From: Keren Joseph Date: Tue, 12 Sep 2017 07:13:15 +0000 (+0300) Subject: Revert "moving certs and keys to k8s secrets" X-Git-Tag: 2.0.0-ONAP~659 X-Git-Url: https://gerrit.onap.org/r/gitweb?p=oom.git;a=commitdiff_plain;h=4b7026e95b93f2077f18d0681d55bbac022b5396 Revert "moving certs and keys to k8s secrets" This reverts commit 59ffd500ea34c201fbb3edc39e64655fa8381be0. Tested locally and does not work. DmaaP fails to come up causing many other pods to crash loop. failed to start container "dmaap": Error response from daemon: {"message":"invalid header field value "oci runtime error: container_linux.go:247:starting container process caused "process_linux.go:359: container init caused "rootfs_linux.go:53: mounting "/var/lib/kubelet/pods/9ae222e0-98a9-11e7-badd-02cfc855c3b9 /volumes/kubernetes.io~secret/mykey" to rootfs "/var/lib/docker/aufs/mnt /b92c56185f3371cb1f091679780d40797dd2c6124cd00cb8fe68da2b247363a8" at "/var/lib/docker/aufs/mnt/.../appl/dmaapMR1/etc/keyfile" caused "not a directory"""n""} Issue-ID: OOM-293 Change-Id: I348ffa14718bd6e89e99f2859cf6612c10370559 Signed-off-by: Mandeep Khinda --- diff --git a/kubernetes/aai/templates/data-router-deployment.yaml b/kubernetes/aai/templates/data-router-deployment.yaml index 0033208642..f823061c33 100644 --- a/kubernetes/aai/templates/data-router-deployment.yaml +++ b/kubernetes/aai/templates/data-router-deployment.yaml @@ -35,10 +35,6 @@ spec: volumeMounts: - mountPath: /opt/app/data-router/config/ name: data-router-config - - mountPath: /opt/app/data-router/config/auth/tomcat_keystore - name: data-router-tomcat-key - - mountPath: /opt/app/data-router/config/auth/client-cert-onap.p12 - name: data-router-client-cert - mountPath: /opt/app/data-router/dynamic/ name: data-router-dynamic - mountPath: /logs/ @@ -60,12 +56,6 @@ spec: - name: data-router-logs hostPath: path: "/dockerdata-nfs/{{ .Values.nsPrefix }}/aai/data-router/logs/" - - name: data-router-tomcat-key - secret: - secretName: secret-{{ .Values.nsPrefix }}-aai - - name: data-router-client-cert - secret: - secretName: secret-{{ .Values.nsPrefix }}-aai restartPolicy: Always imagePullSecrets: - name: "{{ .Values.nsPrefix }}-docker-registry-key" diff --git a/kubernetes/aai/templates/modelloader-deployment.yaml b/kubernetes/aai/templates/modelloader-deployment.yaml index ec6a9178a7..5391273d9d 100644 --- a/kubernetes/aai/templates/modelloader-deployment.yaml +++ b/kubernetes/aai/templates/modelloader-deployment.yaml @@ -20,8 +20,6 @@ spec: volumeMounts: - mountPath: /opt/app/model-loader/config/ name: aai-model-loader-config - - mountPath: /opt/app/model-loader/config/auth/aai-os-cert.p12 - name: aai-os-cert - mountPath: /logs/ name: aai-model-loader-logs image: "{{ .Values.image.modelLoaderImage }}:{{ .Values.image.modelLoaderVersion }}" @@ -37,9 +35,6 @@ spec: - name: aai-model-loader-logs hostPath: path: "/dockerdata-nfs/{{ .Values.nsPrefix }}/aai/model-loader/logs/" - - name: aai-os-cert - secret: - secretName: secret-{{ .Values.nsPrefix }}-aai restartPolicy: Always imagePullSecrets: - name: "{{ .Values.nsPrefix }}-docker-registry-key" diff --git a/kubernetes/aai/templates/search-data-service-deployment.yaml b/kubernetes/aai/templates/search-data-service-deployment.yaml index 8f4acef7cb..f2db9370fd 100644 --- a/kubernetes/aai/templates/search-data-service-deployment.yaml +++ b/kubernetes/aai/templates/search-data-service-deployment.yaml @@ -27,8 +27,6 @@ spec: volumeMounts: - mountPath: /opt/app/search-data-service/config/ name: aai-search-data-service-config - - mountPath: /opt/app/search-data-service/config/auth/tomcat_keystore - name: aai-tomcat-key - mountPath: /logs/ name: aai-search-data-service-logs ports: @@ -42,9 +40,6 @@ spec: - name: aai-search-data-service-config hostPath: path: "/dockerdata-nfs/{{ .Values.nsPrefix }}/aai/search-data-service/appconfig/" - - name: aai-tomcat-key - secret: - secretName: secret-{{ .Values.nsPrefix }}-aai - name: aai-search-data-service-logs hostPath: path: "/dockerdata-nfs/{{ .Values.nsPrefix }}/aai/search-data-service/logs/" diff --git a/kubernetes/aai/templates/sparky-be-deployment.yaml b/kubernetes/aai/templates/sparky-be-deployment.yaml index f4c44e28ed..6a8ff9308d 100644 --- a/kubernetes/aai/templates/sparky-be-deployment.yaml +++ b/kubernetes/aai/templates/sparky-be-deployment.yaml @@ -27,12 +27,6 @@ spec: volumeMounts: - mountPath: /opt/app/sparky/config/ name: aai-sparky-be-config - - mountPath: /opt/app/sparky/config/auth/client-cert-onap.p12 - name: aai-sparky-be-client-cert - - mountPath: /opt/app/sparky/config/auth/aai-os-cert.p12 - name: aai-sparky-be-aai-os-cert - - mountPath: /opt/app/sparky/config/auth/inventory-ui-keystore - name: aai-sparky-be-inventory-key - mountPath: /logs/ name: aai-sparky-be-logs ports: @@ -49,15 +43,6 @@ spec: - name: aai-sparky-be-logs hostPath: path: "/dockerdata-nfs/{{ .Values.nsPrefix }}/aai/sparky-be/logs/" - - name: aai-sparky-be-client-cert - secret: - secretName: secret-{{ .Values.nsPrefix }}-aai - - name: aai-sparky-be-aai-os-cert - secret: - secretName: secret-{{ .Values.nsPrefix }}-aai - - name: aai-sparky-be-inventory-key - secret: - secretName: secret-{{ .Values.nsPrefix }}-aai restartPolicy: Always imagePullSecrets: - name: "{{ .Values.nsPrefix }}-docker-registry-key" diff --git a/kubernetes/config/.helmignore b/kubernetes/config/.helmignore index bc7bb96055..4c38baed31 100644 --- a/kubernetes/config/.helmignore +++ b/kubernetes/config/.helmignore @@ -22,5 +22,4 @@ #ignore config docker image files docker -createConfig.sh -certs +createConfig.sh \ No newline at end of file diff --git a/kubernetes/config/certs/aai/client-cert-onap.p12 b/kubernetes/config/docker/init/src/config/aai/data-router/appconfig/auth/client-cert-onap.p12 similarity index 100% rename from kubernetes/config/certs/aai/client-cert-onap.p12 rename to kubernetes/config/docker/init/src/config/aai/data-router/appconfig/auth/client-cert-onap.p12 diff --git a/kubernetes/config/certs/aai/tomcat_keystore b/kubernetes/config/docker/init/src/config/aai/data-router/appconfig/auth/tomcat_keystore similarity index 100% rename from kubernetes/config/certs/aai/tomcat_keystore rename to kubernetes/config/docker/init/src/config/aai/data-router/appconfig/auth/tomcat_keystore diff --git a/kubernetes/config/certs/aai/aai-os-cert.p12 b/kubernetes/config/docker/init/src/config/aai/model-loader/appconfig/auth/aai-os-cert.p12 similarity index 100% rename from kubernetes/config/certs/aai/aai-os-cert.p12 rename to kubernetes/config/docker/init/src/config/aai/model-loader/appconfig/auth/aai-os-cert.p12 diff --git a/kubernetes/config/certs/aai/inventory-ui-keystore b/kubernetes/config/docker/init/src/config/aai/sparky-be/appconfig/auth/inventory-ui-keystore similarity index 100% rename from kubernetes/config/certs/aai/inventory-ui-keystore rename to kubernetes/config/docker/init/src/config/aai/sparky-be/appconfig/auth/inventory-ui-keystore diff --git a/kubernetes/config/certs/message-router/mykey b/kubernetes/config/docker/init/src/config/message-router/dmaap/mykey similarity index 100% rename from kubernetes/config/certs/message-router/mykey rename to kubernetes/config/docker/init/src/config/message-router/dmaap/mykey diff --git a/kubernetes/config/certs/mso/aai.crt b/kubernetes/config/docker/init/src/config/mso/mso/aai.crt similarity index 100% rename from kubernetes/config/certs/mso/aai.crt rename to kubernetes/config/docker/init/src/config/mso/mso/aai.crt diff --git a/kubernetes/config/certs/mso/encryption.key b/kubernetes/config/docker/init/src/config/mso/mso/encryption.key similarity index 100% rename from kubernetes/config/certs/mso/encryption.key rename to kubernetes/config/docker/init/src/config/mso/mso/encryption.key diff --git a/kubernetes/config/certs/policy/policy-keystore b/kubernetes/config/docker/init/src/config/policy/opt/policy/config/drools/policy-keystore similarity index 100% rename from kubernetes/config/certs/policy/policy-keystore rename to kubernetes/config/docker/init/src/config/policy/opt/policy/config/drools/policy-keystore diff --git a/kubernetes/message-router/templates/message-router-dmaap.yaml b/kubernetes/message-router/templates/message-router-dmaap.yaml index 0579541cb1..59c57f85f6 100644 --- a/kubernetes/message-router/templates/message-router-dmaap.yaml +++ b/kubernetes/message-router/templates/message-router-dmaap.yaml @@ -69,7 +69,7 @@ spec: hostPath: path: /dockerdata-nfs/{{ .Values.nsPrefix }}/message-router/dmaap/cadi.properties - name: mykey - secret: - secretName: secret-{{ .Values.nsPrefix }}-message-router + hostPath: + path: /dockerdata-nfs/{{ .Values.nsPrefix }}/message-router/dmaap/mykey imagePullSecrets: - name: "{{ .Values.nsPrefix }}-docker-registry-key" diff --git a/kubernetes/mso/templates/mso-deployment.yaml b/kubernetes/mso/templates/mso-deployment.yaml index 9414990201..0f3034f4cc 100644 --- a/kubernetes/mso/templates/mso-deployment.yaml +++ b/kubernetes/mso/templates/mso-deployment.yaml @@ -49,10 +49,6 @@ spec: volumeMounts: - mountPath: /shared name: mso - - mountPath: /shared/aai.crt - name: mso-aai-crt - - mountPath: /shared/encryption.key - name: mso-key - mountPath: /docker-files name: mso-docker-files env: @@ -76,11 +72,5 @@ spec: - name: mso-docker-files hostPath: path: /dockerdata-nfs/{{ .Values.nsPrefix }}/mso/docker-files - - name: mso-aai-crt - secret: - secretName: secret-{{ .Values.nsPrefix }}-mso - - name: mso-key - secret: - secretName: secret-{{ .Values.nsPrefix }}-mso imagePullSecrets: - name: "{{ .Values.nsPrefix }}-docker-registry-key" diff --git a/kubernetes/oneclick/createAll.bash b/kubernetes/oneclick/createAll.bash index 5012a52d20..7be2e6a7de 100755 --- a/kubernetes/oneclick/createAll.bash +++ b/kubernetes/oneclick/createAll.bash @@ -39,14 +39,6 @@ create_registry_key() { check_return_code $cmd } -create_certs_secret() { - if [ -d $LOCATION/config/certs/$i/ ]; then - printf "\nCreating certs and keys secret **********\n" - _CERTS_FILES=$(find $LOCATION/config/certs/$2/ -type f | awk '$0="--from-file="$0' ORS=' ') - kubectl create secret generic secret-$1-$2 $_CERTS_FILES -n $1-$2 - fi -} - create_onap_helm() { HELM_VALUES_ADDITION="" if [[ ! -z $HELM_VALUES_FILEPATH ]]; then @@ -140,8 +132,6 @@ for i in ${HELM_APPS[@]}; do printf "\nCreating registry secret **********\n" create_registry_key $NS $i ${NS}-docker-registry-key $ONAP_DOCKER_REGISTRY $DU $DP $ONAP_DOCKER_MAIL - create_certs_secret $NS $i - printf "\nCreating deployments and services **********\n" create_onap_helm $NS $i $start diff --git a/kubernetes/oneclick/deleteAll.bash b/kubernetes/oneclick/deleteAll.bash index f7c48fd18d..40d070124a 100755 --- a/kubernetes/oneclick/deleteAll.bash +++ b/kubernetes/oneclick/deleteAll.bash @@ -16,13 +16,6 @@ delete_registry_key() { kubectl --namespace $1-$2 delete secret ${1}-docker-registry-key } -delete_certs_secret() { - if [ -d $LOCATION/config/certs/$i/ ]; then - kubectl delete secret secret-$1-$2 -n $1-$2 - fi -} - - delete_app_helm() { helm delete $1-$2 --purge } @@ -43,9 +36,8 @@ EOF NS= INCL_SVC=false APP= -LOCATION="../" -while getopts ":n:u:s:a:l:" PARAM; do +while getopts ":n:u:s:a:" PARAM; do case $PARAM in u) usage @@ -61,9 +53,6 @@ while getopts ":n:u:s:a:l:" PARAM; do exit 1 fi ;; - l) - LOCATION=${OPTARG} - ;; ?) usage exit @@ -85,7 +74,6 @@ printf "\n********** Cleaning up ONAP: ${ONAP_APPS[*]}\n" for i in ${HELM_APPS[@]}; do - delete_certs_secret $NS $i delete_app_helm $NS $i delete_namespace $NS $i diff --git a/kubernetes/policy/templates/dep-drools.yaml b/kubernetes/policy/templates/dep-drools.yaml index 7da046e156..75055c10d8 100644 --- a/kubernetes/policy/templates/dep-drools.yaml +++ b/kubernetes/policy/templates/dep-drools.yaml @@ -66,8 +66,6 @@ spec: volumeMounts: - mountPath: /tmp/policy-install/config name: drools - - mountPath: /tmp/policy-install/config/policy-keystore - name: drools-keystore - mountPath: /usr/share/maven/conf/settings.xml name: drools-settingsxml volumes: @@ -77,8 +75,5 @@ spec: - name: drools hostPath: path: /dockerdata-nfs/{{ .Values.nsPrefix }}/policy/opt/policy/config/drools/ - - name: drools-keystore - secret: - secretName: secret-{{ .Values.nsPrefix }}-policy imagePullSecrets: - name: "{{ .Values.nsPrefix }}-docker-registry-key"