[AAI] Remove AAF/TLS config from charts
Remove aaf and tls config from aai charts
Signed-off-by: efiacor <fiachra.corcoran@est.tech>
Change-Id: Ibb26e7ae00eb6b5a65ec2263b8f57ad6fb345892
Issue-ID: OOM-3111
diff --git a/kubernetes/aai/components/aai-sparky-be/Chart.yaml b/kubernetes/aai/components/aai-sparky-be/Chart.yaml
index 2bfb7f2..da25238 100644
--- a/kubernetes/aai/components/aai-sparky-be/Chart.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/Chart.yaml
@@ -1,6 +1,6 @@
# Copyright © 2018 Amdocs, Bell Canada, AT&T
# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2021-2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -22,12 +22,6 @@
dependencies:
- name: common
version: ~12.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
- - name: certInitializer
- version: ~12.x-0
repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties
index ee13417..178adb8 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties
@@ -1,5 +1,6 @@
{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -18,15 +19,9 @@
#schemaServiceTranslator is used to define whether to retreive the oxm from schema service microservice or read from the disk, possible values are schema-service/config
oxm.schemaServiceTranslatorList=config
# The end point for onap is https://<hostname>:<port>/onap/schema-service/v1/
-{{ if ( include "common.needTLS" .) }}
-oxm.schemaServiceBaseUrl=https://<schema-service/config>/aai/schema-service/v1/
-oxm.schemaServiceKeystore=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
-oxm.schemaServiceTruststore=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
-oxm.schemaServiceKeystorePassword=${KEYSTORE_PASSWORD}
-oxm.schemaServiceTruststorePassword=${TRUSTSTORE_PASSWORD}
-{{ else }}
+
oxm.schemaServiceBaseUrl=http://<schema-service/config>/aai/schema-service/v1/
-{{ end }}
+
# Schema Service need this variable for the time being
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties
index 7c82d1f..e9ed63e 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties
@@ -1,5 +1,6 @@
{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -15,16 +16,7 @@
*/}}
resources.hostname=aai
-{{ if ( include "common.needTLS" .) }}
-resources.port=8443
-resources.authType=SSL_BASIC
-resources.basicAuthUserName=aai@aai.onap.org
-resources.basicAuthPassword=1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek
-resources.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
-resources.trust-store-password=${TRUSTSTORE_PASSWORD}
-resources.client-cert={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
-resources.client-cert-password=${KEYSTORE_PASSWORD}
-{{ else }}
+
resources.port=80
resources.authType=HTTP_NOAUTH
-{{ end }}
+
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties
index 422e7ce..c6e1baa 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties
@@ -1,4 +1,5 @@
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -13,13 +14,6 @@
# limitations under the License.
server.port=8000
-{{ if ( include "common.needTLS" .) }}
-server.ssl.key-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
-server.ssl.key-store-password=${KEYSTORE_PASSWORD}
-server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
-server.ssl.trust-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
-server.ssl.trust-store-password=${TRUSTSTORE_PASSWORD}
-{{ else }}
security.require-ssl=false
server.ssl.enabled=false
-{{ end }}
+
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties
index 90cb000..b5ad6b3 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties
@@ -1,4 +1,5 @@
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -22,16 +23,10 @@
# and in the values.yaml change the internalPort to 9517
#
-spring.profiles.active=camel,fe-prod,oxm-schema-prod,oxm-default,resources,aai-proxy,{{ ( eq "true" ( include "common.needTLS" .)) | ternary "ssl" "http" }}
+spring.profiles.active=camel,fe-prod,oxm-schema-prod,oxm-default,resources,aai-proxy,http
portal.cadiFileLocation={{.Values.config.cadiFileLocation}}
searchservice.hostname={{.Values.global.searchData.serviceName}}
searchservice.port=9509
-{{ if ( include "common.needTLS" .) }}
-searchservice.client-cert={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
-searchservice.client-cert-password=${KEYSTORE_PASSWORD}
-searchservice.truststore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
-searchservice.truststore-password=${TRUSTSTORE_PASSWORD}
-{{ end }}
schema.ingest.file=${CONFIG_HOME}/schemaIngest.properties
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/key.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/key.properties
deleted file mode 100644
index 67268e3..0000000
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/key.properties
+++ /dev/null
@@ -1 +0,0 @@
-cipher.enc.key=AGLDdG4D04BKm2IxIWEr8o==!
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties
deleted file mode 100644
index 7a0fb82..0000000
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties
+++ /dev/null
@@ -1,49 +0,0 @@
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-################################################################################
-############################## Portal properties ###############################
-################################################################################
-
-# Java class that implements the ECOMP role and user mgt API
-*/}}
-portal.api.impl.class = org.onap.aai.sparky.security.portal.PortalRestAPICentralServiceImpl
-
-# Instance of ECOMP Portal where the app has been on-boarded
-# use insecure http for dev purposes to avoid self-signed certificate
-ecomp_rest_url = https://portal-app:8443/ONAPPORTAL/auxapi
-
-# Standard global logon page
-ecomp_redirect_url = https://portal.api.simpledemo.onap.org:30225/ONAPPORTAL/login.htm
-
-# Name of cookie to extract on login request
-csp_cookie_name = EPService
-# Alternate values: DEVL, V_DEVL, V_PROD
-csp_gate_keeper_prod_key = PROD
-
-# Toggles use of UEB
-ueb_listeners_enable = false
-# IDs application withing UEB flow
-ueb_app_key=ueb_key_7
-# Use this tag if the app is centralized
-role_access_centralized=remote
-
-# Connection and Read timeout values
-ext_req_connection_timeout=15000
-ext_req_read_timeout=20000
-
-#Add AAF namespace if the app is centralized
-auth_namespace={{ .Values.certInitializer.fqi_namespace }}
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties
deleted file mode 100644
index baefd98..0000000
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties
+++ /dev/null
@@ -1,49 +0,0 @@
-# Configure AAF
-aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095
-aaf_url=<%=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
-
-#aaf_url=https://DME2RESOLVE/service=com.att.authz.AuthorizationService/version=2.0/envContext=TEST/routeOffer=BAU_SE
-# AAF Environment Designation
-
-#if you are running aaf service from a docker image you have to use aaf service IP and port number
-aaf_id={{ .Values.certInitializer.fqi }}
-#Encrypt the password using AAF Jar
-aaf_password={{ .Values.certInitializer.aafDeployPass }}
-# Sample CADI Properties, from CADI 1.4.2
-#hostname=org.onap.aai.orr
-csp_domain=PROD
-# Add Absolute path to Keyfile
-cadi_keyfile={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.keyfile
-cadi_keystore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
-cadi_keystore_password=${KEYSTORE_PASSWORD}
-
-cadi_alias={{ .Values.certInitializer.fqi }}
-
-# This is required to accept Certificate Authentication from Certman certificates.
-# can be TEST, IST or PROD
-aaf_env=DEV
-
-# DEBUG prints off all the properties. Use to get started.
-cadi_loglevel=DEBUG
-
-# Add Absolute path to truststore2018.jks
-cadi_truststore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
-# Note: This is the ONLY password that doesn't have to be encrypted. All Java's TrustStores are this passcode by default, because they are public certs
-cadi_truststore_password=${TRUSTSTORE_PASSWORD}
-
-# how to turn on SSL Logging
-#javax.net.debug=ssl
-
-# Use "maps.bing.com" to get Lat and Long for an Address
-AFT_LATITUDE=32.780140
-AFT_LONGITUDE=-96.800451
-AFT_ENVIRONMENT=AFTUAT
-AFT_DME2_CLIENT_IGNORE_SSL_CONFIG=true
-DME2.DEBUG=true
-AFT_DME2_HTTP_EXCHANGE_TRACE_ON=true
-
-cadi_latitude=32.780140
-cadi_longitude=-96.800451
-
-aaf_root_ns=com.att.aaf
-aaf_api_version=2.0
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/keyFile b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/keyFile
deleted file mode 100644
index 921ce67..0000000
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/keyFile
+++ /dev/null
@@ -1,27 +0,0 @@
-77E_fh-8gTjeg8egAo-JgNkXYm1FGEBPMo44vKPgKyGCJj9Dn0xJqIBct2Ko35X4_HSU3wPq3I2q
-YHIvJCjmzXTVu2zvu4rIGTlwycTtLGDkgPyhOYFytv4GgazbpSs9331MPUeVVrdpkDCQmjtHSB4m
-DThhfEe2lkbZ35ljX3sVSf3JDy4ngRot0ktQwnnY4vxFdgVUl7LzVinXWgFLoqMyXmKh_bGw9aUH
-VMgqFsF_YmqLZY5ZARAraeywktvrU5kXYh5SnfXoJy7XIk0TBjHKqO-1mW-TcIgS3_v6GIGkZnpq
-e1FyE8cS21gTPFlc1KDoWUZE2yoEsQKJc4RFWfjid_mE6nckxym1TOsEn3G2_TlkZvliN_QMDB_c
-RuFLDB9HCChm4YYHpSn-RBqtJFz29bMTHQX8VNVfZ_Zhh-4dWOlEfpSzJvAqm_boo-8y8YDGIusx
-mvKyPXEKVCuBOljHaKhYg0d43nAXIFsssKpjmtQizA2L_TP1Mo_lDFIlCsPcRlHKTvzkTstEAhRj
-JnepzA--olBMwBkPxjm1Y5XQBGZH72i_o4Hr7_NqHb9sP486I2Nd1-owjHkhacGrLO1oORnuBUxp
-_SnaXYywe9tTz3BcfFupXSoDv4Sj7g9B53yPIWmjGggigidql3SNJsui6qOtwDHOejzEDFm23Lj7
-fXD6sb52U_ul9ahi4CoLTzpvMsPRYOqyRCk8K8FVBauZbG5D42oaFPn0S0rCSHOCU1TXbRdTF-Cs
-I2R0pEHNgb33yx6vtInaTSYIQ5cxa3XDA_50AQearV5SuYSlp8dK0BkpVCKgvSQdTn-2WiaV_hvO
-KzG7D2adT1kYY6TjYMXIaUiJ33y1XSNDG0s6r4NG5dNE6Jj7thdpnV-AAZoi0uZh1_bsHKLVmHRr
-NCXAc6DZm1D4N9y5lOJwUprUlJisZXLFTQThGMRY5dtiY_eK9Xjj4FQygXXhuhFXHz2-e4YApORv
-lXDcT29IZuuI1j26bxdNdhNr1wZsqqievBN6l6OQMiP21eIrxAUu1BEmiVOrfOzaEjxldDN2gFum
-4-zf9gsQT9UT8KEuOje64wVeHr09JpWuddV9HOAMvqc6mKTWmvUv_QiLgtK_b39QccMrOfOA1usM
-biRJ9wuTYIr584Q9CjHEcm5e2YufcbF-IDZ4IDui8gNXyYJuusTYdspeKzrtiLKfgI56ZWA3it9G
-SOkN18YyUmhk7HFkx9qEifb4UEbUQPb0dyXBRotf-91c5CPkct-36uV4sZBA_AR1tX3-aRKKB_SQ
-B0zaG-eaEdEqKv-ZYHqk23ZxiEsCX3ZdY7VSMWztE3_D5n8UgEl4et5LVfnjvU-arVVO93WUbXk0
-zi2QrOwytOZ0StAvFdF1nVwWllPg4EYcn8qLJIaaBRvLMlpHixtwRhltwJeMmJl3ExImOxNhVbhF
-6LxVXW6JK8JfMIwb_TE4EShDBjemq76BojQOwrO4OAyPG7B5iUtefdY-Zu1EtjXPhrUgljI_A1tg
-5_2WNjNTCT7Bvig3saFsIRi3cvgIcMAF2H7kJYw3UDvCFnx4LIom2u6vSeyatPxEOhRfpP0KvgEU
-koM9DFJW7VWQ11mB_DcU2NoYHdFKFy_cM62kIvoRwZTADGryEtkLSWEDT8MLpVrGXP2RjSZ3HHqC
-vVpVqQHC2VIqNKi2uHtYCiTEfj81Z0rCrnH3hYIRoOSe5W6m17xyb0RloG0G44uK0oNCfDYLwK0L
-TJaBdWSIBYI__ISsKx8o8r-3XLtbwQPPhv4-LpGwJYd7sIcqnpTYAyNGSrbEM4ECzHCH9Hwf9Duy
-cAQGWqXIbTV9i8ryw8OhcCZPTf3noPZyhzzdegiv6KNT-BBbxsgtDehtP-jvpd9eAhjlfUV_hoFJ
-rBUVMFrIOEDnnItVqBDmnavRdhn6N9ObVjVMv_4inhkvtpBCEVxtVQT2kFuBmZvPu_uHHbXi7_g8
-SVs3AjJ2ya3pZraK6gH3IOYoGtTAH3rKl7XdTMjqWnUCbhepuJqeEOF-DhpsEW7Oo0Lqzbjg
\ No newline at end of file
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/portal-authentication.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/portal-authentication.properties
deleted file mode 100644
index e1ddd32..0000000
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/portal-authentication.properties
+++ /dev/null
@@ -1,36 +0,0 @@
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#####################################################################################
-############################## Portal Auth Properties ##############################
-#####################################################################################
-
-############################## Auth ##############################
-*/}}
-username={{.Values.config.portalUsername}}
-password={{.Values.config.portalPassword}}
-
-{{/*
-############################## ##############################
-#
-# ONAP Cookie Processing - During initial development, this flag, if true, will
-# prevent the portal interface's login processing from searching for a user
-# specific cookie, and will instead allow passage if a valid session cookie is
-# discovered.
-*/}}
-onap_enabled={{.Values.config.portalOnapEnabled}}
-onap.user_id_cookie_name={{.Values.config.portalCookieName}}
-cookie_decryptor_classname={{.Values.config.cookieDecryptorClass}}
-app_roles={{.Values.config.portalAppRoles}}
diff --git a/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml b/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml
index fee07d8..7c958fa 100644
--- a/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml
@@ -27,29 +27,3 @@
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/application/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-portal
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/portal/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-portal-props
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/portal/BOOT-INF/classes/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
index 8f69600..3b14113 100644
--- a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
@@ -2,6 +2,7 @@
# Copyright (c) 2017 Amdocs, Bell Canada
# Modifications Copyright (c) 2018 AT&T
# Modifications Copyright (c) 2020 Nokia
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -47,36 +48,7 @@
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}
spec:
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- {{- if ( include "common.needTLS" .) }}
- - command:
- - sh
- args:
- - -c
- - |
- echo "*** retrieve Truststore and Keystore password"
- export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop \
- | xargs -0)
- if [ -z "$KEYSTORE_PASSWORD" ]
- then
- echo " /!\ certificates retrieval failed"
- exit 1
- fi
- echo "*** write them in portal part"
- cd /config-input
- for PFILE in `ls -1 .`
- do
- envsubst <${PFILE} >/config/${PFILE}
- done
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- - mountPath: /config-input
- name: portal-config-input
- - mountPath: /config
- name: portal-config
- image: {{ include "repositoryGenerator.image.envsubst" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
- {{- end }}
+ initContainers:
- command:
- /app/ready.py
args:
@@ -100,22 +72,12 @@
args:
- -c
- |
- echo "*** retrieve Truststore and Keystore password"
- export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop \
- | xargs -0)
echo "*** actual launch of AAI Sparky BE"
/opt/app/sparky/bin/start.sh
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+ volumeMounts:
- mountPath: /etc/localtime
name: localtime
readOnly: true
- - mountPath: /opt/app/sparky/config/auth/csp-cookie-filter.properties
- name: auth-config
- subPath: csp-cookie-filter.properties
- - mountPath: /opt/app/sparky/config/portal/
- name: portal-config
- - mountPath: /opt/app/sparky/config/portal/BOOT-INF/classes/
- name: portal-config-props
- mountPath: {{ .Values.log.path }}
name: logs
- mountPath: /opt/app/sparky/config/application.properties
@@ -153,13 +115,13 @@
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
+ port: {{ .Values.service.internalPlainPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
tcpSocket:
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
+ port: {{ .Values.service.internalPlainPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
resources: {{ include "common.resources" . | nindent 10 }}
@@ -175,27 +137,13 @@
# side car containers
{{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+ volumes:
- name: localtime
hostPath:
path: /etc/localtime
- name: config
configMap:
name: {{ include "common.fullname" . }}
- - name: portal-config
- {{- if .Values.global.aafEnabled }}
- emptyDir:
- medium: Memory
- - name: portal-config-input
- {{- end }}
- configMap:
- name: {{ include "common.fullname" . }}-portal
- - name: portal-config-props
- configMap:
- name: {{ include "common.fullname" . }}-portal-props
- - name: auth-config
- secret:
- secretName: {{ include "common.fullname" . }}
- name: logs
emptyDir: {}
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
diff --git a/kubernetes/aai/components/aai-sparky-be/templates/secret.yaml b/kubernetes/aai/components/aai-sparky-be/templates/secret.yaml
deleted file mode 100644
index d6013c8..0000000
--- a/kubernetes/aai/components/aai-sparky-be/templates/secret.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/config/auth/*").AsSecrets . | indent 2 }}
diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml
index 29953b4..0673dee 100644
--- a/kubernetes/aai/components/aai-sparky-be/values.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/values.yaml
@@ -1,5 +1,6 @@
# Copyright (c) 2018 Amdocs, Bell Canada, AT&T
# Modifications Copyright (c) 2020 Nokia, Orange
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -27,40 +28,6 @@
searchData:
serviceName: aai-search-data
-
-#################################################################
-# Certificate configuration
-#################################################################
-certInitializer:
- nameOverride: aai-sparky-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: "aai"
- app_ns: "org.osaaf.aaf"
- fqi_namespace: "org.onap.aai"
- fqi: "aai@aai.onap.org"
- public_fqdn: "aaf.osaaf.org"
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- credsPath: /opt/app/osaaf/local
- aaf_add_config: |
- echo "*** changing passwords into shell safe ones"
- export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- export TRUSTSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- cd {{ .Values.credsPath }}
- keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
- -storepass "${cadi_keystore_password_p12}" \
- -keystore {{ .Values.fqi_namespace }}.p12
- keytool -storepasswd -new "${TRUSTSTORE_PASSWORD}" \
- -storepass "${cadi_truststore_password}" \
- -keystore {{ .Values.fqi_namespace }}.trust.jks
- echo "*** save the generated passwords"
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
- echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> mycreds.prop
- echo "*** change ownership of certificates to targeted user"
- chown -R 1000 {{ .Values.credsPath }}
-
# application image
image: onap/sparky-be:2.0.3
pullPolicy: Always
@@ -78,7 +45,6 @@
portalPassword: OBF:1t2v1vfv1unz1vgz1t3b # aaiui
portalCookieName: UserId
portalAppRoles: ui_view
- cadiFileLocation: /opt/app/sparky/config/portal/cadi.properties
cookieDecryptorClass: org.onap.aai.sparky.security.BaseCookieDecryptor
# ONAP Cookie Processing - During initial development, the following flag, if true, will