Updated sdc cert.

Updated truststore/keystore password for sdc cert.
Added truststore/keystore password to chef AUTO.json.
Updated deployment.yaml files to mount the cert files.

Issue-ID: SDC-2855
Signed-off-by: Krystian Kedron <k.kedron@partner.samsung.com>
Change-Id: Ifd0d45cc591a0624005f86d2e67e3c0bc490efd3

diff --git a/docs/oom_hardcoded_certificates.rst b/docs/oom_hardcoded_certificates.rst
index 74a292c..0745ec0 100644 (file)
--- a/docs/oom_hardcoded_certificates.rst
+++ b/docs/oom_hardcoded_certificates.rst
@@ -24,6 +24,8 @@ Here's the list of these certificates:
  +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
  | AAI/MODEL-LOADER | Yes              | Yes              | No              | aai/oom/components/aai-model-loaderresources/config/auth/tomcat_keystore |
  +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SDC              | Yes              | No?              | No?             | kubernetes/sdc/resources/cert                                            |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
  | SO               | Yes              | No?              | Yes             | kubernetes/so/resources/config/certificates                              |
  +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
  | SO/BPMN          | Yes              | No?              | Yes             | kubernetes/so/resources/config/certificates                              |

diff --git a/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml
index 87fed41..423e813 100644 (file)
--- a/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml
@@ -60,6 +60,30 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
+      - name: {{ include "common.name" . }}-update-config
+        image: "{{ .Values.global.envsubstImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        command:
+        - sh
+        args:
+        - -c
+        - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
+        env:
+        - name: KEYSTORE_PASS
+          valueFrom:
+            secretKeyRef:
+              name: {{ include "common.release" . }}-sdc-cs-secrets
+              key: keystore_password
+        - name: TRUSTSTORE_PASS
+          valueFrom:
+            secretKeyRef:
+              name: {{ include "common.release" . }}-sdc-cs-secrets
+              key: truststore_password
+        volumeMounts:
+        - name: {{ include "common.fullname" . }}-environments
+          mountPath: /config-input/
+        - name: sdc-environments-output
+          mountPath: /config-output/
       containers:
         - name: {{ include "common.name" . }}
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -98,8 +122,14 @@ spec:
               fieldRef:
                 fieldPath: status.podIP
           volumeMounts:
-          - name: {{ include "common.fullname" . }}-environments
+          - name: sdc-environments-output
             mountPath: /var/lib/jetty/chef-solo/environments/
+          - name: sdc-cert
+            mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.p12
+            subPath: org.onap.sdc.p12
+          - name: sdc-cert
+            mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.trust.jks
+            subPath: org.onap.sdc.trust.jks
           - name: {{ include "common.fullname" . }}-localtime
             mountPath: /etc/localtime
             readOnly: true
@@ -128,6 +158,9 @@ spec:
       - name: {{ include "common.fullname" . }}-localtime
         hostPath:
           path: /etc/localtime
+      - name: sdc-cert
+        secret:
+          secretName: sdc-cert
       - name: {{ include "common.fullname" . }}-filebeat-conf
         configMap:
           name: {{ include "common.release" . }}-sdc-filebeat-configmap
@@ -140,7 +173,9 @@ spec:
         configMap:
           name: {{ include "common.release" . }}-sdc-environments-configmap
           defaultMode: 0755
-      - name:  {{ include "common.fullname" . }}-logs
+      - name: sdc-environments-output
+        emptyDir: { medium: "Memory" }
+      - name: {{ include "common.fullname" . }}-logs
         emptyDir: {}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"

diff --git a/kubernetes/sdc/charts/sdc-be/values.yaml b/kubernetes/sdc/charts/sdc-be/values.yaml
index b6bc635..c263eb1 100644 (file)
--- a/kubernetes/sdc/charts/sdc-be/values.yaml
+++ b/kubernetes/sdc/charts/sdc-be/values.yaml
@@ -28,8 +28,8 @@ global:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/sdc-backend:1.6.3
-backendInitImage: onap/sdc-backend-init:1.6.3
+image: onap/sdc-backend:1.6.4
+backendInitImage: onap/sdc-backend-init:1.6.4
 pullPolicy: Always
 
 # flag to enable debugging - application support required

diff --git a/kubernetes/sdc/charts/sdc-cs/values.yaml b/kubernetes/sdc/charts/sdc-cs/values.yaml
index ddc1946..6c63927 100644 (file)
--- a/kubernetes/sdc/charts/sdc-cs/values.yaml
+++ b/kubernetes/sdc/charts/sdc-cs/values.yaml
@@ -28,8 +28,8 @@ global:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/sdc-cassandra:1.6.3
-cassandraInitImage: onap/sdc-cassandra-init:1.6.3
+image: onap/sdc-cassandra:1.6.4
+cassandraInitImage: onap/sdc-cassandra-init:1.6.4
 
 pullPolicy: Always
 

diff --git a/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml
index 6072148..de80c7a 100644 (file)
--- a/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml
@@ -59,7 +59,30 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
-
+      - name: {{ include "common.name" . }}-update-config
+        image: "{{ .Values.global.envsubstImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        command:
+          - sh
+        args:
+          - -c
+          - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
+        env:
+          - name: KEYSTORE_PASS
+            valueFrom:
+              secretKeyRef:
+                name: {{ include "common.release" . }}-sdc-cs-secrets
+                key: keystore_password
+          - name: TRUSTSTORE_PASS
+            valueFrom:
+              secretKeyRef:
+                name: {{ include "common.release" . }}-sdc-cs-secrets
+                key: truststore_password
+        volumeMounts:
+          - name: {{ include "common.fullname" . }}-environments
+            mountPath: /config-input/
+          - name: sdc-environments-output
+            mountPath: /config-output/
       containers:
         - name: {{ include "common.name" . }}
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -91,8 +114,14 @@ spec:
               fieldRef:
                 fieldPath: status.podIP
           volumeMounts:
-          - name: {{ include "common.fullname" . }}-environments
+          - name: sdc-environments-output
             mountPath: /var/lib/jetty/chef-solo/environments/
+          - name: sdc-cert
+            mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.p12
+            subPath: org.onap.sdc.p12
+          - name: sdc-cert
+            mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.trust.jks
+            subPath: org.onap.sdc.trust.jks
           - name: {{ include "common.fullname" . }}-localtime
             mountPath: /etc/localtime
             readOnly: true
@@ -132,6 +161,9 @@ spec:
       - name: {{ include "common.fullname" . }}-localtime
         hostPath:
           path: /etc/localtime
+      - name: sdc-cert
+        secret:
+          secretName: sdc-cert
       - name: {{ include "common.fullname" . }}-filebeat-conf
         configMap:
           name: {{ include "common.release" . }}-sdc-filebeat-configmap
@@ -144,7 +176,9 @@ spec:
         configMap:
           name: {{ include "common.release" . }}-sdc-environments-configmap
           defaultMode: 0755
-      - name:  {{ include "common.fullname" . }}-logs
+      - name: sdc-environments-output
+        emptyDir: { medium: "Memory" }
+      - name: {{ include "common.fullname" . }}-logs
         emptyDir: {}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"

diff --git a/kubernetes/sdc/charts/sdc-dcae-be/values.yaml b/kubernetes/sdc/charts/sdc-dcae-be/values.yaml
index 051c076..d1fe131 100644 (file)
--- a/kubernetes/sdc/charts/sdc-dcae-be/values.yaml
+++ b/kubernetes/sdc/charts/sdc-dcae-be/values.yaml
@@ -27,9 +27,9 @@ global:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/dcae-be:1.3.3
+image: onap/dcae-be:1.3.4
 pullPolicy: Always
-backendInitImage: onap/dcae-tools:v1.3.3
+backendInitImage: onap/dcae-tools:1.3.4
 
 # flag to enable debugging - application support required
 debugEnabled: false

diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml
index f3c44f0..77a835c 100644 (file)
--- a/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml
@@ -59,6 +59,30 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
+      - name: {{ include "common.name" . }}-update-config
+        image: "{{ .Values.global.envsubstImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        command:
+          - sh
+        args:
+          - -c
+          - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
+        env:
+          - name: KEYSTORE_PASS
+            valueFrom:
+              secretKeyRef:
+                name: {{ include "common.release" . }}-sdc-cs-secrets
+                key: keystore_password
+          - name: TRUSTSTORE_PASS
+            valueFrom:
+              secretKeyRef:
+                name: {{ include "common.release" . }}-sdc-cs-secrets
+                key: truststore_password
+        volumeMounts:
+          - name: {{ include "common.fullname" . }}-environments
+            mountPath: /config-input/
+          - name: sdc-environments-output
+            mountPath: /config-output/
       containers:
         - name: {{ include "common.name" . }}
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -89,8 +113,14 @@ spec:
               fieldRef:
                 fieldPath: status.podIP
           volumeMounts:
-          - name: {{ include "common.fullname" . }}-environments
+          - name: sdc-environments-output
             mountPath: /var/lib/jetty/chef-solo/environments/
+          - name: sdc-cert
+            mountPath: /var/lib/jetty/chef-solo/cookbooks/dcae-dt/files/default/org.onap.sdc.p12
+            subPath: org.onap.sdc.p12
+          - name: sdc-cert
+            mountPath: /var/lib/jetty/chef-solo/cookbooks/dcae-dt/files/default/org.onap.sdc.trust.jks
+            subPath: org.onap.sdc.trust.jks
           - name: {{ include "common.fullname" . }}-localtime
             mountPath: /etc/localtime
             readOnly: true
@@ -126,6 +156,9 @@ spec:
         - name: {{ include "common.fullname" . }}-localtime
           hostPath:
             path: /etc/localtime
+        - name: sdc-cert
+          secret:
+            secretName: sdc-cert
         - name: {{ include "common.fullname" . }}-filebeat-conf
           configMap:
             name: {{ include "common.release" . }}-sdc-filebeat-configmap
@@ -138,7 +171,9 @@ spec:
           configMap:
             name: {{ include "common.release" . }}-sdc-environments-configmap
             defaultMode: 0755
-        - name:  {{ include "common.fullname" . }}-logs
+        - name: sdc-environments-output
+          emptyDir: { medium: "Memory" }
+        - name: {{ include "common.fullname" . }}-logs
           emptyDir: {}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"

diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml b/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml
index c3a2159..ad46842 100644 (file)
--- a/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml
+++ b/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml
@@ -27,7 +27,7 @@ global:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/dcae-dt:1.3.3
+image: onap/dcae-dt:1.3.4
 pullPolicy: IfNotPresent
 config:
   javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-dt/logback-spring.xml

diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml
index a70f485..d5861fa 100644 (file)
--- a/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml
@@ -59,6 +59,30 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
+      - name: {{ include "common.name" . }}-update-config
+        image: "{{ .Values.global.envsubstImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        command:
+          - sh
+        args:
+          - -c
+          - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
+        env:
+          - name: KEYSTORE_PASS
+            valueFrom:
+              secretKeyRef:
+                name: {{ include "common.release" . }}-sdc-cs-secrets
+                key: keystore_password
+          - name: TRUSTSTORE_PASS
+            valueFrom:
+              secretKeyRef:
+                name: {{ include "common.release" . }}-sdc-cs-secrets
+                key: truststore_password
+        volumeMounts:
+          - name: {{ include "common.fullname" . }}-environments
+            mountPath: /config-input/
+          - name: sdc-environments-output
+            mountPath: /config-output/
       containers:
         - name: {{ include "common.name" . }}
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -89,8 +113,14 @@ spec:
               fieldRef:
                 fieldPath: status.podIP
           volumeMounts:
-          - name: {{ include "common.fullname" . }}-environments
+          - name: sdc-environments-output
             mountPath: /var/lib/jetty/chef-solo/environments/
+          - name: sdc-cert
+            mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.p12
+            subPath: org.onap.sdc.p12
+          - name: sdc-cert
+            mountPath: /var/lib/jetty/chef-solo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.trust.jks
+            subPath: org.onap.sdc.trust.jks
           - name: {{ include "common.fullname" . }}-localtime
             mountPath: /etc/localtime
             readOnly: true
@@ -130,6 +160,9 @@ spec:
         - name: {{ include "common.fullname" . }}-localtime
           hostPath:
             path: /etc/localtime
+        - name: sdc-cert
+          secret:
+            secretName: sdc-cert
         - name: {{ include "common.fullname" . }}-filebeat-conf
           configMap:
             name: {{ include "common.release" . }}-sdc-filebeat-configmap
@@ -142,7 +175,9 @@ spec:
           configMap:
             name: {{ include "common.release" . }}-sdc-environments-configmap
             defaultMode: 0755
-        - name:  {{ include "common.fullname" . }}-logs
+        - name: sdc-environments-output
+          emptyDir: { medium: "Memory" }
+        - name: {{ include "common.fullname" . }}-logs
           emptyDir: {}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"

diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml b/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml
index 28181d1..b6572f5 100644 (file)
--- a/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml
+++ b/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml
@@ -27,7 +27,7 @@ global:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/dcae-fe:1.3.3
+image: onap/dcae-fe:1.3.4
 pullPolicy: Always
 config:
   javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-fe/logback-spring.xml

diff --git a/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml
index 8e19489..7a11ef9 100644 (file)
--- a/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml
@@ -46,6 +46,30 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
+      - name: {{ include "common.name" . }}-update-config
+        image: "{{ .Values.global.envsubstImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        command:
+          - sh
+        args:
+          - -c
+          - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
+        env:
+          - name: KEYSTORE_PASS
+            valueFrom:
+              secretKeyRef:
+                name: {{ include "common.release" . }}-sdc-cs-secrets
+                key: keystore_password
+          - name: TRUSTSTORE_PASS
+            valueFrom:
+              secretKeyRef:
+                name: {{ include "common.release" . }}-sdc-cs-secrets
+                key: truststore_password
+        volumeMounts:
+          - name: {{ include "common.fullname" . }}-environments
+            mountPath: /config-input/
+          - name: sdc-environments-output
+            mountPath: /config-output/
       containers:
         - name: {{ include "common.name" . }}
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -79,8 +103,14 @@ spec:
           - name: JAVA_OPTIONS
             value: {{ .Values.config.javaOptions }}
           volumeMounts:
-          - name: {{ include "common.fullname" . }}-environments
+          - name: sdc-environments-output
             mountPath: /var/lib/jetty/chef-solo/environments/
+          - name: sdc-cert
+            mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.p12
+            subPath: org.onap.sdc.p12
+          - name: sdc-cert
+            mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.trust.jks
+            subPath: org.onap.sdc.trust.jks
           - name: {{ include "common.fullname" . }}-localtime
             mountPath: /etc/localtime
             readOnly: true
@@ -112,6 +142,9 @@ spec:
         - name: {{ include "common.fullname" . }}-localtime
           hostPath:
             path: /etc/localtime
+        - name: sdc-cert
+          secret:
+            secretName: sdc-cert
         - name: {{ include "common.fullname" . }}-filebeat-conf
           configMap:
             name: {{ include "common.release" . }}-sdc-filebeat-configmap
@@ -128,7 +161,9 @@ spec:
           configMap:
             name: {{ include "common.release" . }}-sdc-environments-configmap
             defaultMode: 0755
-        - name:  {{ include "common.fullname" . }}-logs
+        - name: sdc-environments-output
+          emptyDir: { medium: "Memory" }
+        - name: {{ include "common.fullname" . }}-logs
           emptyDir: {}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"

diff --git a/kubernetes/sdc/charts/sdc-fe/values.yaml b/kubernetes/sdc/charts/sdc-fe/values.yaml
index 64ccaa8..f5d1956 100644 (file)
--- a/kubernetes/sdc/charts/sdc-fe/values.yaml
+++ b/kubernetes/sdc/charts/sdc-fe/values.yaml
@@ -28,7 +28,7 @@ global:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/sdc-frontend:1.6.3
+image: onap/sdc-frontend:1.6.4
 pullPolicy: Always
 
 config:

diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml
index 75779a3..3db3685 100644 (file)
--- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml
@@ -46,6 +46,30 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
+      - name: {{ include "common.name" . }}-update-config
+        image: "{{ .Values.global.envsubstImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        command:
+          - sh
+        args:
+          - -c
+          - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
+        env:
+          - name: KEYSTORE_PASS
+            valueFrom:
+              secretKeyRef:
+                name: {{ include "common.release" . }}-sdc-cs-secrets
+                key: keystore_password
+          - name: TRUSTSTORE_PASS
+            valueFrom:
+              secretKeyRef:
+                name: {{ include "common.release" . }}-sdc-cs-secrets
+                key: truststore_password
+        volumeMounts:
+          - name: {{ include "common.fullname" . }}-environments
+            mountPath: /config-input/
+          - name: sdc-environments-output
+            mountPath: /config-output/
       containers:
         - name: {{ include "common.name" . }}
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -93,8 +117,14 @@ spec:
           - name: SDC_CERT_DIR
             value: {{ .Values.cert.certDir }}
           volumeMounts:
-          - name: {{ include "common.fullname" . }}-environments
+          - name: sdc-environments-output
             mountPath: /var/lib/jetty/chef-solo/environments/
+          - name: sdc-cert
+            mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.p12
+            subPath: org.onap.sdc.p12
+          - name: sdc-cert
+            mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.trust.jks
+            subPath: org.onap.sdc.trust.jks
           - name: {{ include "common.fullname" . }}-localtime
             mountPath: /etc/localtime
             readOnly: true
@@ -125,6 +155,9 @@ spec:
       - name: {{ include "common.fullname" . }}-localtime
         hostPath:
           path: /etc/localtime
+      - name: sdc-cert
+        secret:
+          secretName: sdc-cert
       - name: {{ include "common.fullname" . }}-filebeat-conf
         configMap:
           name: {{ include "common.release" . }}-sdc-filebeat-configmap
@@ -137,6 +170,8 @@ spec:
         configMap:
           name: {{ include "common.release" . }}-sdc-environments-configmap
           defaultMode: 0755
+      - name: sdc-environments-output
+        emptyDir: { medium: "Memory" }
       - name:  {{ include "common.fullname" . }}-logs
         emptyDir: {}
       - name:  {{ include "common.fullname" . }}-cert-storage

diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml
index b15f784..946cb34 100644 (file)
--- a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml
+++ b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml
@@ -28,8 +28,8 @@ global:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/sdc-onboard-backend:1.6.3
-onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.3
+image: onap/sdc-onboard-backend:1.6.4
+onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.4
 pullPolicy: Always
 
 # flag to enable debugging - application support required

diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml
index 7490b47..be2eeb6 100644 (file)
--- a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml
@@ -115,5 +115,16 @@ spec:
           - name: SERVER_SSL_TRUST_PASSWORD
             valueFrom:
               secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: truststore_password}
+          volumeMounts:
+          - name: sdc-cert
+            mountPath: /keystore
+            subPath: org.onap.sdc.p12
+          - name: sdc-cert
+            mountPath: /truststore
+            subPath: org.onap.sdc.trust.jks
+      volumes:
+        - name: sdc-cert
+          secret:
+            secretName: sdc-cert
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"

diff --git a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
index 78fdb32..8bab2c8 100644 (file)
--- a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
@@ -28,8 +28,8 @@ global:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/workflow-backend:1.6.2
-configInitImage: onap/workflow-init:1.6.2
+image: onap/workflow-backend:1.6.4
+configInitImage: onap/workflow-init:1.6.4
 pullPolicy: Always
 
 initJob:

diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml
index f419d61..180c427 100644 (file)
--- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml
@@ -90,6 +90,12 @@ spec:
           - name: {{ include "common.fullname" . }}-localtime
             mountPath: /etc/localtime
             readOnly: true
+          - name: sdc-cert
+            mountPath: /var/lib/jetty/etc/org.onap.sdc.p12
+            subPath: org.onap.sdc.p12
+          - name: sdc-cert
+            mountPath: /var/lib/jetty/etc/org.onap.sdc.trust.jks
+            subPath: org.onap.sdc.trust.jks
           resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
@@ -116,6 +122,9 @@ spec:
         - name: {{ include "common.fullname" . }}-localtime
           hostPath:
             path: /etc/localtime
+        - name: sdc-cert
+          secret:
+            secretName: sdc-cert
         - name: {{ include "common.fullname" . }}-filebeat-conf
           configMap:
             name: {{ include "common.release" . }}-sdc-filebeat-configmap

diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml
index 6b0669b..359c33a 100644 (file)
--- a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml
@@ -28,7 +28,7 @@ global:
 #################################################################
 # application image
 repository: nexus3.onap.org:10001
-image: onap/workflow-frontend:1.6.2
+image: onap/workflow-frontend:1.6.4
 pullPolicy: Always
 
 # flag to enable debugging - application support required

diff --git a/kubernetes/sdc/resources/cert/org.onap.sdc.p12 b/kubernetes/sdc/resources/cert/org.onap.sdc.p12
new file mode 100644 (file)
index 0000000..4468560
Binary files /dev/null and b/kubernetes/sdc/resources/cert/org.onap.sdc.p12 differ

diff --git a/kubernetes/sdc/resources/cert/org.onap.sdc.trust.jks b/kubernetes/sdc/resources/cert/org.onap.sdc.trust.jks
new file mode 100644 (file)
index 0000000..e6686cc
Binary files /dev/null and b/kubernetes/sdc/resources/cert/org.onap.sdc.trust.jks differ

diff --git a/kubernetes/sdc/resources/config/environments/AUTO.json b/kubernetes/sdc/resources/config/environments/AUTO.json
index 57d774e..2bd165b 100755 (executable)
--- a/kubernetes/sdc/resources/config/environments/AUTO.json
+++ b/kubernetes/sdc/resources/config/environments/AUTO.json
@@ -104,6 +104,10 @@
             "username": "user1@sdc.com",
             "password": "password=="
          }
+      },
+      "jetty": {
+         "keystore_pwd": "${KEYSTORE_PASS}",
+         "truststore_pwd": "${TRUSTSTORE_PASS}"
       }
     }
 }

diff --git a/kubernetes/sdc/templates/secrets.yaml b/kubernetes/sdc/templates/secrets.yaml
index ba2ec86..6187104 100644 (file)
--- a/kubernetes/sdc/templates/secrets.yaml
+++ b/kubernetes/sdc/templates/secrets.yaml
@@ -35,4 +35,18 @@ data:
   truststore_password: "{{ .Values.global.secrets.truststore_password }}"
   keystore_password: "{{ .Values.global.secrets.keystore_password }}"
   # workflow
-  wf_external_user_password: "{{ .Values.global.secrets.wf_external_user_password }}"
\ No newline at end of file
+  wf_external_user_password: "{{ .Values.global.secrets.wf_external_user_password }}"
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: sdc-cert
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ include "common.release" . }}
+    heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/cert/*").AsSecrets . | indent 2 }}

diff --git a/kubernetes/sdc/values.yaml b/kubernetes/sdc/values.yaml
index dfbd8c8..5701a91 100644 (file)
--- a/kubernetes/sdc/values.yaml
+++ b/kubernetes/sdc/values.yaml
@@ -23,8 +23,8 @@ global:
     #Should be the password of shared cassandra instance/chart
     cs_password: Y2Fzc2FuZHJh
     cs_truststore_password: XS5dW3hndHplXWhCaHoqd3ldfW0jbGYq
-    truststore_password: XS5dW3hndHplXWhCaHoqd3ldfW0jbGYq
-    keystore_password: IXBwSi5KdlduMGhHaClvVkZdKFtLdile
+    truststore_password: eitLRWo7dCssS05eaWltU2lTODllI3Aw
+    keystore_password: PyhrUCFZdXIhWyohWTUhRV5mKFpLYzMx
     wf_external_user_password: S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ==
   ubuntuInitRepository: oomk8s
   ubuntuInitImage: ubuntu-init:1.0.0
@@ -41,6 +41,7 @@ global:
    dataCenter: Pod
   security:
     disableHttp: true
+  envsubstImage: dibi/envsubst
 config:
   logstashServiceName: log-ls
   logstashPort: 5044