# ================================================================================
# Copyright (c) 2021 J. F. Lucas. All rights reserved.
# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2021 Nokia. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
{{- end }}
{{- end -}}
{{/*
+ For internal use only!
+
+ dcaegen2-services-common._externalVolumes:
+ This template generates a list of volumes associated with the pod,
+ based on information provided in .Values.externalVolumes. This
+ template works in conjunction with dcaegen2-services-common._externalVolumeMounts
+ to give the microservice access to data in volumes created else.
+ This initial implementation supports ConfigMaps only, as this is the only
+ external volume mounting required by current microservices.
+
+ .Values.externalValues is a list of objects. Each object has 3 required fields and 1 optional field:
+ - name: the name of the resource (in the current implementation, it must be a ConfigMap)
+ that is to be set up as a volume. The value is a case sensitive string. Because the
+ names of resources are sometimes set at deployment time (for instance, to prefix the Helm
+ release to the name), the string can be a Helm template fragment that will be expanded at
+ deployment time.
+ - type: the type of the resource (in the current implementation, only "ConfigMap" is supported).
+ The value is a case-INsensitive string.
+ - mountPoint: the path to the mount point for the volume in the container file system. The
+ value is a case-sensitive string.
+ - readOnly: (Optional) Boolean flag. Set to true to mount the volume as read-only.
+ Defaults to false.
+
+ Here is an example fragment from a values.yaml file for a microservice:
+
+ externalVolumes:
+ - name: my-example-configmap
+ type: configmap
+ mountPath: /opt/app/config
+ - name: '{{ include "common.release" . }}-another-example'
+ type: configmap
+ mountPath: /opt/app/otherconfig
+ */}}
+ {{- define "dcaegen2-services-common._externalVolumes" -}}
+ {{- $global := . -}}
+ {{- if .Values.externalVolumes }}
+ {{- range $vol := .Values.externalVolumes }}
+ {{- if eq (lower $vol.type) "configmap" }}
+ {{- $vname := (tpl $vol.name $global) }}
+ - configMap:
+ defaultMode: 420
+ name: {{ $vname }}
+ name: {{ $vname }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{/*
+ For internal use only!
+
+ dcaegen2-services-common._externalVolumeMounts:
+ This template generates a list of volume mounts for the microservice container,
+ based on information provided in .Values.externalVolumes. This
+ template works in conjunction with dcaegen2-services-common._externalVolumes
+ to give the microservice access to data in volumes created else.
+ This initial implementation supports ConfigMaps only, as this is the only
+ external volume mounting required by current microservices.
+
+ See the documentation for dcaegen2-services-common._externalVolumes for
+ details on how external volumes are specified in the values.yaml file for
+ the microservice.
+ */}}
+ {{- define "dcaegen2-services-common._externalVolumeMounts" -}}
+ {{- $global := . -}}
+ {{- if .Values.externalVolumes }}
+ {{- range $vol := .Values.externalVolumes }}
+ {{- if eq (lower $vol.type) "configmap" }}
+ {{- $vname := (tpl $vol.name $global) -}}
+ {{- $readOnly := $vol.readOnly | default false }}
+ - mountPath: {{ $vol.mountPath }}
+ name: {{ $vname }}
+ readOnly: {{ $readOnly }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{/*
dcaegen2-services-common.microserviceDeployment:
This template produces a Kubernetes Deployment for a DCAE microservice.
- mountPath: /opt/app/osaaf
name: tls-info
{{- end }}
+ {{ include "dcaegen2-services-common._certPostProcessor" . | nindent 4 }}
containers:
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
{{- if $certDir }}
- name: DCAE_CA_CERTPATH
- value: {{ $certDir}}/cacert.pem
+ value: {{ $certDir }}/cacert.pem
{{- end }}
- name: CONSUL_HOST
value: consul-server.onap
{{- if $certDir }}
- mountPath: {{ $certDir }}
name: tls-info
+ {{- if and .Values.certificates .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration -}}
+ {{- include "common.certManager.volumeMountsReadOnly" . | nindent 8 -}}
+ {{- end -}}
{{- end }}
{{- if $policy }}
- name: policy-shared
mountPath: /etc/policies
{{- end }}
+ {{- include "dcaegen2-services-common._externalVolumeMounts" . | nindent 8 }}
{{- if $logDir }}
- image: {{ include "repositoryGenerator.image.logging" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
{{- if $certDir }}
- emptyDir: {}
name: tls-info
+ {{ if and .Values.certificates .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration -}}
+ {{ include "common.certManager.volumesReadOnly" . | nindent 6 }}
+ {{- end }}
{{- end }}
{{- if $policy }}
- name: policy-shared
emptyDir: {}
{{- end }}
+ {{- include "dcaegen2-services-common._externalVolumes" . | nindent 6 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
{{ end -}}
+
+{{/*
+ For internal use
+
+ Template to attach CertPostProcessor which merges CMPv2 truststore with AAF truststore
+ and swaps keystore files.
+*/}}
+{{- define "dcaegen2-services-common._certPostProcessor" -}}
+ {{- $certDir := default "" .Values.certDirectory . -}}
+ {{- if and $certDir .Values.certificates .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration -}}
+ {{- $cmpv2Certificate := (index .Values.certificates 0) -}}
+ {{- $cmpv2CertificateDir := $cmpv2Certificate.mountPath -}}
+ {{- $certType := "pem" -}}
+ {{- if $cmpv2Certificate.keystore -}}
+ {{- $certType = (index $cmpv2Certificate.keystore.outputType 0) -}}
+ {{- end -}}
+ {{- $truststoresPaths := printf "%s/%s:%s/%s" $certDir "cacert.pem" $cmpv2CertificateDir "cacert.pem" -}}
+ {{- $truststoresPasswordPaths := ":" -}}
+ {{- $keystoreSourcePaths := printf "%s/%s:%s/%s" $cmpv2CertificateDir "cert.pem" $cmpv2CertificateDir "key.pem" -}}
+ {{- $keystoreDestinationPaths := printf "%s/%s:%s/%s" $certDir "cert.pem" $certDir "key.pem" -}}
+ {{- if not (eq $certType "pem") -}}
+ {{- $truststoresPaths = printf "%s/%s:%s/%s.%s" $certDir "trust.jks" $cmpv2CertificateDir "truststore" $certType -}}
+ {{- $truststoresPasswordPaths = printf "%s/%s:%s/%s" $certDir "trust.pass" $cmpv2CertificateDir "truststore.pass" -}}
+ {{- $keystoreSourcePaths = printf "%s/%s.%s:%s/%s" $cmpv2CertificateDir "keystore" $certType $cmpv2CertificateDir "keystore.pass" -}}
+ {{- $keystoreDestinationPaths = printf "%s/%s.%s:%s/%s.pass" $certDir "cert" $certType $certDir $certType -}}
+ {{- end }}
+ - name: cert-post-processor
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.certPostProcessorImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ resources:
+ {{- include "common.resources" . | nindent 4 }}
+ volumeMounts:
+ - mountPath: {{ $certDir }}
+ name: tls-info
+ {{- include "common.certManager.volumeMountsReadOnly" . | nindent 4 }}
+ env:
+ - name: TRUSTSTORES_PATHS
+ value: {{ $truststoresPaths | quote}}
+ - name: TRUSTSTORES_PASSWORDS_PATHS
+ value: {{ $truststoresPasswordPaths | quote }}
+ - name: KEYSTORE_SOURCE_PATHS
+ value: {{ $keystoreSourcePaths | quote }}
+ - name: KEYSTORE_DESTINATION_PATHS
+ value: {{ $keystoreDestinationPaths | quote }}
+ {{- end }}
+{{- end -}}