From: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Date: Mon, 8 Feb 2021 14:29:05 +0000 (+0100)
Subject: [CDS] Retrieve certificates automatically
X-Git-Tag: 8.0.0~66^2
X-Git-Url: https://gerrit.onap.org/r/gitweb?p=oom.git;a=commitdiff_plain;h=1d7647e027a74726e2ce0dea3e0c24933a38a9de

[CDS] Retrieve certificates automatically

Today, CDS UI is using an hardcoded certificate, which is not the right
way to do.
This patch is using certInitializer in order to do it automatically.

Issue-ID: CCSDK-3141
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I5f2e564abd15f685df03be130b3969cad867b0b5
---

diff --git a/kubernetes/cds/components/Makefile b/kubernetes/cds/components/Makefile
index f2e7a1fb82..bf267b7720 100644
--- a/kubernetes/cds/components/Makefile
+++ b/kubernetes/cds/components/Makefile
@@ -17,9 +17,9 @@ OUTPUT_DIR := $(ROOT_DIR)/../../dist
 PACKAGE_DIR := $(OUTPUT_DIR)/packages
 SECRET_DIR := $(OUTPUT_DIR)/secrets
 
-EXCLUDES := soHelpers
+EXCLUDES :=
 HELM_BIN := helm
-HELM_CHARTS := soHelpers $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
 
 .PHONY: $(EXCLUDES) $(HELM_CHARTS)
 
diff --git a/kubernetes/cds/components/cds-ui/requirements.yaml b/kubernetes/cds/components/cds-ui/requirements.yaml
index ff51b4420a..2f608f1baf 100644
--- a/kubernetes/cds/components/cds-ui/requirements.yaml
+++ b/kubernetes/cds/components/cds-ui/requirements.yaml
@@ -16,6 +16,9 @@ dependencies:
   - name: common
     version: ~7.x-0
     repository: '@local'
+  - name: certInitializer
+    version: ~7.x-0
+    repository: '@local'
   - name: repositoryGenerator
     version: ~7.x-0
     repository: '@local'
\ No newline at end of file
diff --git a/kubernetes/cds/components/cds-ui/templates/deployment.yaml b/kubernetes/cds/components/cds-ui/templates/deployment.yaml
index 1c88f56d99..359c713ed4 100644
--- a/kubernetes/cds/components/cds-ui/templates/deployment.yaml
+++ b/kubernetes/cds/components/cds-ui/templates/deployment.yaml
@@ -37,6 +37,9 @@ spec:
         release: {{ include "common.release" . }}
         name: {{ include "common.fullname" . }}
     spec:
+      {{- if .Values.global.aafEnabled }}
+      initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+      {{- end }}
       containers:
         - name: {{ include "common.name" . }}
           image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
@@ -71,12 +74,18 @@ spec:
               value: "{{ .Values.config.api.processor.grpc.port }}"
             - name: API_BLUEPRINT_PROCESSOR_GRPC_AUTH_TOKEN
               value: {{ .Values.config.api.processor.grpc.authToken }}
+            {{- if .Values.global.aafEnabled }}
+            - name: KEYSTORE
+              value: "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12"
+            - name: PASSPHRASE
+              value: "{{ .Values.certInitializer.credsPath }}/mycreds.prop"
+            {{- end }}
           readinessProbe:
             tcpSocket:
               port: {{ .Values.service.internalPort }}
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
-          volumeMounts:
+          volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 12 }}
             - mountPath: /etc/localtime
               name: localtime
               readOnly: true
@@ -90,7 +99,7 @@ spec:
         affinity:
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
-      volumes:
+      volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
         - name: localtime
           hostPath:
             path: /etc/localtime
diff --git a/kubernetes/cds/components/cds-ui/values.yaml b/kubernetes/cds/components/cds-ui/values.yaml
index 1c7f628b2c..a7d0667695 100644
--- a/kubernetes/cds/components/cds-ui/values.yaml
+++ b/kubernetes/cds/components/cds-ui/values.yaml
@@ -22,6 +22,27 @@ global:
 subChartsOnly:
   enabled: true
 
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+  nameOverride: cds-cert-initializer
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  # aafDeployCredsExternalSecret: some secret
+  fqdn: sdnc-cds
+  fqi: sdnc-cds@sdnc-cds.onap.org
+  public_fqdn: sdnc-cds.onap.org
+  cadi_longitude: "0.0"
+  cadi_latitude: "0.0"
+  app_ns: org.osaaf.aaf
+  credsPath: /opt/app/osaaf/local
+  fqi_namespace: org.onap.sdnc-cds
+  aaf_add_config: >
+    /opt/app/aaf_config/bin/agent.sh;
+    /opt/app/aaf_config/bin/agent.sh local showpass
+    {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
+
 # application image
 image: onap/ccsdk-cds-ui-server:1.0.3
 pullPolicy: Always