update cert using secrets

Issue-ID: DMAAP-1422
Change-Id: Idb75ceff8aff9df801f0781a1729dae1386b0b51
Signed-off-by: UNNAVA <su622b@att.com>

diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/cert/org.onap.dmaap.mr.keyfile b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/cert/org.onap.dmaap.mr.keyfile
new file mode 100644 (file)
index 0000000..72d3b73
--- /dev/null
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/cert/org.onap.dmaap.mr.keyfile
@@ -0,0 +1,27 @@
+yJhToh1HtF7641JOeljPtn4ECRn7dncPKtUh9XN4Hv1GX2q1MSVsDI2qQ7i2Q8hH1G3Ko_x0fl1p
+PLn2bOh9cOOGKxQrWxY0724Cme1MMc_drOl7TNk5DPmiw-teI6BdpS_wPtfDGLql9xuxIMWPdv_P
+Id9LSzdW_Fa4FepgcxAj6jOK7jQBmJIsedxIpAVFU0bjmMwybe_BRe1x8yEBrfQo8Si0cfjYdQYP
+XBTAnJ46zejAPJh2U4MyBhYzz2Zr1nMux2wjHc52z8J7_YpfveNSpr9UwOzSo0VqAEORISQDS7Cb
+Cc9jeYmxPkVCEraHWq5jtOpVdwxwTSh1PJ8_pgnhQ4AgQS-5JyRdHWvzwGa2RW8i3ZF1qfJBP4wb
+lyXiNYKSU5jDd-wNP0b9WDILGFRKuAHjz1wKB1IHyQTBX7dpjouuZysEkZS348NVLfAmb1klKp5Q
+1lq2H4TdQnPaG6tV_wyI0ZrZsf4TCeDxYRxEAZc3ILefM_72Zc-UWEHQ_Q4Qck30fJzoHFgEm5Rm
+8XofzAfHOcjoa7o8mEVi9veNpqTeNa8b2DLqYehcE_rMYU_y1AgWsnWgiIX1AEzLyUyfliS2PxQh
+ZI3HLMrzfV--pOuQp_CnrcHclvkX3u5ZJ01a6jq7ONpr712YNmUEoD6s1UR0wEEeO61Cun8zfty8
+m-qXD3k-re64WDizw-pHXHYmIS9a4jL7D0R4KysJRf6iZTAUy4ROy6aS-wMYGgy0r7sEOZY6zp4h
+MBczN5-3O7r-dKjOrr1RWXS3zt71oJNSGcnG41KKOnUeNpFBmIzVfoIp9KR5zdcg-gGrA8Xi_tBj
+-rAqYfaNMBUDDtFCLhCHwuhKpR0Y0gG_-8J43yi3bfWOYMWkgPRHrJIiIO-SNUW_pobbRqQzIT3h
+V5IcEc5pa-lnJnBNS5b_-cHsA0x4g1FPmDmjsGBYZmiaPSvXPzhpZVsww1p9nVL63rYLMOTSps1V
+Lj9_UYWef7jD409vZRqeLQGi7lMNeC7oLv_hi_l05rZUkpegMLYmIWzjhzW8OuYdiHGuboV9TyUR
+QWn5e_bypQBAJhYqaYNADzV9duW0v3SW89zP9TlkJ6tfvhcVXRQn4MUzIC9h_0q3cf_9Wemx7UPW
+tGML52lYWcEbVbGF9yFtOm3qVPi4sVFO61vOtIoQhIIL3oa9gOWO9yPCjNm4lD-C4jAWHjtJdMr8
+cGtBplAHGly63VQs9RRUr42A95JMtsuJIPNDWP5-I-9R77NALdzjKEJE2FngGW8Ud4pJQ1sikPH3
+F4kVn1L2NpAilVrjlyb_y89mskrWaSdHCE2P1_gtkWHXfXIfKK0UFQt17s8hk0MfL6JSUDUE4IKN
+tK70iHwmqY9VbYKYLf-8Gl7CW_Q9MumHjGsktwVZinpH4kOUREr6tyve4rZv8wN6mbNPVJ5gw_PE
+I4bvSiEstMgelbkheMC4l-zc3q9C_fNZmLmdav8PLUrkS_NxnZ4hJQCDTjhbMqLIwknXU9SkDyPb
+Dgh049PyJrYzv2_TpYoS6M_o3HjApMkRKlV_TEcbGoX06gAUYTiEWAQU6wm0TdsIdxjEXAWeTiX7
+ddI_vEioFemoKjE5iRWNaKL85xsTsQj6bQi1eSj1F0lxqnSGRldiMAPMrfqKDJ7xFpXS7nyQfLjY
+m1H-Y3bk0iBBZbU0JKXerE_jlr3s7rcdarpwY1pdODoUJBk-EiKezm6zWuG9o3IisPNSqqOs4Cax
+QAE3dt-1TpCxkw7Rpgm8eTwPMPOD3gj7Szcs2sEh-0UIk8y7uZCSRz0ZCsQj-jJl97WQV1ky89xS
+c9ECqzDTgl2cVrih9aQu863_yHnjm9tNTxMH4DudB5JcmM96BX4CfS9qgVzAqCGvW9KS37wy0bK_
+iSCAhAWNT5L9E3fUyg--V_gmVjxGb8Y020cc4_pkqSbAAC8qjQhDWHLy_M2RzQrPmQMdP2PZ5-AU
+Pw6HdHmVTOLZeYuVS1rXx4AYWXkgKHiSRqO6bal1opzOnSpbw-Q1bQu0wZ1MarXodEtJFaOr
\ No newline at end of file

diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/cert/org.onap.dmaap.mr.p12 b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/cert/org.onap.dmaap.mr.p12
new file mode 100644 (file)
index 0000000..1a0e8a4
Binary files /dev/null and b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/cert/org.onap.dmaap.mr.p12 differ

diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/cert/org.onap.dmaap.mr.trust.jks b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/cert/org.onap.dmaap.mr.trust.jks
new file mode 100644 (file)
index 0000000..aae6d81
Binary files /dev/null and b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/cert/org.onap.dmaap.mr.trust.jks differ

diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties
index 1e7d7d3..a5219c9 100644 (file)
--- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties
@@ -3,16 +3,15 @@ aaf_env=DEV
 aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm
 
 cadi_truststore=/opt/kafka/config/org.onap.dmaap.mr.trust.jks
-cadi_truststore_password=enc:gvXm0E9p-_SRNw5_feOUE7wqXBxgxV3S_bdAyB08Sq9F35cCUZHWgQyKIDtTAbEw
+cadi_truststore_password=enc:mN6GiIzFQxKGDzAXDOs7b4j8DdIX02QrZ9QOWNRpxV3rD6whPCfizSMZkJwxi_FJ
 
 cadi_keyfile=/opt/kafka/config/org.onap.dmaap.mr.keyfile
 
 cadi_alias=dmaapmr@mr.dmaap.onap.org
 cadi_keystore=/opt/kafka/config/org.onap.dmaap.mr.p12
-cadi_keystore_password=enc:pLMCzQzk-OP7IpYNi0TPtQSkNcraFAdarZG8HbdOKq4BycW6g_7mfhphLhOZo6ht
+cadi_keystore_password=enc:_JJT2gAEkRzXla5xfDIHal8pIoIB5iIos3USvZQT6sL-l14LpI5fRFR_QIGUCh5W
 cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
 
-
 cadi_loglevel=INFO
 cadi_protocols=TLSv1.1,TLSv1.2
 cadi_latitude=37.78187

diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/secrets.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/secrets.yaml
new file mode 100644 (file)
index 0000000..d9abae5
--- /dev/null
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/secrets.yaml
@@ -0,0 +1,27 @@
+# Copyright © 2020 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.fullname" . }}-aaf-certs-secret
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+data:
+{{ (.Files.Glob "resources/cert/*").AsSecrets | indent 2 }}
+type: Opaque

diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml
index 3be8d5d..06d3d8b 100644 (file)
--- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml
@@ -150,6 +150,15 @@ spec:
           name: cadi
         - mountPath: /opt/kafka/data
           name: kafka-data
+        - mountPath: /etc/kafka/secrets/cert/org.onap.dmaap.mr.trust.jks
+          subPath: org.onap.dmaap.mr.trust.jks
+          name:  aaf-certs-secret
+        - mountPath: /etc/kafka/secrets/cert/org.onap.dmaap.mr.keyfile
+          subPath: org.onap.dmaap.mr.keyfile
+          name:  aaf-certs-secret
+        - mountPath: /etc/kafka/secrets/cert/org.onap.dmaap.mr.p12
+          subPath: org.onap.dmaap.mr.p12
+          name:  aaf-certs-secret
       {{- if .Values.tolerations }}
       tolerations:
         {{ toYaml .Values.tolerations | indent 10 }}
@@ -163,6 +172,9 @@ spec:
       - name: docker-socket
         hostPath:
           path: /var/run/docker.sock
+      - name: aaf-certs-secret
+        secret:
+          secretName: {{ include "common.fullname" . }}-aaf-certs-secret
       - name: server
         configMap:
           name: {{ include "common.fullname" . }}-server-prop-configmap

diff --git a/kubernetes/dmaap/components/message-router/resources/cert/org.onap.dmaap.mr.jks b/kubernetes/dmaap/components/message-router/resources/cert/org.onap.dmaap.mr.jks
new file mode 100644 (file)
index 0000000..34cb01f
Binary files /dev/null and b/kubernetes/dmaap/components/message-router/resources/cert/org.onap.dmaap.mr.jks differ

diff --git a/kubernetes/dmaap/components/message-router/resources/cert/org.onap.dmaap.mr.keyfile b/kubernetes/dmaap/components/message-router/resources/cert/org.onap.dmaap.mr.keyfile
new file mode 100644 (file)
index 0000000..72d3b73
--- /dev/null
+++ b/kubernetes/dmaap/components/message-router/resources/cert/org.onap.dmaap.mr.keyfile
@@ -0,0 +1,27 @@
+yJhToh1HtF7641JOeljPtn4ECRn7dncPKtUh9XN4Hv1GX2q1MSVsDI2qQ7i2Q8hH1G3Ko_x0fl1p
+PLn2bOh9cOOGKxQrWxY0724Cme1MMc_drOl7TNk5DPmiw-teI6BdpS_wPtfDGLql9xuxIMWPdv_P
+Id9LSzdW_Fa4FepgcxAj6jOK7jQBmJIsedxIpAVFU0bjmMwybe_BRe1x8yEBrfQo8Si0cfjYdQYP
+XBTAnJ46zejAPJh2U4MyBhYzz2Zr1nMux2wjHc52z8J7_YpfveNSpr9UwOzSo0VqAEORISQDS7Cb
+Cc9jeYmxPkVCEraHWq5jtOpVdwxwTSh1PJ8_pgnhQ4AgQS-5JyRdHWvzwGa2RW8i3ZF1qfJBP4wb
+lyXiNYKSU5jDd-wNP0b9WDILGFRKuAHjz1wKB1IHyQTBX7dpjouuZysEkZS348NVLfAmb1klKp5Q
+1lq2H4TdQnPaG6tV_wyI0ZrZsf4TCeDxYRxEAZc3ILefM_72Zc-UWEHQ_Q4Qck30fJzoHFgEm5Rm
+8XofzAfHOcjoa7o8mEVi9veNpqTeNa8b2DLqYehcE_rMYU_y1AgWsnWgiIX1AEzLyUyfliS2PxQh
+ZI3HLMrzfV--pOuQp_CnrcHclvkX3u5ZJ01a6jq7ONpr712YNmUEoD6s1UR0wEEeO61Cun8zfty8
+m-qXD3k-re64WDizw-pHXHYmIS9a4jL7D0R4KysJRf6iZTAUy4ROy6aS-wMYGgy0r7sEOZY6zp4h
+MBczN5-3O7r-dKjOrr1RWXS3zt71oJNSGcnG41KKOnUeNpFBmIzVfoIp9KR5zdcg-gGrA8Xi_tBj
+-rAqYfaNMBUDDtFCLhCHwuhKpR0Y0gG_-8J43yi3bfWOYMWkgPRHrJIiIO-SNUW_pobbRqQzIT3h
+V5IcEc5pa-lnJnBNS5b_-cHsA0x4g1FPmDmjsGBYZmiaPSvXPzhpZVsww1p9nVL63rYLMOTSps1V
+Lj9_UYWef7jD409vZRqeLQGi7lMNeC7oLv_hi_l05rZUkpegMLYmIWzjhzW8OuYdiHGuboV9TyUR
+QWn5e_bypQBAJhYqaYNADzV9duW0v3SW89zP9TlkJ6tfvhcVXRQn4MUzIC9h_0q3cf_9Wemx7UPW
+tGML52lYWcEbVbGF9yFtOm3qVPi4sVFO61vOtIoQhIIL3oa9gOWO9yPCjNm4lD-C4jAWHjtJdMr8
+cGtBplAHGly63VQs9RRUr42A95JMtsuJIPNDWP5-I-9R77NALdzjKEJE2FngGW8Ud4pJQ1sikPH3
+F4kVn1L2NpAilVrjlyb_y89mskrWaSdHCE2P1_gtkWHXfXIfKK0UFQt17s8hk0MfL6JSUDUE4IKN
+tK70iHwmqY9VbYKYLf-8Gl7CW_Q9MumHjGsktwVZinpH4kOUREr6tyve4rZv8wN6mbNPVJ5gw_PE
+I4bvSiEstMgelbkheMC4l-zc3q9C_fNZmLmdav8PLUrkS_NxnZ4hJQCDTjhbMqLIwknXU9SkDyPb
+Dgh049PyJrYzv2_TpYoS6M_o3HjApMkRKlV_TEcbGoX06gAUYTiEWAQU6wm0TdsIdxjEXAWeTiX7
+ddI_vEioFemoKjE5iRWNaKL85xsTsQj6bQi1eSj1F0lxqnSGRldiMAPMrfqKDJ7xFpXS7nyQfLjY
+m1H-Y3bk0iBBZbU0JKXerE_jlr3s7rcdarpwY1pdODoUJBk-EiKezm6zWuG9o3IisPNSqqOs4Cax
+QAE3dt-1TpCxkw7Rpgm8eTwPMPOD3gj7Szcs2sEh-0UIk8y7uZCSRz0ZCsQj-jJl97WQV1ky89xS
+c9ECqzDTgl2cVrih9aQu863_yHnjm9tNTxMH4DudB5JcmM96BX4CfS9qgVzAqCGvW9KS37wy0bK_
+iSCAhAWNT5L9E3fUyg--V_gmVjxGb8Y020cc4_pkqSbAAC8qjQhDWHLy_M2RzQrPmQMdP2PZ5-AU
+Pw6HdHmVTOLZeYuVS1rXx4AYWXkgKHiSRqO6bal1opzOnSpbw-Q1bQu0wZ1MarXodEtJFaOr
\ No newline at end of file

diff --git a/kubernetes/dmaap/components/message-router/resources/cert/org.onap.dmaap.mr.p12 b/kubernetes/dmaap/components/message-router/resources/cert/org.onap.dmaap.mr.p12
new file mode 100644 (file)
index 0000000..1a0e8a4
Binary files /dev/null and b/kubernetes/dmaap/components/message-router/resources/cert/org.onap.dmaap.mr.p12 differ

diff --git a/kubernetes/dmaap/components/message-router/resources/cert/org.onap.dmaap.mr.trust.jks b/kubernetes/dmaap/components/message-router/resources/cert/org.onap.dmaap.mr.trust.jks
new file mode 100644 (file)
index 0000000..aae6d81
Binary files /dev/null and b/kubernetes/dmaap/components/message-router/resources/cert/org.onap.dmaap.mr.trust.jks differ

diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties b/kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties
index 36dafce..dca56c8 100755 (executable)
--- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties
+++ b/kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties
@@ -4,17 +4,16 @@ aaf_env=DEV
 aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm
 
 cadi_truststore=/appl/dmaapMR1/etc/org.onap.dmaap.mr.trust.jks
-cadi_truststore_password=enc:gvXm0E9p-_SRNw5_feOUE7wqXBxgxV3S_bdAyB08Sq9F35cCUZHWgQyKIDtTAbEw
+cadi_truststore_password=enc:mN6GiIzFQxKGDzAXDOs7b4j8DdIX02QrZ9QOWNRpxV3rD6whPCfizSMZkJwxi_FJ
 
 cadi_keyfile=/appl/dmaapMR1/etc/org.onap.dmaap.mr.keyfile
 
 cadi_alias=dmaapmr@mr.dmaap.onap.org
 cadi_keystore=/appl/dmaapMR1/etc/org.onap.dmaap.mr.p12
-cadi_keystore_password=enc:pLMCzQzk-OP7IpYNi0TPtQSkNcraFAdarZG8HbdOKq4BycW6g_7mfhphLhOZo6ht
+cadi_keystore_password=enc:_JJT2gAEkRzXla5xfDIHal8pIoIB5iIos3USvZQT6sL-l14LpI5fRFR_QIGUCh5W
 cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
 
-
 cadi_loglevel=INFO
 cadi_protocols=TLSv1.1,TLSv1.2
 cadi_latitude=37.78187
-cadi_longitude=-122.26147
+cadi_longitude=-122.26147
\ No newline at end of file

diff --git a/kubernetes/dmaap/components/message-router/templates/secrets.yaml b/kubernetes/dmaap/components/message-router/templates/secrets.yaml
index 023b5a1..90f63ec 100644 (file)
--- a/kubernetes/dmaap/components/message-router/templates/secrets.yaml
+++ b/kubernetes/dmaap/components/message-router/templates/secrets.yaml
@@ -26,3 +26,17 @@ metadata:
 data:
 {{ (.Files.Glob "resources/config/dmaap/mykey").AsSecrets | indent 2 }}
 type: Opaque
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.fullname" . }}-aaf-certs-secret
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+data:
+{{ (.Files.Glob "resources/cert/*").AsSecrets | indent 2 }}
+type: Opaque
\ No newline at end of file

diff --git a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml
index f6d6721..9f64b99 100644 (file)
--- a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml
@@ -87,6 +87,18 @@ spec:
           - mountPath: /appl/dmaapMR1/etc/keyfile
             subPath: mykey
             name: mykey
+          - mountPath: /bundleconfig/etc/org.onap.dmaap.mr.jks
+            subPath: org.onap.dmaap.mr.jks
+            name:  aaf-certs-secret
+          - mountPath: /appl/dmaapMR1/etc/org.onap.dmaap.mr.trust.jks
+            subPath: org.onap.dmaap.mr.trust.jks
+            name:  aaf-certs-secret
+          - mountPath: /appl/dmaapMR1/etc/org.onap.dmaap.mr.keyfile
+            subPath: org.onap.dmaap.mr.keyfile
+            name:  aaf-certs-secret
+          - mountPath: /appl/dmaapMR1/etc/org.onap.dmaap.mr.p12
+            subPath: org.onap.dmaap.mr.p12
+            name:  aaf-certs-secret
           resources:
 {{ include "common.resources" . | indent 12 }}
       volumes:
@@ -105,5 +117,8 @@ spec:
         - name: mykey
           secret:
             secretName: {{ include "common.fullname" . }}-secret
+        - name: aaf-certs-secret
+          secret:
+            secretName: {{ include "common.fullname" . }}-aaf-certs-secret
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"