[SDC] use of certInitializer template

[oom.git] / kubernetes / sdc / components / sdc-onboarding-be / templates / deployment.yaml

diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml
similarity index 79%
rename from kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml
rename to kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml
index f2baa1f..6f1e2a9 100644 (file)
--- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml
+++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml
@@ -34,7 +34,7 @@ spec:
         app: {{ include "common.name" . }}
         release: {{ include "common.release" . }}
     spec:
-      initContainers:
+      initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
       - name: {{ include "common.name" . }}-job-completion
         image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
         imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
@@ -49,43 +49,33 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
+      {{- if .Values.global.aafEnabled }}
       - name: {{ include "common.name" . }}-update-config
         image: "{{ .Values.global.envsubstImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command:
-          - sh
+        - sh
         args:
-          - -c
-          - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config-output/${PFILE}; chmod 0755 /config-output/${PFILE}; done"
-        env:
-          - name: KEYSTORE_PASS
-            valueFrom:
-              secretKeyRef:
-                name: {{ include "common.release" . }}-sdc-cs-secrets
-                key: keystore_password
-          - name: TRUSTSTORE_PASS
-            valueFrom:
-              secretKeyRef:
-                name: {{ include "common.release" . }}-sdc-cs-secrets
-                key: truststore_password
-        volumeMounts:
+        - "-c"
+        - |
+          export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+          export KEYSTORE_PASS=$cadi_keystore_password_p12
+          export KEYMANAGER_PASS=$cadi_keystore_password_p12
+          export TRUSTSTORE_PASS=$cadi_truststore_password
+          cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output
+          cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output
+          cd /config-input && \
+          for PFILE in `find . -not -type d | grep -v -F ..`
+          do
+            envsubst <${PFILE} >/config-output/${PFILE}
+            chmod 0755 /config-output/${PFILE}
+          done
+        volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
           - name: {{ include "common.fullname" . }}-environments
             mountPath: /config-input/
           - name: sdc-environments-output
             mountPath: /config-output/
-      - name: volume-permissions
-        image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        command:
-          - /bin/sh
-          - -c
-          - |
-            chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //onboard/cert
-        securityContext:
-          runAsUser: 0
-        volumeMounts:
-          - name: {{ include "common.fullname" . }}-cert-storage
-            mountPath: "/onboard/cert"
+      {{- end }}
       containers:
         - name: {{ include "common.name" . }}
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -113,11 +103,11 @@ spec:
 {{ include "common.resources" . | indent 12 }}
           env:
           - name: ENVNAME
-            value: {{ .Values.global.env.name }}
+            value: {{ .Values.env.name }}
           - name: JAVA_OPTIONS
             value: {{ .Values.config.javaOptions }}
           - name: SDC_CLUSTER_NAME
-            value: "SDC-CS-{{ .Values.global.env.name }}"
+            value: "SDC-CS-{{ .Values.env.name }}"
           - name: cassandra_ssl_enabled
             value: {{ .Values.config.cassandraSslEnabled | quote }}
           - name: HOST_IP
@@ -135,10 +125,10 @@ spec:
           volumeMounts:
           - name: sdc-environments-output
             mountPath: /var/lib/jetty/chef-solo/environments/
-          - name: sdc-cert
+          - name: sdc-environments-output
             mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.p12
             subPath: org.onap.sdc.p12
-          - name: sdc-cert
+          - name: sdc-environments-output
             mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.trust.jks
             subPath: org.onap.sdc.trust.jks
           - name: {{ include "common.fullname" . }}-localtime
@@ -149,8 +139,6 @@ spec:
           - name: {{ include "common.fullname" . }}-logback
             mountPath: /tmp/logback.xml
             subPath: logback.xml
-          - name: {{ include "common.fullname" . }}-cert-storage
-            mountPath: "{{ .Values.cert.certDir }}"
           lifecycle:
             postStart:
               exec:
@@ -167,13 +155,10 @@ spec:
             mountPath: /var/log/onap
           - name: {{ include "common.fullname" . }}-data-filebeat
             mountPath: /usr/share/filebeat/data
-      volumes:
+      volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
       - name: {{ include "common.fullname" . }}-localtime
         hostPath:
           path: /etc/localtime
-      - name: sdc-cert
-        secret:
-          secretName: sdc-cert
       - name: {{ include "common.fullname" . }}-filebeat-conf
         configMap:
           name: {{ include "common.release" . }}-sdc-filebeat-configmap
@@ -190,8 +175,5 @@ spec:
         emptyDir: { medium: "Memory" }
       - name:  {{ include "common.fullname" . }}-logs
         emptyDir: {}
-      - name:  {{ include "common.fullname" . }}-cert-storage
-        persistentVolumeClaim:
-          claimName: {{ include "common.fullname" . }}-cert
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"