From 2325efd0b6f8b094f6a801bf55d6ff6f53e9cbfa Mon Sep 17 00:00:00 2001 From: ChrisC Date: Fri, 11 Sep 2020 18:39:23 +0200 Subject: [PATCH] [CLAMP] AAF certificate using certinializer use of auto-generated certificates via AAF side-car at OOM deployment time for CLAMP. Issue-ID: CLAMP-884 Change-Id: I24f5a119714a5e46c4d0c152c03b6bc545135b8e Signed-off-by: osgn422w Signed-off-by: ChrisC --- kubernetes/clamp/Makefile | 50 ++++++++++++++++ .../clamp/charts/clamp-backend/requirements.yaml | 22 ------- kubernetes/clamp/components/Makefile | 50 ++++++++++++++++ .../clamp-backend/Chart.yaml | 0 .../components/clamp-backend/requirements.yaml | 19 ++++++ .../resources/config/application.properties | 69 ++++++++++++++++++++++ .../resources/config/log/filebeat/filebeat.yml | 0 .../resources/config/sdc-controllers-config.json | 0 .../clamp-backend/templates/NOTES.txt | 0 .../clamp-backend/templates/configmap.yaml | 1 - .../clamp-backend/templates/deployment.yaml | 30 +++++++--- .../clamp-backend/templates/secrets.yaml | 0 .../clamp-backend/templates/service.yaml | 0 .../clamp-backend/values.yaml | 61 ++++++++++++------- .../clamp-dash-es/Chart.yaml | 0 .../clamp-dash-es/requirements.yaml | 0 .../resources/config/elasticsearch.yml | 0 .../clamp-dash-es/templates/configmap.yaml | 0 .../clamp-dash-es/templates/deployment.yaml | 0 .../clamp-dash-es/templates/pv.yaml | 0 .../clamp-dash-es/templates/pvc.yaml | 0 .../clamp-dash-es/templates/service.yaml | 0 .../clamp-dash-es/values.yaml | 0 .../clamp-dash-kibana/Chart.yaml | 0 .../clamp-dash-kibana/requirements.yaml | 0 .../clamp-dash-kibana/resources/config/kibana.yml | 0 .../clamp-dash-kibana/templates/configmap.yaml | 0 .../clamp-dash-kibana/templates/deployment.yaml | 0 .../clamp-dash-kibana/templates/ingress.yaml | 0 .../clamp-dash-kibana/templates/service.yaml | 0 .../clamp-dash-kibana/values.yaml | 0 .../clamp-dash-logstash/Chart.yaml | 0 .../clamp-dash-logstash/requirements.yaml | 0 .../resources/config/logstash.yml | 0 .../resources/config/pipeline.conf | 0 .../clamp-dash-logstash/templates/configmap.yaml | 0 .../clamp-dash-logstash/templates/deployment.yaml | 0 .../clamp-dash-logstash/templates/service.yaml | 0 .../clamp-dash-logstash/values.yaml | 0 .../clamp-mariadb}/Chart.yaml | 2 +- .../mariadb => components/clamp-mariadb}/NOTES.txt | 0 .../components/clamp-mariadb/requirements.yaml | 18 ++++++ .../resources/config/init/docker-entrypoint.sh | 0 .../resources/config/mariadb/conf.d/conf1/my.cnf | 0 .../docker-entrypoint-initdb.d/create-tables.sql | 0 .../clamp-mariadb}/templates/NOTES.txt | 0 .../clamp-mariadb}/templates/configmap.yaml | 0 .../clamp-mariadb}/templates/deployment.yaml | 0 .../clamp-mariadb}/templates/pv.yaml | 0 .../clamp-mariadb}/templates/pvc.yaml | 0 .../clamp-mariadb}/templates/secrets.yaml | 0 .../clamp-mariadb}/templates/service.yaml | 0 .../clamp-mariadb}/values.yaml | 6 +- kubernetes/clamp/requirements.yaml | 20 +++++-- kubernetes/clamp/resources/config/default.conf | 6 ++ kubernetes/clamp/templates/deployment.yaml | 5 +- kubernetes/clamp/values.yaml | 42 ++++++++++++- 57 files changed, 336 insertions(+), 65 deletions(-) create mode 100644 kubernetes/clamp/Makefile delete mode 100644 kubernetes/clamp/charts/clamp-backend/requirements.yaml create mode 100644 kubernetes/clamp/components/Makefile rename kubernetes/clamp/{charts => components}/clamp-backend/Chart.yaml (100%) create mode 100644 kubernetes/clamp/components/clamp-backend/requirements.yaml create mode 100644 kubernetes/clamp/components/clamp-backend/resources/config/application.properties rename kubernetes/clamp/{charts => components}/clamp-backend/resources/config/log/filebeat/filebeat.yml (100%) rename kubernetes/clamp/{charts => components}/clamp-backend/resources/config/sdc-controllers-config.json (100%) rename kubernetes/clamp/{charts => components}/clamp-backend/templates/NOTES.txt (100%) rename kubernetes/clamp/{charts => components}/clamp-backend/templates/configmap.yaml (92%) rename kubernetes/clamp/{charts => components}/clamp-backend/templates/deployment.yaml (82%) rename kubernetes/clamp/{charts => components}/clamp-backend/templates/secrets.yaml (100%) rename kubernetes/clamp/{charts => components}/clamp-backend/templates/service.yaml (100%) rename kubernetes/clamp/{charts => components}/clamp-backend/values.yaml (64%) rename kubernetes/clamp/{charts => components}/clamp-dash-es/Chart.yaml (100%) rename kubernetes/clamp/{charts => components}/clamp-dash-es/requirements.yaml (100%) rename kubernetes/clamp/{charts => components}/clamp-dash-es/resources/config/elasticsearch.yml (100%) rename kubernetes/clamp/{charts => components}/clamp-dash-es/templates/configmap.yaml (100%) rename kubernetes/clamp/{charts => components}/clamp-dash-es/templates/deployment.yaml (100%) rename kubernetes/clamp/{charts => components}/clamp-dash-es/templates/pv.yaml (100%) rename kubernetes/clamp/{charts => components}/clamp-dash-es/templates/pvc.yaml (100%) rename kubernetes/clamp/{charts => components}/clamp-dash-es/templates/service.yaml (100%) rename kubernetes/clamp/{charts => components}/clamp-dash-es/values.yaml (100%) rename kubernetes/clamp/{charts => components}/clamp-dash-kibana/Chart.yaml (100%) rename kubernetes/clamp/{charts => components}/clamp-dash-kibana/requirements.yaml (100%) rename kubernetes/clamp/{charts => components}/clamp-dash-kibana/resources/config/kibana.yml (100%) rename kubernetes/clamp/{charts => components}/clamp-dash-kibana/templates/configmap.yaml (100%) rename kubernetes/clamp/{charts => components}/clamp-dash-kibana/templates/deployment.yaml (100%) rename kubernetes/clamp/{charts => components}/clamp-dash-kibana/templates/ingress.yaml (100%) rename kubernetes/clamp/{charts => components}/clamp-dash-kibana/templates/service.yaml (100%) rename kubernetes/clamp/{charts => components}/clamp-dash-kibana/values.yaml (100%) rename kubernetes/clamp/{charts => components}/clamp-dash-logstash/Chart.yaml (100%) rename kubernetes/clamp/{charts => components}/clamp-dash-logstash/requirements.yaml (100%) rename kubernetes/clamp/{charts => components}/clamp-dash-logstash/resources/config/logstash.yml (100%) rename kubernetes/clamp/{charts => components}/clamp-dash-logstash/resources/config/pipeline.conf (100%) rename kubernetes/clamp/{charts => components}/clamp-dash-logstash/templates/configmap.yaml (100%) rename kubernetes/clamp/{charts => components}/clamp-dash-logstash/templates/deployment.yaml (100%) rename kubernetes/clamp/{charts => components}/clamp-dash-logstash/templates/service.yaml (100%) rename kubernetes/clamp/{charts => components}/clamp-dash-logstash/values.yaml (100%) rename kubernetes/clamp/{charts/mariadb => components/clamp-mariadb}/Chart.yaml (97%) rename kubernetes/clamp/{charts/mariadb => components/clamp-mariadb}/NOTES.txt (100%) create mode 100644 kubernetes/clamp/components/clamp-mariadb/requirements.yaml rename kubernetes/clamp/{charts/mariadb => components/clamp-mariadb}/resources/config/init/docker-entrypoint.sh (100%) rename kubernetes/clamp/{charts/mariadb => components/clamp-mariadb}/resources/config/mariadb/conf.d/conf1/my.cnf (100%) rename kubernetes/clamp/{charts/mariadb => components/clamp-mariadb}/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql (100%) rename kubernetes/clamp/{charts/mariadb => components/clamp-mariadb}/templates/NOTES.txt (100%) rename kubernetes/clamp/{charts/mariadb => components/clamp-mariadb}/templates/configmap.yaml (100%) rename kubernetes/clamp/{charts/mariadb => components/clamp-mariadb}/templates/deployment.yaml (100%) rename kubernetes/clamp/{charts/mariadb => components/clamp-mariadb}/templates/pv.yaml (100%) rename kubernetes/clamp/{charts/mariadb => components/clamp-mariadb}/templates/pvc.yaml (100%) rename kubernetes/clamp/{charts/mariadb => components/clamp-mariadb}/templates/secrets.yaml (100%) rename kubernetes/clamp/{charts/mariadb => components/clamp-mariadb}/templates/service.yaml (100%) rename kubernetes/clamp/{charts/mariadb => components/clamp-mariadb}/values.yaml (96%) diff --git a/kubernetes/clamp/Makefile b/kubernetes/clamp/Makefile new file mode 100644 index 0000000000..8af301d7ae --- /dev/null +++ b/kubernetes/clamp/Makefile @@ -0,0 +1,50 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts docker +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @helm repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/clamp/charts/clamp-backend/requirements.yaml b/kubernetes/clamp/charts/clamp-backend/requirements.yaml deleted file mode 100644 index d3c442d32e..0000000000 --- a/kubernetes/clamp/charts/clamp-backend/requirements.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: common - version: ~6.x-0 - # local reference to common chart, as it is - # a part of this chart's package and will not - # be published independently to a repo (at this point) - repository: '@local' diff --git a/kubernetes/clamp/components/Makefile b/kubernetes/clamp/components/Makefile new file mode 100644 index 0000000000..acaf7fb683 --- /dev/null +++ b/kubernetes/clamp/components/Makefile @@ -0,0 +1,50 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @helm repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: \ No newline at end of file diff --git a/kubernetes/clamp/charts/clamp-backend/Chart.yaml b/kubernetes/clamp/components/clamp-backend/Chart.yaml similarity index 100% rename from kubernetes/clamp/charts/clamp-backend/Chart.yaml rename to kubernetes/clamp/components/clamp-backend/Chart.yaml diff --git a/kubernetes/clamp/components/clamp-backend/requirements.yaml b/kubernetes/clamp/components/clamp-backend/requirements.yaml new file mode 100644 index 0000000000..08708fba14 --- /dev/null +++ b/kubernetes/clamp/components/clamp-backend/requirements.yaml @@ -0,0 +1,19 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: certInitializer + version: ~6.x-0 + repository: '@local' \ No newline at end of file diff --git a/kubernetes/clamp/components/clamp-backend/resources/config/application.properties b/kubernetes/clamp/components/clamp-backend/resources/config/application.properties new file mode 100644 index 0000000000..b2cee395b9 --- /dev/null +++ b/kubernetes/clamp/components/clamp-backend/resources/config/application.properties @@ -0,0 +1,69 @@ +### +# ============LICENSE_START======================================================= +# ONAP CLAMP +# ================================================================================ +# Copyright (C) 2017-2019 AT&T Intellectual Property. All rights +# reserved. +# ================================================================================ +# Modifications copyright (c) 2019 Nokia +# ================================================================================\ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END============================================ +# =================================================================== +# +### +{{- if .Values.global.aafEnabled }} +server.ssl.key-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} +server.ssl.key-store-password=${cadi_keystore_password_p12} +server.ssl.key-password=${cadi_key_password} +server.ssl.key-store-type=PKCS12 +server.ssl.key-alias={{ .Values.certInitializer.fqi }} + +# The key file used to decode the key store and trust store password +# If not defined, the key store and trust store password will not be decrypted +clamp.config.keyFile=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keyFile }} + +## Config part for Client certificates +server.ssl.client-auth=want +server.ssl.trust-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} +server.ssl.trust-store-password=${cadi_truststore_password} +{{- end }} + +#clds datasource connection details +spring.datasource.username=${MYSQL_USER} +spring.datasource.password=${MYSQL_PASSWORD} +spring.datasource.url=jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/${MYSQL_DATABASE}?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3 +spring.profiles.active=clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,legacy-operational-policy,default-dictionary-elements + +#The log folder that will be used in logback.xml file +clamp.config.files.sdcController=file:/opt/clamp/sdc-controllers-config.json + +# +# Configuration Settings for Policy Engine Components +clamp.config.policy.api.url=https4://policy-api.{{ include "common.namespace" . }}:6969 +clamp.config.policy.api.userName=healthcheck +clamp.config.policy.api.password=zb!XztG34 +clamp.config.policy.pap.url=https4://policy-pap.{{ include "common.namespace" . }}:6969 +clamp.config.policy.pap.userName=healthcheck +clamp.config.policy.pap.password=zb!XztG34 + +#DCAE Inventory Url Properties +clamp.config.dcae.inventory.url=https4://inventory.{{ include "common.namespace" . }}:8080 +clamp.config.dcae.dispatcher.url=https4://deployment-handler.{{ include "common.namespace" . }}:8443 +#DCAE Deployment Url Properties +clamp.config.dcae.deployment.url=https4://deployment-handler.{{ include "common.namespace" . }}:8443 +clamp.config.dcae.deployment.userName=none +clamp.config.dcae.deployment.password=none + +#AAF related parameters +clamp.config.cadi.aafLocateUrl=https://aaf-locate.{{ include "common.namespace" . }}:8095 \ No newline at end of file diff --git a/kubernetes/clamp/charts/clamp-backend/resources/config/log/filebeat/filebeat.yml b/kubernetes/clamp/components/clamp-backend/resources/config/log/filebeat/filebeat.yml similarity index 100% rename from kubernetes/clamp/charts/clamp-backend/resources/config/log/filebeat/filebeat.yml rename to kubernetes/clamp/components/clamp-backend/resources/config/log/filebeat/filebeat.yml diff --git a/kubernetes/clamp/charts/clamp-backend/resources/config/sdc-controllers-config.json b/kubernetes/clamp/components/clamp-backend/resources/config/sdc-controllers-config.json similarity index 100% rename from kubernetes/clamp/charts/clamp-backend/resources/config/sdc-controllers-config.json rename to kubernetes/clamp/components/clamp-backend/resources/config/sdc-controllers-config.json diff --git a/kubernetes/clamp/charts/clamp-backend/templates/NOTES.txt b/kubernetes/clamp/components/clamp-backend/templates/NOTES.txt similarity index 100% rename from kubernetes/clamp/charts/clamp-backend/templates/NOTES.txt rename to kubernetes/clamp/components/clamp-backend/templates/NOTES.txt diff --git a/kubernetes/clamp/charts/clamp-backend/templates/configmap.yaml b/kubernetes/clamp/components/clamp-backend/templates/configmap.yaml similarity index 92% rename from kubernetes/clamp/charts/clamp-backend/templates/configmap.yaml rename to kubernetes/clamp/components/clamp-backend/templates/configmap.yaml index f66312c741..3fce850140 100644 --- a/kubernetes/clamp/charts/clamp-backend/templates/configmap.yaml +++ b/kubernetes/clamp/components/clamp-backend/templates/configmap.yaml @@ -25,6 +25,5 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} - spring_application_json: {{ tpl .Values.config.springApplicationJson . | quote }} {{ include "common.log.configMap" . }} diff --git a/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml b/kubernetes/clamp/components/clamp-backend/templates/deployment.yaml similarity index 82% rename from kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml rename to kubernetes/clamp/components/clamp-backend/templates/deployment.yaml index f08fd67fc4..f86c636a43 100644 --- a/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml +++ b/kubernetes/clamp/components/clamp-backend/templates/deployment.yaml @@ -39,7 +39,7 @@ spec: - /app/ready.py args: - --container-name - - mariadb + - clamp-mariadb env: - name: NAMESPACE valueFrom: @@ -49,6 +49,7 @@ spec: image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: # side car containers {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }} @@ -56,8 +57,19 @@ spec: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.global.aafEnabled }} + command: + - sh + workingDir: "/opt/clamp/" args: - - "" + - -c + - | + export $(grep '^cadi_' {{ .Values.certInitializer.credsPath }}/org.onap.clamp.cred.props | xargs -0) + java -Djava.security.egd=file:/dev/./urandom -Xms256m -Xmx1g -jar ./app.jar + {{- else }} + args: + - "" + {{- end }} ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -74,12 +86,15 @@ spec: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - name: logs mountPath: {{ .Values.log.path }} - mountPath: /opt/clamp/sdc-controllers-config.json name: {{ include "common.fullname" . }}-config subPath: sdc-controllers-config.json + - mountPath: /opt/clamp/application.properties + name: {{ include "common.fullname" . }}-config + subPath: application.properties env: - name: MYSQL_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} @@ -87,11 +102,6 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} - name: MYSQL_DATABASE value: {{ tpl .Values.db.databaseName .}} - - name: SPRING_APPLICATION_JSON - valueFrom: - configMapKeyRef: - name: {{ template "common.fullname" . }} - key: spring_application_json resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -102,13 +112,15 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }} items: - key: sdc-controllers-config.json path: sdc-controllers-config.json + - key: application.properties + path: application.properties - name: logs emptyDir: {} {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }} diff --git a/kubernetes/clamp/charts/clamp-backend/templates/secrets.yaml b/kubernetes/clamp/components/clamp-backend/templates/secrets.yaml similarity index 100% rename from kubernetes/clamp/charts/clamp-backend/templates/secrets.yaml rename to kubernetes/clamp/components/clamp-backend/templates/secrets.yaml diff --git a/kubernetes/clamp/charts/clamp-backend/templates/service.yaml b/kubernetes/clamp/components/clamp-backend/templates/service.yaml similarity index 100% rename from kubernetes/clamp/charts/clamp-backend/templates/service.yaml rename to kubernetes/clamp/components/clamp-backend/templates/service.yaml diff --git a/kubernetes/clamp/charts/clamp-backend/values.yaml b/kubernetes/clamp/components/clamp-backend/values.yaml similarity index 64% rename from kubernetes/clamp/charts/clamp-backend/values.yaml rename to kubernetes/clamp/components/clamp-backend/values.yaml index 7d8e077f59..a6d5ca0b4c 100644 --- a/kubernetes/clamp/charts/clamp-backend/values.yaml +++ b/kubernetes/clamp/components/clamp-backend/values.yaml @@ -21,6 +21,38 @@ global: # global defaults repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ== readinessImage: onap/oom/readiness:3.0.1 persistence: {} + centralizedLoggingEnabled: true + #AAF service + aafEnabled: true + +################################################################# +# AAF part +################################################################# +certInitializer: + permission_user: 1000 + permission_group: 999 + keystoreFile: "org.onap.clamp.p12" + truststoreFile: "org.onap.clamp.trust.jks" + keyFile: "org.onap.clamp.keyfile" + truststoreFileONAP: "truststoreONAPall.jks" + nameOverride: clamp-backend-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: clamp + fqi: clamp@clamp.onap.org + public_fqdn: clamp.onap.org + cadi_longitude: "-72.0" + cadi_latitude: "38.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop; + grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_truststore_password=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_truststore_password.pwd; + grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_key_password=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_key_password.pwd; + grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_keystore_password=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_keystore_password.pwd; + grep '^cadi' {{ .Values.credsPath }}/mycreds.prop | awk -v FS="cadi_keystore_password_p12=" 'NF>1{print $2}' > {{ .Values.credsPath }}/cadi_keystore_password_p12.pwd; + cd {{ .Values.credsPath }}; + chmod a+rx *; secrets: - uid: db-secret @@ -34,7 +66,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp-backend:5.0.7 +image: onap/clamp-backend:5.1.0 pullPolicy: Always # flag to enable debugging - application support required @@ -48,7 +80,12 @@ log: # Application configuration defaults. ################################################################# -db: {} +#####dummy values for db user and password to pass lint!!!####### + +db: + user: dummyclds + password: dummysidnnd83K + databaseName: dummycldsdb4 config: log: @@ -56,26 +93,6 @@ config: logstashPort: 5044 mysqlPassword: strong_pitchou dataRootDir: /dockerdata-nfs - springApplicationJson: > - { - "spring.datasource.username": "${MYSQL_USER}", - "spring.datasource.password": "${MYSQL_PASSWORD}", - "spring.datasource.url": "jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/${MYSQL_DATABASE}?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3", - "spring.profiles.active": "clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,legacy-operational-policy,default-dictionary-elements", - "clamp.config.files.sdcController": "file:/opt/clamp/sdc-controllers-config.json", - "clamp.config.dcae.inventory.url": "https4://inventory.{{ include "common.namespace" . }}:8080", - "clamp.config.dcae.dispatcher.url": "https4://deployment-handler.{{ include "common.namespace" . }}:8443", - "clamp.config.dcae.deployment.url": "https4://deployment-handler.{{ include "common.namespace" . }}:8443", - "clamp.config.dcae.deployment.userName": "none", - "clamp.config.dcae.deployment.password": "none", - "clamp.config.policy.api.url": "https4://policy-api.{{ include "common.namespace" . }}:6969", - "clamp.config.policy.api.userName": "healthcheck", - "clamp.config.policy.api.password": "zb!XztG34", - "clamp.config.policy.pap.url": "https4://policy-pap.{{ include "common.namespace" . }}:6969", - "clamp.config.policy.pap.userName": "healthcheck", - "clamp.config.policy.pap.password": "zb!XztG34", - "clamp.config.cadi.aafLocateUrl": "https://aaf-locate.{{ include "common.namespace" . }}:8095" - } # default number of instances replicaCount: 1 diff --git a/kubernetes/clamp/charts/clamp-dash-es/Chart.yaml b/kubernetes/clamp/components/clamp-dash-es/Chart.yaml similarity index 100% rename from kubernetes/clamp/charts/clamp-dash-es/Chart.yaml rename to kubernetes/clamp/components/clamp-dash-es/Chart.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-es/requirements.yaml b/kubernetes/clamp/components/clamp-dash-es/requirements.yaml similarity index 100% rename from kubernetes/clamp/charts/clamp-dash-es/requirements.yaml rename to kubernetes/clamp/components/clamp-dash-es/requirements.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml b/kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml similarity index 100% rename from kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml rename to kubernetes/clamp/components/clamp-dash-es/resources/config/elasticsearch.yml diff --git a/kubernetes/clamp/charts/clamp-dash-es/templates/configmap.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/configmap.yaml similarity index 100% rename from kubernetes/clamp/charts/clamp-dash-es/templates/configmap.yaml rename to kubernetes/clamp/components/clamp-dash-es/templates/configmap.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-es/templates/deployment.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/deployment.yaml similarity index 100% rename from kubernetes/clamp/charts/clamp-dash-es/templates/deployment.yaml rename to kubernetes/clamp/components/clamp-dash-es/templates/deployment.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-es/templates/pv.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/pv.yaml similarity index 100% rename from kubernetes/clamp/charts/clamp-dash-es/templates/pv.yaml rename to kubernetes/clamp/components/clamp-dash-es/templates/pv.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-es/templates/pvc.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/pvc.yaml similarity index 100% rename from kubernetes/clamp/charts/clamp-dash-es/templates/pvc.yaml rename to kubernetes/clamp/components/clamp-dash-es/templates/pvc.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-es/templates/service.yaml b/kubernetes/clamp/components/clamp-dash-es/templates/service.yaml similarity index 100% rename from kubernetes/clamp/charts/clamp-dash-es/templates/service.yaml rename to kubernetes/clamp/components/clamp-dash-es/templates/service.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-es/values.yaml b/kubernetes/clamp/components/clamp-dash-es/values.yaml similarity index 100% rename from kubernetes/clamp/charts/clamp-dash-es/values.yaml rename to kubernetes/clamp/components/clamp-dash-es/values.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/Chart.yaml b/kubernetes/clamp/components/clamp-dash-kibana/Chart.yaml similarity index 100% rename from kubernetes/clamp/charts/clamp-dash-kibana/Chart.yaml rename to kubernetes/clamp/components/clamp-dash-kibana/Chart.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/requirements.yaml b/kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml similarity index 100% rename from kubernetes/clamp/charts/clamp-dash-kibana/requirements.yaml rename to kubernetes/clamp/components/clamp-dash-kibana/requirements.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml b/kubernetes/clamp/components/clamp-dash-kibana/resources/config/kibana.yml similarity index 100% rename from kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml rename to kubernetes/clamp/components/clamp-dash-kibana/resources/config/kibana.yml diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/templates/configmap.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/configmap.yaml similarity index 100% rename from kubernetes/clamp/charts/clamp-dash-kibana/templates/configmap.yaml rename to kubernetes/clamp/components/clamp-dash-kibana/templates/configmap.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/templates/deployment.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/deployment.yaml similarity index 100% rename from kubernetes/clamp/charts/clamp-dash-kibana/templates/deployment.yaml rename to kubernetes/clamp/components/clamp-dash-kibana/templates/deployment.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/templates/ingress.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml similarity index 100% rename from kubernetes/clamp/charts/clamp-dash-kibana/templates/ingress.yaml rename to kubernetes/clamp/components/clamp-dash-kibana/templates/ingress.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/templates/service.yaml b/kubernetes/clamp/components/clamp-dash-kibana/templates/service.yaml similarity index 100% rename from kubernetes/clamp/charts/clamp-dash-kibana/templates/service.yaml rename to kubernetes/clamp/components/clamp-dash-kibana/templates/service.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml b/kubernetes/clamp/components/clamp-dash-kibana/values.yaml similarity index 100% rename from kubernetes/clamp/charts/clamp-dash-kibana/values.yaml rename to kubernetes/clamp/components/clamp-dash-kibana/values.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/Chart.yaml b/kubernetes/clamp/components/clamp-dash-logstash/Chart.yaml similarity index 100% rename from kubernetes/clamp/charts/clamp-dash-logstash/Chart.yaml rename to kubernetes/clamp/components/clamp-dash-logstash/Chart.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/requirements.yaml b/kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml similarity index 100% rename from kubernetes/clamp/charts/clamp-dash-logstash/requirements.yaml rename to kubernetes/clamp/components/clamp-dash-logstash/requirements.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/logstash.yml b/kubernetes/clamp/components/clamp-dash-logstash/resources/config/logstash.yml similarity index 100% rename from kubernetes/clamp/charts/clamp-dash-logstash/resources/config/logstash.yml rename to kubernetes/clamp/components/clamp-dash-logstash/resources/config/logstash.yml diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf b/kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf similarity index 100% rename from kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf rename to kubernetes/clamp/components/clamp-dash-logstash/resources/config/pipeline.conf diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/templates/configmap.yaml b/kubernetes/clamp/components/clamp-dash-logstash/templates/configmap.yaml similarity index 100% rename from kubernetes/clamp/charts/clamp-dash-logstash/templates/configmap.yaml rename to kubernetes/clamp/components/clamp-dash-logstash/templates/configmap.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/templates/deployment.yaml b/kubernetes/clamp/components/clamp-dash-logstash/templates/deployment.yaml similarity index 100% rename from kubernetes/clamp/charts/clamp-dash-logstash/templates/deployment.yaml rename to kubernetes/clamp/components/clamp-dash-logstash/templates/deployment.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/templates/service.yaml b/kubernetes/clamp/components/clamp-dash-logstash/templates/service.yaml similarity index 100% rename from kubernetes/clamp/charts/clamp-dash-logstash/templates/service.yaml rename to kubernetes/clamp/components/clamp-dash-logstash/templates/service.yaml diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml b/kubernetes/clamp/components/clamp-dash-logstash/values.yaml similarity index 100% rename from kubernetes/clamp/charts/clamp-dash-logstash/values.yaml rename to kubernetes/clamp/components/clamp-dash-logstash/values.yaml diff --git a/kubernetes/clamp/charts/mariadb/Chart.yaml b/kubernetes/clamp/components/clamp-mariadb/Chart.yaml similarity index 97% rename from kubernetes/clamp/charts/mariadb/Chart.yaml rename to kubernetes/clamp/components/clamp-mariadb/Chart.yaml index eaad8b8440..91984c1014 100644 --- a/kubernetes/clamp/charts/mariadb/Chart.yaml +++ b/kubernetes/clamp/components/clamp-mariadb/Chart.yaml @@ -15,5 +15,5 @@ apiVersion: v1 description: MariaDB Service -name: mariadb +name: clamp-mariadb version: 6.0.0 diff --git a/kubernetes/clamp/charts/mariadb/NOTES.txt b/kubernetes/clamp/components/clamp-mariadb/NOTES.txt similarity index 100% rename from kubernetes/clamp/charts/mariadb/NOTES.txt rename to kubernetes/clamp/components/clamp-mariadb/NOTES.txt diff --git a/kubernetes/clamp/components/clamp-mariadb/requirements.yaml b/kubernetes/clamp/components/clamp-mariadb/requirements.yaml new file mode 100644 index 0000000000..9b96d0cfc4 --- /dev/null +++ b/kubernetes/clamp/components/clamp-mariadb/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' \ No newline at end of file diff --git a/kubernetes/clamp/charts/mariadb/resources/config/init/docker-entrypoint.sh b/kubernetes/clamp/components/clamp-mariadb/resources/config/init/docker-entrypoint.sh similarity index 100% rename from kubernetes/clamp/charts/mariadb/resources/config/init/docker-entrypoint.sh rename to kubernetes/clamp/components/clamp-mariadb/resources/config/init/docker-entrypoint.sh diff --git a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/conf.d/conf1/my.cnf b/kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/conf.d/conf1/my.cnf similarity index 100% rename from kubernetes/clamp/charts/mariadb/resources/config/mariadb/conf.d/conf1/my.cnf rename to kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/conf.d/conf1/my.cnf diff --git a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql b/kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql similarity index 100% rename from kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql rename to kubernetes/clamp/components/clamp-mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql diff --git a/kubernetes/clamp/charts/mariadb/templates/NOTES.txt b/kubernetes/clamp/components/clamp-mariadb/templates/NOTES.txt similarity index 100% rename from kubernetes/clamp/charts/mariadb/templates/NOTES.txt rename to kubernetes/clamp/components/clamp-mariadb/templates/NOTES.txt diff --git a/kubernetes/clamp/charts/mariadb/templates/configmap.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/configmap.yaml similarity index 100% rename from kubernetes/clamp/charts/mariadb/templates/configmap.yaml rename to kubernetes/clamp/components/clamp-mariadb/templates/configmap.yaml diff --git a/kubernetes/clamp/charts/mariadb/templates/deployment.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/deployment.yaml similarity index 100% rename from kubernetes/clamp/charts/mariadb/templates/deployment.yaml rename to kubernetes/clamp/components/clamp-mariadb/templates/deployment.yaml diff --git a/kubernetes/clamp/charts/mariadb/templates/pv.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/pv.yaml similarity index 100% rename from kubernetes/clamp/charts/mariadb/templates/pv.yaml rename to kubernetes/clamp/components/clamp-mariadb/templates/pv.yaml diff --git a/kubernetes/clamp/charts/mariadb/templates/pvc.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/pvc.yaml similarity index 100% rename from kubernetes/clamp/charts/mariadb/templates/pvc.yaml rename to kubernetes/clamp/components/clamp-mariadb/templates/pvc.yaml diff --git a/kubernetes/clamp/charts/mariadb/templates/secrets.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/secrets.yaml similarity index 100% rename from kubernetes/clamp/charts/mariadb/templates/secrets.yaml rename to kubernetes/clamp/components/clamp-mariadb/templates/secrets.yaml diff --git a/kubernetes/clamp/charts/mariadb/templates/service.yaml b/kubernetes/clamp/components/clamp-mariadb/templates/service.yaml similarity index 100% rename from kubernetes/clamp/charts/mariadb/templates/service.yaml rename to kubernetes/clamp/components/clamp-mariadb/templates/service.yaml diff --git a/kubernetes/clamp/charts/mariadb/values.yaml b/kubernetes/clamp/components/clamp-mariadb/values.yaml similarity index 96% rename from kubernetes/clamp/charts/mariadb/values.yaml rename to kubernetes/clamp/components/clamp-mariadb/values.yaml index 8cf489b377..492145ae07 100644 --- a/kubernetes/clamp/charts/mariadb/values.yaml +++ b/kubernetes/clamp/components/clamp-mariadb/values.yaml @@ -40,7 +40,11 @@ secrets: password: '{{ .Values.db.password }}' # Application configuration -db: {} +# dummy value db user pasword to pass lint!!! +db: + user: dummy-clds + password: dummy-sidnnd83K + databaseName: dummy-cldsdb4 # default number of instances replicaCount: 1 diff --git a/kubernetes/clamp/requirements.yaml b/kubernetes/clamp/requirements.yaml index d3c442d32e..dd93eaca2d 100644 --- a/kubernetes/clamp/requirements.yaml +++ b/kubernetes/clamp/requirements.yaml @@ -14,9 +14,21 @@ # limitations under the License. dependencies: - - name: common + - name: certInitializer version: ~6.x-0 - # local reference to common chart, as it is - # a part of this chart's package and will not - # be published independently to a repo (at this point) repository: '@local' + - name: clamp-mariadb + version: ~6.x-0 + repository: 'file://components/clamp-mariadb' + - name: clamp-backend + version: ~6.x-0 + repository: 'file://components/clamp-backend' + - name: clamp-dash-es + version: ~6.x-0 + repository: 'file://components/clamp-dash-es' + - name: clamp-dash-logstash + version: ~6.x-0 + repository: 'file://components/clamp-dash-logstash' + - name: clamp-dash-kibana + version: ~6.x-0 + repository: 'file://components/clamp-dash-kibana' \ No newline at end of file diff --git a/kubernetes/clamp/resources/config/default.conf b/kubernetes/clamp/resources/config/default.conf index 84beff8d5a..3e6fde9d0d 100644 --- a/kubernetes/clamp/resources/config/default.conf +++ b/kubernetes/clamp/resources/config/default.conf @@ -2,8 +2,14 @@ server { listen 2443 default ssl; ssl_protocols TLSv1.2; + {{ if .Values.global.aafEnabled }} + ssl_certificate {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_pem}}; + ssl_certificate_key {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_key}}; + {{ else }} ssl_certificate /etc/ssl/clamp.pem; ssl_certificate_key /etc/ssl/clamp.key; + {{ end }} + ssl_verify_client optional_no_ca; location /restservices/clds/ { proxy_pass https://clamp-backend:443; diff --git a/kubernetes/clamp/templates/deployment.yaml b/kubernetes/clamp/templates/deployment.yaml index d64a218985..b10d9d7926 100644 --- a/kubernetes/clamp/templates/deployment.yaml +++ b/kubernetes/clamp/templates/deployment.yaml @@ -49,6 +49,7 @@ spec: image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness +{{ include "common.certInitializer.initContainer" . | nindent 6 }} containers: # side car containers {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }} @@ -72,7 +73,7 @@ spec: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - name: logs mountPath: {{ .Values.log.path }} - mountPath: /etc/nginx/conf.d/default.conf @@ -88,7 +89,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }} diff --git a/kubernetes/clamp/values.yaml b/kubernetes/clamp/values.yaml index 49fd98d27b..d180fbf729 100644 --- a/kubernetes/clamp/values.yaml +++ b/kubernetes/clamp/values.yaml @@ -21,7 +21,43 @@ global: # global defaults readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 - centralizedLoggingEnabled: false + centralizedLoggingEnabled: true + #AAF service + aafEnabled: true + +################################################################# +# AAF part +################################################################# +certInitializer: + permission_user: 1000 + permission_group: 999 + addconfig: true + keystoreFile: "org.onap.clamp.p12" + truststoreFile: "org.onap.clamp.trust.jks" + keyFile: "org.onap.clamp.keyfile" + truststoreFileONAP: "truststoreONAPall.jks" + clamp_key: "clamp.key" + clamp_pem: "clamp.pem" + clamp_ca_certs_pem: "clamp-ca-certs.pem" + nameOverride: clamp-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: clamp + fqi: clamp@clamp.onap.org + public_fqdn: clamp.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop; + export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0); + cd {{ .Values.credsPath }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }}; + openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }}; + chmod a+rx *; secrets: - uid: db-root-pass @@ -44,7 +80,7 @@ clamp-backend: db: userCredsExternalSecret: *dbUserPass databaseName: *dbName -mariadb: +clamp-mariadb: db: rootCredsExternalSecret: *dbRootPass userCredsExternalSecret: *dbUserPass @@ -57,7 +93,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp-frontend:5.0.7 +image: onap/clamp-frontend:5.1.0 pullPolicy: Always # flag to enable debugging - application support required -- 2.16.6