- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: uui-server
version: ~12.x-0
repository: 'file://components/uui-server'
+{{/*
+# Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
{{ include "common.ingress" . }}
- name: common
version: ~12.x-0
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
#enable shutdown
endpoints.shutdown.enabled=true
endpoints.shutdown.sensitive=false
-
-{{- if (include "common.needTLS" .) }}
-server.ssl.protocol=TLS
-server.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
-server.ssl.key-store-password=${KEYSTORE_PASSWORD}
-server.ssl.key-store-type=PKCS12
-{{- end }}
spec:
{{ include "common.podSecurityContext" . | indent 6 | trim }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }}
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ initContainers:
- command:
- sh
args:
args:
- -c
- |
- export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
bash /uui/run.sh
ports: {{ include "common.containerPorts" . | nindent 10 }}
# disable liveness probe when breakpoints set in debugger
value: --spring.config.location=file:/config/application.properties
- name: POSTGRES_DB_NAME
value: {{ .Values.postgres.config.pgDatabase }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ volumeMounts:
- mountPath: /uui/run.sh
name: entrypoint
subPath: run.sh
configMap:
name: {{ include "common.fullname" . }}-entrypoint
defaultMode: 0755
- {{ include "common.certInitializer.volumes" . | nindent 6 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
{{ include "common.ingress" . }}
password: '{{ .Values.postgres.config.pgUserPassword }}'
passwordPolicy: generate
-
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: uui-server-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: uui
- fqi: uui@uui.onap.org
- fqi_namespace: org.onap.uui
- public_fqdn: uui.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- aaf_add_config: |
- echo "*** changing them into shell safe ones"
- export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- cd {{ .Values.credsPath }}
- keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
- -storepass "${cadi_keystore_password_p12}" \
- -keystore {{ .Values.fqi_namespace }}.p12
- keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \
- -storepass "${cadi_truststore_password}" \
- -keystore {{ .Values.fqi_namespace }}.trust.jks
- echo "*** set key password as same password as keystore password"
- keytool -keypasswd -new "${KEYSTORE_PASSWORD}" \
- -keystore {{ .Values.fqi_namespace }}.jks \
- -keypass "${cadi_keystore_password_p12}" \
- -storepass "${KEYSTORE_PASSWORD}" -alias {{ .Values.fqi }}
- echo "*** save the generated passwords"
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
- echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop
- echo "*** change ownership of certificates to targeted user"
- chown -R 1000 {{ .Values.credsPath }}
-
-
#################################################################
# Application configuration defaults.
#################################################################
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!--APR library loader. Documentation at /docs/apr.html -->
- <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="{{ (eq "true" (include "common.needTLS" .)) | ternary "on" "off" }}" />
+ <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="off" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
-->
- {{ if (include "common.needTLS" .) }}
- <Connector port="8080" protocol="HTTP/1.1"
- connectionTimeout="20000"
- redirectPort="8443" />
-
- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12" keystorePass="${KEYSTORE_PASSWORD}" />
- {{ else }}
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" />
- {{ end }}
<!-- A "Connector" using the shared thread pool-->
<!--
-->
<!-- Define an AJP 1.3 Connector on port 8009 -->
- {{ if (include "common.needTLS" .) }}
- <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
- {{ else }}
<Connector port="8009" protocol="AJP/1.3" secretRequired="false" />
- {{ end }}
-
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ initContainers:
- command:
- sh
args:
- -c
- |
- export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
cd /config-input && for PFILE in `ls -1`
do
envsubst <${PFILE} >/config/${PFILE}
done
cat /config/server.xml
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+ volumeMounts:
- mountPath: /config-input
name: config-input
- mountPath: /config
ls -lh /opt/
echo "*** /opt/app"
ls -lh /opt/app/
- echo "*** /opt/app/osaaf/"
- ls -lh /opt/app/osaaf/
- echo "*** /opt/app/osaaf/local"
- ls -lh /opt/app/osaaf/local/
/home/uui/uuiStartup.sh
ports: {{ include "common.containerPorts" . | nindent 10 }}
# disable liveness probe when breakpoints set in debugger
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ volumeMounts:
- mountPath: /home/uui/server.xml
name: config
subPath: server.xml
- {{ if not (include "common.needTLS" .) }}
- mountPath: /home/uui/web.xml
name: config
subPath: web.xml
- {{ end }}
env:
- name: MSB_ADDR
value: {{ tpl .Values.msbaddr . }}
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+ volumes:
- name: config-input
configMap:
name: {{ include "common.fullname" . }}
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
{{ include "common.ingress" . }}
global:
uuiPortPrefix: 303
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: uui-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: uui
- fqi: uui@uui.onap.org
- fqi_namespace: org.onap.uui
- public_fqdn: uui.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- aaf_add_config: |
- echo "*** changing them into shell safe ones"
- export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- cd {{ .Values.credsPath }}
- keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
- -storepass "${cadi_keystore_password_p12}" \
- -keystore {{ .Values.fqi_namespace }}.p12
- keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \
- -storepass "${cadi_truststore_password}" \
- -keystore {{ .Values.fqi_namespace }}.trust.jks
- echo "*** save the generated passwords"
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
- echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop
- echo "*** change ownership of certificates to targeted user"
- chown -R 1000 {{ .Values.credsPath }}
-
subChartsOnly:
enabled: true
internalPort: 8080
ports:
- name: http
- port: 8443
- plain_port: 8080
+ port: 8080
nodePort: '98'
annotations:
msb.onap.org/service-info: |
"path":"/iui/usecaseui",
"protocol": "UI",
"visualRange":"1",
- {{ if (include "common.needTLS" .) }}
- "port": "{{ include "common.getPort" (dict "global" . "name" "http") }}",
- "enable_ssl": true
- {{ else }}
+ "port": "http",
"port": "{{ include "common.getPort" (dict "global" . "name" "http" "getPlain" true) }}"
- {{ end }}
}
]{{ end }}
service:
- baseaddr: "uui-ui"
name: "uui"
- port: 8443
- plain_port: 8080
+ port: 8080
config:
ssl: "redirect"
Code Review / oom.git / commitdiff