X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fcommon%2FcertInitializer%2Ftemplates%2F_certInitializer.yaml;h=b1e85c00ccf4d277f066def68309cc81a955fbeb;hb=7b95dc024985bb6f23e788ceb1561743b1baf698;hp=800364f1a281f4d79c622d534081511b3d075604;hpb=b6924c02a31a59d2eb70358581381a1d73d71eb1;p=oom.git diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml index 800364f1a2..b1e85c00cc 100644 --- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml +++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2020 Bell Canada, Samsung Electronics +# Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -44,7 +45,7 @@ {{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }} {{ include "common.readinessCheck.waitFor" $subchartDot }} - name: {{ include "common.name" $dot }}-aaf-config - image: {{ include "common.repository" $subchartDot }}/{{ $subchartDot.Values.global.aafAgentImage }} + image: {{ include "repositoryGenerator.repository" $subchartDot }}/{{ $subchartDot.Values.global.aafAgentImage }} imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }} volumeMounts: - mountPath: {{ $initRoot.mountPath }} @@ -55,6 +56,14 @@ - mountPath: /opt/app/aaf_config/cert/truststoreONAP.p12.b64 name: aaf-agent-certs subPath: truststoreONAP.p12.b64 + - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }} + mountPath: /opt/app/aaf_config/bin/retrieval_check.sh + subPath: retrieval_check.sh +{{- if hasKey $initRoot "ingressTlsSecret" }} + - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }} + mountPath: /opt/app/aaf_config/bin/tls_certs_configure.sh + subPath: tls_certs_configure.sh +{{- end }} {{- if $initRoot.aaf_add_config }} - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }} mountPath: /opt/app/aaf_config/bin/aaf-add-config.sh @@ -64,20 +73,30 @@ - sh - -c - | - #!/usr/bin/env bash /opt/app/aaf_config/bin/agent.sh + . /opt/app/aaf_config/bin/retrieval_check.sh +{{- if hasKey $initRoot "ingressTlsSecret" }} + /opt/app/aaf_config/bin/tls_certs_configure.sh +{{- end -}} {{- if $initRoot.aaf_add_config }} /opt/app/aaf_config/bin/aaf-add-config.sh {{- end }} env: - name: APP_FQI value: "{{ $initRoot.fqi }}" + {{- if $initRoot.aaf_namespace }} - name: aaf_locate_url - value: "https://aaf-locate.{{ $dot.Release.Namespace}}:8095" - - name: aaf_locator_container - value: "oom" + value: "https://aaf-locate.{{ $initRoot.aaf_namespace }}:8095" + - name: aaf_locator_container_ns + value: "{{ $initRoot.aaf_namespace }}" + {{- else }} + - name: aaf_locate_url + value: "https://aaf-locate.{{ $dot.Release.Namespace }}:8095" - name: aaf_locator_container_ns value: "{{ $dot.Release.Namespace }}" + {{- end }} + - name: aaf_locator_container + value: "oom" - name: aaf_locator_fqdn value: "{{ $initRoot.fqdn }}" - name: aaf_locator_app_ns @@ -116,12 +135,12 @@ {{- $initRoot := default $dot.Values.certInitializer .initRoot -}} {{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }} - name: {{ include "common.name" $dot }}-import-custom-certs - image: {{ $subchartDot.Values.global.jreImage }} + image: {{ include "repositoryGenerator.image.jre" $subchartDot }} imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }} securityContext: runAsUser: 0 command: - - /bin/bash + - /bin/sh - -c - /root/import-custom-certs.sh env: @@ -134,6 +153,8 @@ volumeMounts: - mountPath: /certs name: aaf-agent-certs + - mountPath: /more_certs + name: provided-custom-certs - mountPath: /root/import-custom-certs.sh name: aaf-agent-certs subPath: import-custom-certs.sh @@ -160,13 +181,16 @@ - mountPath: {{ $initRoot.truststoreMountpath }}/{{ $initRoot.truststoreOutputFileName }} name: updated-truststore subPath: {{ $initRoot.truststoreOutputFileName }} +- mountPath: /etc/ssl/certs/ca-certificates.crt + name: updated-truststore + subPath: ca-certificates.crt {{- end -}} {{- end -}} {{- define "common.certInitializer._volumes" -}} {{- $dot := default . .dot -}} {{- $initRoot := default $dot.Values.certInitializer .initRoot -}} -{{- $subchartDot := mergeOverwrite (deepCopy (omit $dot "Values")) (dict "Chart" (set (fromJson (toJson $dot.Chart)) "Name" $initRoot.nameOverride) "Values" (mergeOverwrite (deepCopy $initRoot) (dict "global" $dot.Values.global))) }} +{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot))}} - name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }} emptyDir: medium: Memory @@ -174,13 +198,25 @@ configMap: name: {{ tpl $subchartDot.Values.certsCMName $subchartDot }} defaultMode: 0700 - -{{- if $initRoot.aaf_add_config }} +{{- if $dot.Values.global.importCustomCertsEnabled }} +- name: provided-custom-certs +{{- if $dot.Values.global.customCertsSecret }} + secret: + secretName: {{ $dot.Values.global.customCertsSecret }} +{{- else }} +{{- if $dot.Values.global.customCertsConfigMap }} + configMap: + name: {{ $dot.Values.global.customCertsConfigMap }} +{{- else }} + emptyDir: + medium: Memory +{{- end }} +{{- end }} +{{- end }} - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }} configMap: name: {{ include "common.fullname" $subchartDot }}-add-config defaultMode: 0700 -{{- end -}} {{- if $dot.Values.global.importCustomCertsEnabled }} - name: updated-truststore emptyDir: {}