Merge "[SO] Enable SO-Monitoring - use HTTPS and certInitializer"

[oom.git] / kubernetes / so / components / so-monitoring / templates / deployment.yaml

diff --git a/kubernetes/so/components/so-monitoring/templates/deployment.yaml b/kubernetes/so/components/so-monitoring/templates/deployment.yaml
index aea9e28..7875893 100644 (file)
--- a/kubernetes/so/components/so-monitoring/templates/deployment.yaml
+++ b/kubernetes/so/components/so-monitoring/templates/deployment.yaml
@@ -1,6 +1,7 @@
 {{/*
 #  ============LICENSE_START=======================================================
 #   Copyright (C) 2018 Ericsson. All rights reserved.
+#   Modifications Copyright © 2020 Nokia
 #  ================================================================================
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -44,7 +45,7 @@ spec:
         app: {{ include "common.name" . }}
         release: {{ include "common.release" . }}
     spec:
-      initContainers:
+      initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
       - name: so-chown
         image: alpine:3.6
         volumeMounts:
@@ -57,6 +58,21 @@ spec:
       - name: {{ include "common.name" . }}
         image: {{ include "common.repository" . }}/{{ .Values.image }}
         resources: {{ include "common.resources" . | nindent 12 }}
+        command:
+        - /bin/sh
+        args:
+        - -c
+        - |
+          export SO_MONITORING_PASSWORD=`htpasswd -bnBC 10 "" $SO_MON_PASS | tr -d ':\n' | sed 's/\$2y/\$2a/'`
+          {{- if .Values.global.aafEnabled }}
+          export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/org.onap.so.cred.props | xargs -0)
+          export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+          export KEYSTORE=file://$cadi_keystore
+          export KEYSTORE_PASSWORD=$cadi_keystore_password_p12
+          export TRUSTSTORE=file://$cadi_truststore
+          export TRUSTSTORE_PASSWORD=$cadi_truststore_password
+          {{- end }}
+          /app/start-app.sh
         env:
         - name: DB_HOST
           valueFrom:
@@ -76,11 +92,16 @@ spec:
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
         - name: DB_ADMIN_PASSWORD
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+        - name: SO_MONITORING_USERNAME
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "login") | indent 10 }}
+        - name: SO_MON_PASS
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "password") | indent 10 }}
+
         envFrom:
         - configMapRef:
             name: {{ include "common.fullname" . }}-configmap
         imagePullPolicy:  {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        volumeMounts:
+        volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
         - name: logs
           mountPath: /app/logs
         - name: config
@@ -103,7 +124,7 @@ spec:
         - containerPort: {{ index .Values.containerPort }}
           name: {{ .Values.service.portName }}
           protocol: TCP
-      volumes:
+      volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
       - name: logs
         emptyDir: {}
       - name: config