X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fcommon%2FcertManagerCertificate%2Ftemplates%2F_certificate.tpl;h=6fc667429ec93bdeed1bb58f3d5a650b16f3e666;hb=9b00b56b7787992a15df2a11006828ca5a8f7046;hp=108873b31d9e2999479dd8d9d2b8d42d7f4a6933;hpb=c1c900ea0cb6ae9d6991a17c82bcffeac2640f30;p=oom.git

diff --git a/kubernetes/common/certManagerCertificate/templates/_certificate.tpl b/kubernetes/common/certManagerCertificate/templates/_certificate.tpl
index 108873b31d..6fc667429e 100644
--- a/kubernetes/common/certManagerCertificate/templates/_certificate.tpl
+++ b/kubernetes/common/certManagerCertificate/templates/_certificate.tpl
@@ -189,6 +189,8 @@ spec:
 {{ end }}
 {{- end -}}
 
+{{/*Using templates below allows read and write access to volume mounted at $mountPath*/}}
+
 {{- define "common.certManager.volumeMounts" -}}
 {{- $dot := default . .dot -}}
 {{- $initRoot := default $dot.Values.certManagerCertificate .initRoot -}}
@@ -248,4 +250,49 @@ spec:
     {{- $certsLinkCommand = (printf "ln -s %s %s; %s" $sourcePath $destnationPath $certsLinkCommand) -}}
   {{- end -}}
 {{ $certsLinkCommand }}
-{{- end -}}
\ No newline at end of file
+{{- end -}}
+
+{{/*Using templates below allows only read access to volume mounted at $mountPath*/}}
+
+{{- define "common.certManager.volumeMountsReadOnly" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.certManagerCertificate .initRoot -}}
+{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
+  {{- range $i, $certificate := $dot.Values.certificates -}}
+    {{- $mountPath := $certificate.mountPath -}}
+- mountPath: {{ $mountPath }}
+  name: certmanager-certs-volume-{{ $i }}
+   {{- end -}}
+{{- end -}}
+
+{{- define "common.certManager.volumesReadOnly" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.certManagerCertificate .initRoot -}}
+{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
+{{- $certificates := $dot.Values.certificates -}}
+  {{- range $i, $certificate := $certificates -}}
+    {{- $name := include "common.fullname" $dot -}}
+    {{- $certificatesSecretName := default (printf "%s-secret-%d" $name $i) $certificate.secretName -}}
+- name: certmanager-certs-volume-{{ $i }}
+  projected:
+    sources:
+    - secret:
+        name: {{ $certificatesSecretName }}
+    {{- if $certificate.keystore }}
+        items:
+        {{- range $outputType := $certificate.keystore.outputType }}
+          - key: keystore.{{ $outputType }}
+            path: keystore.{{ $outputType }}
+          - key: truststore.{{ $outputType }}
+            path: truststore.{{ $outputType }}
+        {{- end }}
+    - secret:
+        name: {{ $certificate.keystore.passwordSecretRef.name }}
+        items:
+          - key: {{ $certificate.keystore.passwordSecretRef.key }}
+            path: keystore.pass
+          - key: {{ $certificate.keystore.passwordSecretRef.key }}
+            path: truststore.pass
+     {{- end }}
+  {{- end -}}
+{{- end -}}