[COMMON] Use common aaf template in elasticsearch
Instead of copy-pasting code around aaf_agent usage let's use a common
template that automates this.
Issue-ID: AAF-1134
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I9b3c7aab73186c0bf1dfaa5fe21cf2f001ca8619
diff --git a/kubernetes/common/elasticsearch/requirements.yaml b/kubernetes/common/elasticsearch/requirements.yaml
index 8a02fef..5900f41 100644
--- a/kubernetes/common/elasticsearch/requirements.yaml
+++ b/kubernetes/common/elasticsearch/requirements.yaml
@@ -27,3 +27,6 @@
version: ~6.x-0
repository: 'file://components/curator'
condition: elasticsearch.curator.enabled,curator.enabled
+ - name: certInitializer
+ version: ~6.x-0
+ repository: 'file://../certInitializer'
diff --git a/kubernetes/common/elasticsearch/templates/configmap-aaf-add-config.yaml b/kubernetes/common/elasticsearch/templates/configmap-aaf-add-config.yaml
deleted file mode 100644
index b4e0044..0000000
--- a/kubernetes/common/elasticsearch/templates/configmap-aaf-add-config.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-
-{{ if .Values.global.aafEnabled }}
-{{/*
-# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{- if .Values.aafConfig.addconfig -}}
-apiVersion: v1
-kind: ConfigMap
-{{ $suffix := "aaf-add-config" -}}
-metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
-data:
- aaf-add-config.sh: |-
- cd /opt/app/osaaf/local
- mkdir -p certs
- export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0)
- keytool -exportcert -rfc -file certs/cacert.pem -keystore {{ .Values.aafConfig.fqi_namespace }}.trust.jks -alias ca_local_0 -storepass $cadi_truststore_password
- openssl pkcs12 -in {{ .Values.aafConfig.fqi_namespace }}.p12 -out certs/cert.pem -passin pass:$cadi_keystore_password_p12 -passout pass:$cadi_keystore_password_p12
- cp {{ .Values.aafConfig.fqi_namespace }}.key certs/key.pem
- chmod -R 755 certs
-{{- end -}}
-{{- end -}}
diff --git a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml
index 65a7f46..1ab5b59 100644
--- a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml
+++ b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml
@@ -61,7 +61,7 @@
securityContext:
privileged: true
{{- end }}
- {{ include "common.aaf-config" . | nindent 8}}
+ {{ include "common.certInitializer.initContainer" . | nindent 8 }}
containers:
- name: {{ include "common.name" . }}-nginx
@@ -82,7 +82,7 @@
- name: nginx-server-block
mountPath: /opt/bitnami/nginx/conf/server_blocks
{{- end }}
- {{- include "common.aaf-config-volume-mountpath" . | nindent 10 }}
+ {{- include "common.certInitializer.volumeMount" . | nindent 10 }}
- name: {{ include "common.name" . }}-elasticsearch
image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
@@ -163,5 +163,4 @@
configMap:
name: {{ include "common.fullname" . }}-nginx-server-block
{{- end }}
- {{- include "common.aaf-config-volumes" . | nindent 8}}
-
+ {{ include "common.certInitializer.volumes" . | nindent 8 }}
diff --git a/kubernetes/common/elasticsearch/values.yaml b/kubernetes/common/elasticsearch/values.yaml
index 3627b2e..b128943 100644
--- a/kubernetes/common/elasticsearch/values.yaml
+++ b/kubernetes/common/elasticsearch/values.yaml
@@ -17,7 +17,6 @@
#################################################################
global:
aafEnabled: true
- aafAgentImage: onap/aaf/aaf_agent:2.1.15
nodePortPrefix: 302
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.2
@@ -275,34 +274,32 @@
# loadBalancerIP:
## Provide functionality to use RBAC
##
+
#################################################################
-# Secrets metaconfig
+# Certificate configuration
#################################################################
-secrets:
- - uid: &aaf_secret_uid elasticsearch-aaf-deploy-creds
- type: basicAuth
- externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}'
- login: '{{ .Values.aafConfig.aafDeployFqi }}'
- password: '{{ .Values.aafConfig.aafDeployPass }}'
- passwordPolicy: required
-#################################################################
-# aaf configuration defaults.
-#################################################################
-aafConfig:
- addconfig: true
+certInitializer:
+ nameOverride: elasticsearch-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
fqdn: "elastic"
- image: onap/aaf/aaf_agent:2.1.15
app_ns: "org.osaaf.aaf"
- fqi_namespace: org.onap.elastic
+ fqi_namespace: "org.onap.elastic"
fqi: "elastic@elastic.onap.org"
public_fqdn: "aaf.osaaf.org"
- deploy_fqi: "deployer@people.osaaf.org"
- aafDeployFqi: "deployer@people.osaaf.org"
- aafDeployPass: demo123456!
- #aafDeployCredsExternalSecret: some secret
- #cadi_latitude: "52.5"
- #cadi_longitude: "13.4"
- secret_uid: *aaf_secret_uid
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: >
+ cd {{ .Values.credsPath }};
+ mkdir -p certs;
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0);
+ keytool -exportcert -rfc -file certs/cacert.pem -keystore {{ .Values.fqi_namespace }}.trust.jks -alias ca_local_0 -storepass $cadi_truststore_password;
+ openssl pkcs12 -in {{ .Values.fqi_namespace }}.p12 -out certs/cert.pem -passin pass:$cadi_keystore_password_p12 -passout pass:$cadi_keystore_password_p12;
+ cp {{ .Values.fqi_namespace }}.key certs/key.pem;
+ chmod -R 755 certs;
+
#################################################################
# subcharts configuration defaults.
#################################################################