Code Review / oom.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: f8bda5c)
moving certs and keys to k8s secrets 23/11923/1
authorKeren Joseph <keren.joseph@amdocs.com>
Tue, 12 Sep 2017 07:13:15 +0000 (10:13 +0300)
committerKeren Joseph <keren.joseph@amdocs.com>
Tue, 12 Sep 2017 10:24:47 +0000 (13:24 +0300)
changed location of used certs and keys files, updated deploy yamls and create/delete all
Issue-ID: OOM-293
Change-Id: I53766b7028d6b725bf381875105b196246ff2ee1
Signed-off-by: Keren Joseph <keren.joseph@amdocs.com>
18 files changed:
kubernetes/aai/templates/data-router-deployment.yaml patch | blob | history
kubernetes/aai/templates/modelloader-deployment.yaml patch | blob | history
kubernetes/aai/templates/search-data-service-deployment.yaml patch | blob | history
kubernetes/aai/templates/sparky-be-deployment.yaml patch | blob | history
kubernetes/config/.helmignore patch | blob | history
kubernetes/config/certs/aai/aai-os-cert.p12 [moved from kubernetes/config/docker/init/src/config/aai/model-loader/appconfig/auth/aai-os-cert.p12 with 100% similarity] patch | blob | history
kubernetes/config/certs/aai/client-cert-onap.p12 [moved from kubernetes/config/docker/init/src/config/aai/data-router/appconfig/auth/client-cert-onap.p12 with 100% similarity] patch | blob | history
kubernetes/config/certs/aai/inventory-ui-keystore [moved from kubernetes/config/docker/init/src/config/aai/sparky-be/appconfig/auth/inventory-ui-keystore with 100% similarity] patch | blob | history
kubernetes/config/certs/aai/tomcat_keystore [moved from kubernetes/config/docker/init/src/config/aai/data-router/appconfig/auth/tomcat_keystore with 100% similarity] patch | blob | history
kubernetes/config/certs/message-router/mykey [moved from kubernetes/config/docker/init/src/config/message-router/dmaap/mykey with 100% similarity] patch | blob | history
kubernetes/config/certs/mso/aai.crt [moved from kubernetes/config/docker/init/src/config/mso/mso/aai.crt with 100% similarity] patch | blob | history
kubernetes/config/certs/mso/encryption.key [moved from kubernetes/config/docker/init/src/config/mso/mso/encryption.key with 100% similarity] patch | blob | history
kubernetes/config/certs/policy/policy-keystore [moved from kubernetes/config/docker/init/src/config/policy/opt/policy/config/drools/policy-keystore with 100% similarity] patch | blob | history
kubernetes/message-router/templates/message-router-dmaap.yaml patch | blob | history
kubernetes/mso/templates/mso-deployment.yaml patch | blob | history
kubernetes/oneclick/createAll.bash patch | blob | history
kubernetes/oneclick/deleteAll.bash patch | blob | history
kubernetes/policy/templates/dep-drools.yaml patch | blob | history

diff --git a/kubernetes/aai/templates/data-router-deployment.yaml b/kubernetes/aai/templates/data-router-deployment.yaml
index f823061..0033208 100644 (file)
--- a/kubernetes/aai/templates/data-router-deployment.yaml
+++ b/kubernetes/aai/templates/data-router-deployment.yaml
@@ -35,6 +35,10 @@ spec:
         volumeMounts:
         - mountPath: /opt/app/data-router/config/
           name: data-router-config
+        - mountPath: /opt/app/data-router/config/auth/tomcat_keystore
+          name: data-router-tomcat-key
+        - mountPath: /opt/app/data-router/config/auth/client-cert-onap.p12 
+          name: data-router-client-cert
         - mountPath: /opt/app/data-router/dynamic/
           name: data-router-dynamic
         - mountPath: /logs/
@@ -56,6 +60,12 @@ spec:
       - name: data-router-logs
         hostPath:
           path: "/dockerdata-nfs/{{ .Values.nsPrefix }}/aai/data-router/logs/"
+      - name: data-router-tomcat-key
+        secret:
+          secretName: secret-{{ .Values.nsPrefix }}-aai
+      - name: data-router-client-cert
+        secret:
+          secretName: secret-{{ .Values.nsPrefix }}-aai
       restartPolicy: Always
       imagePullSecrets:
       - name: "{{ .Values.nsPrefix }}-docker-registry-key"
diff --git a/kubernetes/aai/templates/modelloader-deployment.yaml b/kubernetes/aai/templates/modelloader-deployment.yaml
index 5391273..ec6a917 100644 (file)
--- a/kubernetes/aai/templates/modelloader-deployment.yaml
+++ b/kubernetes/aai/templates/modelloader-deployment.yaml
@@ -20,6 +20,8 @@ spec:
         volumeMounts:
         - mountPath: /opt/app/model-loader/config/
           name: aai-model-loader-config
+        - mountPath: /opt/app/model-loader/config/auth/aai-os-cert.p12
+          name: aai-os-cert
         - mountPath: /logs/
           name: aai-model-loader-logs
         image: "{{ .Values.image.modelLoaderImage }}:{{ .Values.image.modelLoaderVersion }}"
@@ -35,6 +37,9 @@ spec:
       - name: aai-model-loader-logs
         hostPath:
           path: "/dockerdata-nfs/{{ .Values.nsPrefix }}/aai/model-loader/logs/"
+      - name: aai-os-cert
+        secret:
+          secretName: secret-{{ .Values.nsPrefix }}-aai
       restartPolicy: Always
       imagePullSecrets:
       - name: "{{ .Values.nsPrefix }}-docker-registry-key"
diff --git a/kubernetes/aai/templates/search-data-service-deployment.yaml b/kubernetes/aai/templates/search-data-service-deployment.yaml
index f2db937..8f4acef 100644 (file)
--- a/kubernetes/aai/templates/search-data-service-deployment.yaml
+++ b/kubernetes/aai/templates/search-data-service-deployment.yaml
@@ -27,6 +27,8 @@ spec:
         volumeMounts:
         - mountPath: /opt/app/search-data-service/config/
           name: aai-search-data-service-config
+        - mountPath: /opt/app/search-data-service/config/auth/tomcat_keystore
+          name: aai-tomcat-key
         - mountPath: /logs/
           name: aai-search-data-service-logs
         ports:
@@ -40,6 +42,9 @@ spec:
       - name: aai-search-data-service-config
         hostPath:
           path: "/dockerdata-nfs/{{ .Values.nsPrefix }}/aai/search-data-service/appconfig/"
+      - name: aai-tomcat-key
+        secret:
+          secretName: secret-{{ .Values.nsPrefix }}-aai
       - name: aai-search-data-service-logs
         hostPath:
           path: "/dockerdata-nfs/{{ .Values.nsPrefix }}/aai/search-data-service/logs/"
diff --git a/kubernetes/aai/templates/sparky-be-deployment.yaml b/kubernetes/aai/templates/sparky-be-deployment.yaml
index 6a8ff93..f4c44e2 100644 (file)
--- a/kubernetes/aai/templates/sparky-be-deployment.yaml
+++ b/kubernetes/aai/templates/sparky-be-deployment.yaml
@@ -27,6 +27,12 @@ spec:
         volumeMounts:
         - mountPath: /opt/app/sparky/config/
           name: aai-sparky-be-config
+        - mountPath: /opt/app/sparky/config/auth/client-cert-onap.p12 
+          name: aai-sparky-be-client-cert
+        - mountPath: /opt/app/sparky/config/auth/aai-os-cert.p12
+          name: aai-sparky-be-aai-os-cert
+        - mountPath: /opt/app/sparky/config/auth/inventory-ui-keystore
+          name: aai-sparky-be-inventory-key
         - mountPath: /logs/
           name: aai-sparky-be-logs
         ports:
@@ -43,6 +49,15 @@ spec:
       - name: aai-sparky-be-logs
         hostPath:
           path: "/dockerdata-nfs/{{ .Values.nsPrefix }}/aai/sparky-be/logs/"
+      - name: aai-sparky-be-client-cert
+        secret:
+          secretName: secret-{{ .Values.nsPrefix }}-aai
+      - name: aai-sparky-be-aai-os-cert
+        secret:
+          secretName: secret-{{ .Values.nsPrefix }}-aai
+      - name: aai-sparky-be-inventory-key
+        secret:
+          secretName: secret-{{ .Values.nsPrefix }}-aai
       restartPolicy: Always
       imagePullSecrets:
       - name: "{{ .Values.nsPrefix }}-docker-registry-key"
diff --git a/kubernetes/config/.helmignore b/kubernetes/config/.helmignore
index 4c38bae..bc7bb96 100644 (file)
--- a/kubernetes/config/.helmignore
+++ b/kubernetes/config/.helmignore
@@ -22,4 +22,5 @@
 
 #ignore config docker image files
 docker
-createConfig.sh
\ No newline at end of file
+createConfig.sh
+certs
diff --git a/kubernetes/message-router/templates/message-router-dmaap.yaml b/kubernetes/message-router/templates/message-router-dmaap.yaml
index 59c57f8..0579541 100644 (file)
--- a/kubernetes/message-router/templates/message-router-dmaap.yaml
+++ b/kubernetes/message-router/templates/message-router-dmaap.yaml
@@ -69,7 +69,7 @@ spec:
         hostPath:
           path: /dockerdata-nfs/{{ .Values.nsPrefix }}/message-router/dmaap/cadi.properties
       - name: mykey
-        hostPath:
-          path: /dockerdata-nfs/{{ .Values.nsPrefix }}/message-router/dmaap/mykey
+        secret:
+          secretName: secret-{{ .Values.nsPrefix }}-message-router
       imagePullSecrets:
       - name: "{{ .Values.nsPrefix }}-docker-registry-key"
diff --git a/kubernetes/mso/templates/mso-deployment.yaml b/kubernetes/mso/templates/mso-deployment.yaml
index 0f3034f..9414990 100644 (file)
--- a/kubernetes/mso/templates/mso-deployment.yaml
+++ b/kubernetes/mso/templates/mso-deployment.yaml
@@ -49,6 +49,10 @@ spec:
         volumeMounts:
         - mountPath: /shared
           name: mso
+        - mountPath: /shared/aai.crt
+          name: mso-aai-crt
+        - mountPath: /shared/encryption.key
+          name: mso-key
         - mountPath: /docker-files
           name: mso-docker-files
         env:
@@ -72,5 +76,11 @@ spec:
         - name: mso-docker-files
           hostPath:
             path: /dockerdata-nfs/{{ .Values.nsPrefix }}/mso/docker-files
+        - name: mso-aai-crt
+          secret:
+            secretName: secret-{{ .Values.nsPrefix }}-mso
+        - name: mso-key
+          secret:
+            secretName: secret-{{ .Values.nsPrefix }}-mso
       imagePullSecrets:
       - name: "{{ .Values.nsPrefix }}-docker-registry-key"
diff --git a/kubernetes/oneclick/createAll.bash b/kubernetes/oneclick/createAll.bash
index 7b8e2f8..0ecee03 100755 (executable)
--- a/kubernetes/oneclick/createAll.bash
+++ b/kubernetes/oneclick/createAll.bash
@@ -26,6 +26,14 @@ create_registry_key() {
   kubectl --namespace $1-$2 create secret docker-registry $3 --docker-server=$4 --docker-username=$5 --docker-password=$6 --docker-email=$7
 }
 
+create_certs_secret() {
+  if [ -d $LOCATION/config/certs/$i/ ]; then
+    printf "\nCreating certs and keys secret **********\n"
+    _CERTS_FILES=$(find $LOCATION/config/certs/$2/ -type f | awk '$0="--from-file="$0' ORS=' ')
+    kubectl create secret generic secret-$1-$2 $_CERTS_FILES -n $1-$2
+  fi
+}
+
 create_onap_helm() {
   HELM_VALUES_ADDITION=""
   if [[ ! -z $HELM_VALUES_FILEPATH ]]; then
@@ -118,6 +126,8 @@ for i in ${HELM_APPS[@]}; do
   printf "\nCreating registry secret **********\n"
   create_registry_key $NS $i ${NS}-docker-registry-key $ONAP_DOCKER_REGISTRY $DU $DP $ONAP_DOCKER_MAIL
 
+  create_certs_secret $NS $i
+
   printf "\nCreating deployments and services **********\n"
   create_onap_helm $NS $i $start
 
diff --git a/kubernetes/oneclick/deleteAll.bash b/kubernetes/oneclick/deleteAll.bash
index 40d0701..f7c48fd 100755 (executable)
--- a/kubernetes/oneclick/deleteAll.bash
+++ b/kubernetes/oneclick/deleteAll.bash
@@ -16,6 +16,13 @@ delete_registry_key() {
   kubectl --namespace $1-$2 delete secret ${1}-docker-registry-key
 }
 
+delete_certs_secret() {
+  if [ -d $LOCATION/config/certs/$i/ ]; then
+    kubectl delete secret secret-$1-$2 -n $1-$2
+  fi
+}
+
+
 delete_app_helm() {
   helm delete $1-$2 --purge
 }
@@ -36,8 +43,9 @@ EOF
 NS=
 INCL_SVC=false
 APP=
+LOCATION="../"
 
-while getopts ":n:u:s:a:" PARAM; do
+while getopts ":n:u:s:a:l:" PARAM; do
   case $PARAM in
     u)
       usage
@@ -53,6 +61,9 @@ while getopts ":n:u:s:a:" PARAM; do
         exit 1
       fi
       ;;
+    l)
+      LOCATION=${OPTARG}
+      ;;
     ?)
       usage
       exit
@@ -74,6 +85,7 @@ printf "\n********** Cleaning up ONAP: ${ONAP_APPS[*]}\n"
 
 for i in ${HELM_APPS[@]}; do
 
+  delete_certs_secret $NS $i
   delete_app_helm $NS $i
   delete_namespace $NS $i
 
diff --git a/kubernetes/policy/templates/dep-drools.yaml b/kubernetes/policy/templates/dep-drools.yaml
index 75055c1..7da046e 100644 (file)
--- a/kubernetes/policy/templates/dep-drools.yaml
+++ b/kubernetes/policy/templates/dep-drools.yaml
@@ -66,6 +66,8 @@ spec:
         volumeMounts:
         - mountPath: /tmp/policy-install/config
           name: drools
+        - mountPath: /tmp/policy-install/config/policy-keystore
+          name: drools-keystore
         - mountPath: /usr/share/maven/conf/settings.xml
           name: drools-settingsxml
       volumes:
@@ -75,5 +77,8 @@ spec:
         - name: drools
           hostPath:
             path:  /dockerdata-nfs/{{ .Values.nsPrefix }}/policy/opt/policy/config/drools/
+        - name: drools-keystore
+          secret:
+            secretName: secret-{{ .Values.nsPrefix }}-policy
       imagePullSecrets:
       - name: "{{ .Values.nsPrefix }}-docker-registry-key"
Introduces the ONAP Platform OOM (ONAP Operations Manager) to efficiently Deploy, Manage, Operate the ONAP platform and its components (e.g. MSO, DCAE, SDC, etc.) and infrastructure (VMs, Containers).