_DIR:-/more_certs} WORK_DIR=${WORK_DIR:-/updatedTruststore} ONAP_TRUSTSTORE=${ONAP_TRUSTSTORE:-truststoreONAPall.jks} JRE_TRUSTSTORE=${JRE_TRUSTSTORE:-$JAVA_HOME/lib/security/cacerts} @@ -47,6 +48,13 @@ for f in $CERTS_DIR/*; do fi done +for f in $MORE_CERTS_DIR/*; do + if [ ${f: -4} == ".pem" ] + then + cp $f $WORK_DIR/. + fi +done + # Prepare truststore output file if [ "$AAF_ENABLED" = "true" ] then diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml index 414192e2bc..3b165a4c20 100644 --- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml +++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml @@ -137,6 +137,8 @@ volumeMounts: - mountPath: /certs name: aaf-agent-certs + - mountPath: /more_certs + name: provided-custom-certs - mountPath: /root/import-custom-certs.sh name: aaf-agent-certs subPath: import-custom-certs.sh @@ -177,6 +179,21 @@ configMap: name: {{ tpl $subchartDot.Values.certsCMName $subchartDot }} defaultMode: 0700 +{{- if $dot.Values.global.importCustomCertsEnabled }} +- name: provided-custom-certs +{{- if $dot.Values.global.customCertsSecret }} + secret: + secretName: {{ $dot.Values.global.customCertsSecret }} +{{- else }} +{{- if $dot.Values.global.customCertsConfigMap }} + configMap: + name: {{ $dot.Values.global.customCertsConfigMap }} +{{- else }} + emptyDir: + medium: Memory +{{- end }} +{{- end }} +{{- end }} - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }} configMap: name: {{ include "common.fullname" $subchartDot }}-add-config diff --git a/kubernetes/common/certInitializer/values.yaml b/kubernetes/common/certInitializer/values.yaml index 52b2765329..74a2b37568 100644 --- a/kubernetes/common/certInitializer/values.yaml +++ b/kubernetes/common/certInitializer/values.yaml @@ -15,6 +15,15 @@ global: aafAgentImage: onap/aaf/aaf_agent:2.1.20 aafEnabled: true + # Give the name of a config map where certInitializer will onboard all certs + # given (certs must be in pem format) + customCertsConfigMap: + # Give the name of a secret where certInitializer will onboard all certs given + # (certs must be in pem format) + # this one superseedes previous one (so if both are given, only certs from + # secret will be onboarded). + customCertsSecret: + pullPolicy: Always @@ -37,7 +46,6 @@ readinessCheck: - aaf-cm - aaf-service -aafDeployFqi: "changeme" fqdn: "" app_ns: "org.osaaf.aaf" fqi: "" diff --git a/kubernetes/common/music/values.yaml b/kubernetes/common/music/values.yaml index 25cab910a9..f578949196 100644 --- a/kubernetes/common/music/values.yaml +++ b/kubernetes/common/music/values.yaml @@ -164,5 +164,4 @@ certInitializer: credsPath: /opt/app/osaaf/local appMountPath: /opt/app/aafcertman aaf_add_config: > - cd {{ .Values.credsPath }}; - /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} | grep cadi_keystore_password_jks= | cut -d= -f 2 > {{ .Values.credsPath }}/.pass 2>&1; + echo "$cadi_keystore_password_jks" > {{ .Values.credsPath }}/.pass; diff --git a/kubernetes/policy/components/policy-clamp-be/resources/config/create-db-tables.sh b/kubernetes/policy/components/policy-clamp-be/resources/config/create-db-tables.sh index 329479fad2..ad9984c26c 100755 --- a/kubernetes/policy/components/policy-clamp-be/resources/config/create-db-tables.sh +++ b/kubernetes/policy/components/policy-clamp-be/resources/config/create-db-tables.sh @@ -16,4 +16,4 @@ # limitations under the License. */}} -mysql -h"${MYSQL_HOST}" -P"${MYSQL_PORT}" -u"${MYSQL_USER}" -p"${MYSQL_PASSWORD}" policyclamp < /dbcmd-config/policy-clamp-create-tables.sql +mysql -h"${MYSQL_HOST}" -P"${MYSQL_PORT}" -u"${MYSQL_USER}" -p"${MYSQL_PASSWORD}" -f policyclamp < /dbcmd-config/policy-clamp-create-tables.sql diff --git a/kubernetes/portal/components/portal-app/values.yaml b/kubernetes/portal/components/portal-app/values.yaml index 0a818102c6..b46876ced9 100644 --- a/kubernetes/portal/components/portal-app/values.yaml +++ b/kubernetes/portal/components/portal-app/values.yaml @@ -77,10 +77,9 @@ certInitializer: permission_group: 999 keystoreFile: "org.onap.portal.p12" truststoreFile: "org.onap.portal.trust.jks" - aaf_add_config: > - /opt/app/aaf_config/bin/agent.sh; - /opt/app/aaf_config/bin/agent.sh local showpass \ - {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop + aaf_add_config: | + echo "cadi_truststore_password=$cadi_truststore_password" > {{ .Values.credsPath }}/mycreds.prop + echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" >> {{ .Values.credsPath }}/mycreds.prop # default number of instances replicaCount: 1 diff --git a/kubernetes/portal/components/portal-sdk/values.yaml b/kubernetes/portal/components/portal-sdk/values.yaml index 11ce5a6e42..7631c3a482 100644 --- a/kubernetes/portal/components/portal-sdk/values.yaml +++ b/kubernetes/portal/components/portal-sdk/values.yaml @@ -78,10 +78,9 @@ certInitializer: permission_group: 999 keystoreFile: "org.onap.portal.p12" truststoreFile: "org.onap.portal.trust.jks" - aaf_add_config: > - /opt/app/aaf_config/bin/agent.sh; - /opt/app/aaf_config/bin/agent.sh local showpass \ - {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop + aaf_add_config: | + echo "cadi_truststore_password=$cadi_truststore_password" > {{ .Values.credsPath }}/mycreds.prop + echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" >> {{ .Values.credsPath }}/mycreds.prop # flag to enable debugging - application support required debugEnabled: false