Add sms preload job that preloads secrets
Add a preload job that loads secrets from config
files into secret management service after it comes up.
P1: Includes osdf.json which contains secrets for oof-osdf
P2: Add has.json for oof-has
Issue-ID: AAF-548
Change-Id: Ib03cf6771a445be8ab00621cf26ca0e902af4ab3
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
diff --git a/kubernetes/aaf/charts/aaf-sms/resources/config/has.json b/kubernetes/aaf/charts/aaf-sms/resources/config/has.json
new file mode 100644
index 0000000..9d017f9
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-sms/resources/config/has.json
@@ -0,0 +1,36 @@
+{
+ "domain": {
+ "name": "has",
+ "secrets": [
+ {
+ "name": "aai",
+ "values": {
+ "username": "OOF",
+ "password": "OOF"
+ }
+ },
+ {
+ "name": "conductor_api",
+ "values": {
+ "username": "admin1",
+ "password": "plan.15"
+ }
+ },
+ {
+ "name": "sdnc",
+ "values": {
+ "username": "admin",
+ "password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U"
+ }
+ },
+ {
+ "name": "music_api",
+ "values": {
+ "aafuser": "conductor",
+ "aafpass": "c0nduct0r",
+ "aafns": "conductor"
+ }
+ }
+ ]
+ }
+}
diff --git a/kubernetes/aaf/charts/aaf-sms/resources/config/osdf.json b/kubernetes/aaf/charts/aaf-sms/resources/config/osdf.json
new file mode 100644
index 0000000..0950957
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-sms/resources/config/osdf.json
@@ -0,0 +1,98 @@
+{
+ "domain": {
+ "name": "osdf",
+ "secrets": [
+ {
+ "name": "so",
+ "values": {
+ "UserName": "",
+ "Password": ""
+ }
+ },
+ {
+ "name": "conductor",
+ "values": {
+ "UserName": "admin1",
+ "Password": "plan.15"
+ }
+ },
+ {
+ "name": "policyPlatform",
+ "values": {
+ "UserName": "testpdp",
+ "Password": "alpha123"
+ }
+ },
+ {
+ "name": "policyClient",
+ "values": {
+ "UserName": "python",
+ "Password": "test"
+ }
+ },
+ {
+ "name": "dmaap",
+ "values": {
+ "UserName": "NA",
+ "Password": "NA"
+ }
+ },
+ {
+ "name": "sdc",
+ "values": {
+ "UserName": "NA",
+ "Password": "NA"
+ }
+ },
+ {
+ "name": "osdfPlacement",
+ "values": {
+ "UserName": "test",
+ "Password": "testpwd"
+ }
+ },
+ {
+ "name": "osdfPlacementSO",
+ "values": {
+ "UserName": "so_test",
+ "Password": "so_testpwd"
+ }
+ },
+ {
+ "name": "osdfPlacementVFC",
+ "values": {
+ "UserName": "vfc_test",
+ "Password": "vfc_testpwd"
+ }
+ },
+ {
+ "name": "osdfCMScheduler",
+ "values": {
+ "UserName": "test1",
+ "Password": "testpwd1"
+ }
+ },
+ {
+ "name": "configDb",
+ "values": {
+ "UserName": "osdf",
+ "Password": "passwd"
+ }
+ },
+ {
+ "name": "pciHMS",
+ "values": {
+ "UserName": "",
+ "Password": ""
+ }
+ },
+ {
+ "name": "osdfPCIOpt",
+ "values": {
+ "UserName": "pci_test",
+ "Password": "pci_testpwd"
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/kubernetes/aaf/charts/aaf-sms/templates/configmap.yaml b/kubernetes/aaf/charts/aaf-sms/templates/configmap.yaml
index 72ce6fb..b513d99 100644
--- a/kubernetes/aaf/charts/aaf-sms/templates/configmap.yaml
+++ b/kubernetes/aaf/charts/aaf-sms/templates/configmap.yaml
@@ -1,3 +1,4 @@
+{{/*
# Copyright 2018 Intel Corporation, Inc
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,6 +12,7 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
@@ -25,3 +27,16 @@
data:
smsconfig.json: |
{{ .Values.config | toJson }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-preload
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}-preload
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/aaf/charts/aaf-sms/templates/job.yaml b/kubernetes/aaf/charts/aaf-sms/templates/job.yaml
new file mode 100644
index 0000000..2cee8d5
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-sms/templates/job.yaml
@@ -0,0 +1,92 @@
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-preload
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
+ spec:
+ initContainers:
+ - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - "aaf-sms"
+ - --container-name
+ - "aaf-sms-quorumclient"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ containers:
+ - image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-preload
+ command:
+ - "/sms/bin/preload"
+ - "-cacert"
+ - "/sms/certs/aaf_root_ca.cer"
+ - "-jsondir"
+ - "/preload/config"
+ - "-serviceport"
+ - "{{ .Values.service.internalPort }}"
+ - "-serviceurl"
+ - "https://aaf-sms.{{ include "common.namespace" . }}"
+ workingDir: /sms
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /preload/config
+ name: {{ include "common.name" . }}-preload
+ resources:
+{{ include "common.resources" . | indent 10 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name : {{ include "common.name" . }}-preload
+ configMap:
+ name: {{ include "common.fullname" . }}-preload
+ restartPolicy: OnFailure
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"