From 7ef3ae01ee1011d3b39be5330c8e0899dbe95bd0 Mon Sep 17 00:00:00 2001 From: dliu5 Date: Fri, 21 Oct 2022 14:17:20 +0800 Subject: [PATCH] Add helm chart for ca and config files. Change-Id: I21deaced6047cdee2c4a74399c39cd046356a7be Signed-off-by: dliu5 --- charts/templates/application_config.yaml | 28 ++++++++++++++++ charts/templates/ca_config.yaml | 28 ++++++++++++++++ charts/templates/deployment.yaml | 24 ++++++++++++-- charts/templates/serverkey_config.yaml | 28 ++++++++++++++++ charts/values.yaml | 6 ++++ docs/installation-guide.rst | 57 ++++++++++++++++++++++++++++++-- 6 files changed, 166 insertions(+), 5 deletions(-) create mode 100644 charts/templates/application_config.yaml create mode 100644 charts/templates/ca_config.yaml create mode 100644 charts/templates/serverkey_config.yaml diff --git a/charts/templates/application_config.yaml b/charts/templates/application_config.yaml new file mode 100644 index 0000000..1381032 --- /dev/null +++ b/charts/templates/application_config.yaml @@ -0,0 +1,28 @@ +# Copyright (C) 2022 Wind River Systems, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-application-config + namespace: {{ .Values.global.namespace }} + labels: + release: {{ .Release.Name }} + app: {{ include "orano2.name" . }} + chart: {{ .Chart.Name }} +# ... +data: + config.json: | +{{ .Values.applicationconfig | indent 4 }} diff --git a/charts/templates/ca_config.yaml b/charts/templates/ca_config.yaml new file mode 100644 index 0000000..b8703d7 --- /dev/null +++ b/charts/templates/ca_config.yaml @@ -0,0 +1,28 @@ +# Copyright (C) 2022 Wind River Systems, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-caconfig + namespace: {{ .Values.global.namespace }} + labels: + release: {{ .Release.Name }} + app: {{ include "orano2.name" . }} + chart: {{ .Chart.Name }} +# ... +data: + config.json: | +{{ .Values.caconfig | indent 4 }} diff --git a/charts/templates/deployment.yaml b/charts/templates/deployment.yaml index 5d82063..d229f44 100644 --- a/charts/templates/deployment.yaml +++ b/charts/templates/deployment.yaml @@ -139,6 +139,18 @@ spec: mountPath: /opt - name: configs mountPath: /configs + - name: applicationconfig + mountPath: /configs/o2app.conf + subPath: config.json + readOnly: true + - name: caconfig + mountPath: /configs/ca.cert + subPath: config.json + readOnly: true + - name: serverkeyconfig + mountPath: /configs/server.key + subPath: config.json + readOnly: true - name: helmcli image: "{{ .Values.o2ims.image.repository }}:{{ .Values.o2ims.image.tag }}" ports: @@ -152,12 +164,20 @@ spec: volumeMounts: - name: scripts mountPath: /opt - - name: configs - mountPath: /configs volumes: - name: scripts configMap: name: {{ .Chart.Name }}-scripts-configmap - name: configs emptyDir: {} + - configMap: + name: {{ .Chart.Name }}-application-config + name: applicationconfig + - configMap: + name: {{ .Chart.Name }}-serverkeyconfig + name: serverkeyconfig + - configMap: + name: {{ .Chart.Name }}-caconfig + name: caconfig --- + diff --git a/charts/templates/serverkey_config.yaml b/charts/templates/serverkey_config.yaml new file mode 100644 index 0000000..1949ff5 --- /dev/null +++ b/charts/templates/serverkey_config.yaml @@ -0,0 +1,28 @@ +# Copyright (C) 2022 Wind River Systems, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-serverkeyconfig + namespace: {{ .Values.global.namespace }} + labels: + release: {{ .Release.Name }} + app: {{ include "orano2.name" . }} + chart: {{ .Chart.Name }} +# ... +data: + config.json: | +{{ .Values.serverkeyconfig | indent 4 }} diff --git a/charts/values.yaml b/charts/values.yaml index 0771680..bb31c34 100644 --- a/charts/values.yaml +++ b/charts/values.yaml @@ -22,6 +22,12 @@ replicaCount: 1 nameOverride: "" fullnameOverride: "" +applicationconfig: + +caconfig: + +serverkeyconfig: + resources: cpu: 1 memory: 2Gi diff --git a/docs/installation-guide.rst b/docs/installation-guide.rst index 9b63c7c..7c19274 100644 --- a/docs/installation-guide.rst +++ b/docs/installation-guide.rst @@ -181,6 +181,57 @@ The following instruction should be done outside of INF platform controller host #export the smo account token data export SMO_TOKEN_DATA=$(kubectl -n default describe secret $(kubectl -n default get secret | grep ${SMO_SERVICEACCOUNT} | awk '{print $1}') | grep "token:" | awk '{print $2}') + #prepare the application config file + cat <app.conf + [DEFAULT] + + ocloud_global_id = 4e24b97c-8c49-4c4f-b53e-3de5235a4e37 + smo_register_url = http://127.0.0.1:8090/register + smo_token_data = ${SMO_TOKEN_DATA} + + [API] + test = "hello" + + [WATCHER] + + [PUBSUB] + + EOF + + #prepare the ssl cert files or generate with below command. + + PARENT="imsserver" + openssl req \ + -x509 \ + -newkey rsa:4096 \ + -sha256 \ + -days 365 \ + -nodes \ + -keyout $PARENT.key \ + -out $PARENT.crt \ + -subj "/CN=${PARENT}" \ + -extensions v3_ca \ + -extensions v3_req \ + -config <( \ + echo '[req]'; \ + echo 'default_bits= 4096'; \ + echo 'distinguished_name=req'; \ + echo 'x509_extension = v3_ca'; \ + echo 'req_extensions = v3_req'; \ + echo '[v3_req]'; \ + echo 'basicConstraints = CA:FALSE'; \ + echo 'keyUsage = nonRepudiation, digitalSignature, keyEncipherment'; \ + echo 'subjectAltName = @alt_names'; \ + echo '[ alt_names ]'; \ + echo "DNS.1 = www.${PARENT}"; \ + echo "DNS.2 = ${PARENT}"; \ + echo '[ v3_ca ]'; \ + echo 'subjectKeyIdentifier=hash'; \ + echo 'authorityKeyIdentifier=keyid:always,issuer'; \ + echo 'basicConstraints = critical, CA:TRUE, pathlen:0'; \ + echo 'keyUsage = critical, cRLSign, keyCertSign'; \ + echo 'extendedKeyUsage = serverAuth, clientAuth') + cat <o2service-override.yaml o2ims: imagePullSecrets: admin-orano2-registry-secret @@ -205,7 +256,7 @@ The following instruction should be done outside of INF platform controller host .. code:: shell - helm install o2service o2/charts/ -f o2service-override.yaml + helm install o2service o2/charts --set-file caconfig="./imsserver.cert" --set-file applicationconfig="./app.conf" --set-file serverkeyconfig="./imsserver.key" -f o2service-override.yaml helm list |grep o2service kubectl -n ${NAMESPACE} get pods |grep o2api kubectl -n ${NAMESPACE} get services |grep o2api @@ -219,11 +270,11 @@ The following instruction should be done outside of INF platform controller host curl -k http(s)://:30205/o2ims_infrastructureInventory/v1/ -2.5 INF O2 Service API Swagger +2.5 INF O2 Service API Swagger ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - Swagger UI can be found with URL: http(s)://:30205 - + 3. Register INF O2 Service to SMO --------------------------------- -- 2.16.6