{{/*
# Copyright © 2020 Bell Canada, Samsung Electronics
+# Copyright © 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
{{ include "common.readinessCheck.waitFor" $subchartDot }}
- name: {{ include "common.name" $dot }}-aaf-config
- image: {{ include "common.repository" $subchartDot }}/{{ $subchartDot.Values.global.aafAgentImage }}
+ image: {{ include "repositoryGenerator.repository" $subchartDot }}/{{ $subchartDot.Values.global.aafAgentImage }}
imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }}
+ securityContext:
+ runAsUser: 0
volumeMounts:
- mountPath: {{ $initRoot.mountPath }}
name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }}
- mountPath: /opt/app/aaf_config/cert/truststoreONAP.p12.b64
name: aaf-agent-certs
subPath: truststoreONAP.p12.b64
+ - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }}
+ mountPath: /opt/app/aaf_config/bin/retrieval_check.sh
+ subPath: retrieval_check.sh
+{{- if hasKey $initRoot "ingressTlsSecret" }}
+ - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }}
+ mountPath: /opt/app/aaf_config/bin/tls_certs_configure.sh
+ subPath: tls_certs_configure.sh
+{{- end }}
{{- if $initRoot.aaf_add_config }}
- name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }}
mountPath: /opt/app/aaf_config/bin/aaf-add-config.sh
- sh
- -c
- |
- #!/usr/bin/env bash
/opt/app/aaf_config/bin/agent.sh
+ . /opt/app/aaf_config/bin/retrieval_check.sh
+{{- if hasKey $initRoot "ingressTlsSecret" }}
+ /opt/app/aaf_config/bin/tls_certs_configure.sh
+{{- end -}}
{{- if $initRoot.aaf_add_config }}
/opt/app/aaf_config/bin/aaf-add-config.sh
{{- end }}
env:
- name: APP_FQI
value: "{{ $initRoot.fqi }}"
+ {{- if $initRoot.aaf_namespace }}
- name: aaf_locate_url
- value: "https://aaf-locate.{{ $dot.Release.Namespace}}:8095"
- - name: aaf_locator_container
- value: "oom"
+ value: "https://aaf-locate.{{ $initRoot.aaf_namespace }}:8095"
+ - name: aaf_locator_container_ns
+ value: "{{ $initRoot.aaf_namespace }}"
+ {{- else }}
+ - name: aaf_locate_url
+ value: "https://aaf-locate.{{ $dot.Release.Namespace }}:8095"
- name: aaf_locator_container_ns
value: "{{ $dot.Release.Namespace }}"
+ {{- end }}
+ - name: aaf_locator_container
+ value: "oom"
- name: aaf_locator_fqdn
value: "{{ $initRoot.fqdn }}"
- name: aaf_locator_app_ns
{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
- name: {{ include "common.name" $dot }}-import-custom-certs
- image: {{ $subchartDot.Values.global.jreImage }}
+ image: {{ include "repositoryGenerator.image.jre" $subchartDot }}
imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }}
securityContext:
runAsUser: 0
command:
- - /bin/bash
+ - /bin/sh
- -c
- /root/import-custom-certs.sh
env:
volumeMounts:
- mountPath: /certs
name: aaf-agent-certs
+ - mountPath: /more_certs
+ name: provided-custom-certs
- mountPath: /root/import-custom-certs.sh
name: aaf-agent-certs
subPath: import-custom-certs.sh
{{- define "common.certInitializer._volumeMount" -}}
{{- $dot := default . .dot -}}
{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
-- mountPath: {{ $initRoot.mountPath }}
+- mountPath: {{ $initRoot.appMountPath }}
name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }}
{{- end -}}
- mountPath: {{ $initRoot.truststoreMountpath }}/{{ $initRoot.truststoreOutputFileName }}
name: updated-truststore
subPath: {{ $initRoot.truststoreOutputFileName }}
+- mountPath: /etc/ssl/certs/ca-certificates.crt
+ name: updated-truststore
+ subPath: ca-certificates.crt
{{- end -}}
{{- end -}}
{{- define "common.certInitializer._volumes" -}}
{{- $dot := default . .dot -}}
{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
-{{- $subchartDot := mergeOverwrite (deepCopy (omit $dot "Values")) (dict "Chart" (set (fromJson (toJson $dot.Chart)) "Name" $initRoot.nameOverride) "Values" (mergeOverwrite (deepCopy $initRoot) (dict "global" $dot.Values.global))) }}
+{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot))}}
- name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }}
emptyDir:
medium: Memory
- name: aaf-agent-certs
configMap:
- name: {{ include "common.fullname" $subchartDot }}-certs
+ name: {{ tpl $subchartDot.Values.certsCMName $subchartDot }}
defaultMode: 0700
-
-{{- if $initRoot.aaf_add_config }}
+{{- if $dot.Values.global.importCustomCertsEnabled }}
+- name: provided-custom-certs
+{{- if $dot.Values.global.customCertsSecret }}
+ secret:
+ secretName: {{ $dot.Values.global.customCertsSecret }}
+{{- else }}
+{{- if $dot.Values.global.customCertsConfigMap }}
+ configMap:
+ name: {{ $dot.Values.global.customCertsConfigMap }}
+{{- else }}
+ emptyDir:
+ medium: Memory
+{{- end }}
+{{- end }}
+{{- end }}
- name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }}
configMap:
name: {{ include "common.fullname" $subchartDot }}-add-config
defaultMode: 0700
-{{- end -}}
{{- if $dot.Values.global.importCustomCertsEnabled }}
- name: updated-truststore
emptyDir: {}