Code Review
/
oom.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
Merge "[COMMON][SA] Add default role creation to ServiceAccount"
[oom.git]
/
kubernetes
/
common
/
certInitializer
/
templates
/
_certInitializer.yaml
diff --git
a/kubernetes/common/certInitializer/templates/_certInitializer.yaml
b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
index
3b165a4
..
1312d98
100644
(file)
--- a/
kubernetes/common/certInitializer/templates/_certInitializer.yaml
+++ b/
kubernetes/common/certInitializer/templates/_certInitializer.yaml
@@
-1,5
+1,6
@@
{{/*
# Copyright © 2020 Bell Canada, Samsung Electronics
{{/*
# Copyright © 2020 Bell Canada, Samsung Electronics
+# Copyright © 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@
-46,6
+47,8
@@
- name: {{ include "common.name" $dot }}-aaf-config
image: {{ include "repositoryGenerator.repository" $subchartDot }}/{{ $subchartDot.Values.global.aafAgentImage }}
imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }}
- name: {{ include "common.name" $dot }}-aaf-config
image: {{ include "repositoryGenerator.repository" $subchartDot }}/{{ $subchartDot.Values.global.aafAgentImage }}
imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }}
+ securityContext:
+ runAsUser: 0
volumeMounts:
- mountPath: {{ $initRoot.mountPath }}
name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }}
volumeMounts:
- mountPath: {{ $initRoot.mountPath }}
name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }}
@@
-58,6
+61,11
@@
- name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }}
mountPath: /opt/app/aaf_config/bin/retrieval_check.sh
subPath: retrieval_check.sh
- name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }}
mountPath: /opt/app/aaf_config/bin/retrieval_check.sh
subPath: retrieval_check.sh
+{{- if hasKey $initRoot "ingressTlsSecret" }}
+ - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }}
+ mountPath: /opt/app/aaf_config/bin/tls_certs_configure.sh
+ subPath: tls_certs_configure.sh
+{{- end }}
{{- if $initRoot.aaf_add_config }}
- name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }}
mountPath: /opt/app/aaf_config/bin/aaf-add-config.sh
{{- if $initRoot.aaf_add_config }}
- name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }}
mountPath: /opt/app/aaf_config/bin/aaf-add-config.sh
@@
-69,18
+77,28
@@
- |
/opt/app/aaf_config/bin/agent.sh
. /opt/app/aaf_config/bin/retrieval_check.sh
- |
/opt/app/aaf_config/bin/agent.sh
. /opt/app/aaf_config/bin/retrieval_check.sh
+{{- if hasKey $initRoot "ingressTlsSecret" }}
+ /opt/app/aaf_config/bin/tls_certs_configure.sh
+{{- end -}}
{{- if $initRoot.aaf_add_config }}
/opt/app/aaf_config/bin/aaf-add-config.sh
{{- end }}
env:
- name: APP_FQI
value: "{{ $initRoot.fqi }}"
{{- if $initRoot.aaf_add_config }}
/opt/app/aaf_config/bin/aaf-add-config.sh
{{- end }}
env:
- name: APP_FQI
value: "{{ $initRoot.fqi }}"
+ {{- if $initRoot.aaf_namespace }}
- name: aaf_locate_url
- name: aaf_locate_url
- value: "https://aaf-locate.{{ $dot.Release.Namespace}}:8095"
- - name: aaf_locator_container
- value: "oom"
+ value: "https://aaf-locate.{{ $initRoot.aaf_namespace }}:8095"
+ - name: aaf_locator_container_ns
+ value: "{{ $initRoot.aaf_namespace }}"
+ {{- else }}
+ - name: aaf_locate_url
+ value: "https://aaf-locate.{{ $dot.Release.Namespace }}:8095"
- name: aaf_locator_container_ns
value: "{{ $dot.Release.Namespace }}"
- name: aaf_locator_container_ns
value: "{{ $dot.Release.Namespace }}"
+ {{- end }}
+ - name: aaf_locator_container
+ value: "oom"
- name: aaf_locator_fqdn
value: "{{ $initRoot.fqdn }}"
- name: aaf_locator_app_ns
- name: aaf_locator_fqdn
value: "{{ $initRoot.fqdn }}"
- name: aaf_locator_app_ns
@@
-165,13
+183,16
@@
- mountPath: {{ $initRoot.truststoreMountpath }}/{{ $initRoot.truststoreOutputFileName }}
name: updated-truststore
subPath: {{ $initRoot.truststoreOutputFileName }}
- mountPath: {{ $initRoot.truststoreMountpath }}/{{ $initRoot.truststoreOutputFileName }}
name: updated-truststore
subPath: {{ $initRoot.truststoreOutputFileName }}
+- mountPath: /etc/ssl/certs/ca-certificates.crt
+ name: updated-truststore
+ subPath: ca-certificates.crt
{{- end -}}
{{- end -}}
{{- define "common.certInitializer._volumes" -}}
{{- $dot := default . .dot -}}
{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
{{- end -}}
{{- end -}}
{{- define "common.certInitializer._volumes" -}}
{{- $dot := default . .dot -}}
{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
-{{- $subchartDot :=
mergeOverwrite (deepCopy (omit $dot "Values")) (dict "Chart" (set (fromJson (toJson $dot.Chart)) "Name" $initRoot.nameOverride) "Values" (mergeOverwrite (deepCopy $initRoot) (dict "global" $dot.Values.global)))
}}
+{{- $subchartDot :=
fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot))
}}
- name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }}
emptyDir:
medium: Memory
- name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }}
emptyDir:
medium: Memory