From: Radoslaw Chmiel <r.chmiel@partner.samsung.com>
Date: Thu, 2 Jun 2022 17:23:26 +0000 (+0200)
Subject: [CONTRIB] EJBCA ServiceMesh compatibility
X-Git-Tag: 11.0.0~120^2
X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=527662ff89b476c3616b94e6882469d1e8cb2f33;p=oom.git

[CONTRIB] EJBCA ServiceMesh compatibility

EJBCA charts changes to make it work with servicemesh

Issue-ID: OOM-2981
Signed-off-by: Radoslaw Chmiel <r.chmiel@partner.samsung.com>
Change-Id: Ib0213da5ed63fe26a4c1956c5c8ce81bd399cc6f
---

diff --git a/kubernetes/contrib/components/ejbca/templates/deployment.yaml b/kubernetes/contrib/components/ejbca/templates/deployment.yaml
index 6bd5b259ea..a36dcacb23 100644
--- a/kubernetes/contrib/components/ejbca/templates/deployment.yaml
+++ b/kubernetes/contrib/components/ejbca/templates/deployment.yaml
@@ -22,6 +22,16 @@ spec:
   selector: {{- include "common.selectors" . | nindent 4 }}
   template:
     metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+      {{- if (include "common.onServiceMesh" . ) }}
+      annotations:
+      {{- if eq ( .Values.global.serviceMesh.engine ) "linkerd" }}
+        linkerd.io/inject: disabled
+      {{- end }}
+      {{- if eq ( .Values.global.serviceMesh.engine ) "istio" }}
+        sidecar.istio.io/rewriteAppHTTPProbers: "false"
+        proxy.istio.io/config: '{ "holdApplicationUntilProxyStarts": true }'
+      {{- end }}
+      {{- end }}
     spec:
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
@@ -51,7 +61,11 @@ spec:
         lifecycle:
           postStart:
             exec:
-              command: ["/bin/sh", "-c", "/opt/primekey/scripts/ejbca-config.sh"]
+              command:
+                - sh
+                - -c
+                - |
+                  sleep 60; /opt/primekey/scripts/ejbca-config.sh
         volumeMounts:
           - name: "{{ include "common.fullname" . }}-volume"
             mountPath: /opt/primekey/scripts/
diff --git a/kubernetes/contrib/components/ejbca/values.yaml b/kubernetes/contrib/components/ejbca/values.yaml
index 52e0e750a0..b777a7d388 100644
--- a/kubernetes/contrib/components/ejbca/values.yaml
+++ b/kubernetes/contrib/components/ejbca/values.yaml
@@ -86,14 +86,14 @@ affinity: {}
 # probe configuration parameters
 liveness:
   path: /ejbca/publicweb/healthcheck/ejbcahealth
-  port: api
-  initialDelaySeconds: 30
+  port: 8443
+  initialDelaySeconds: 180
   periodSeconds: 30
 
 readiness:
   path: /ejbca/publicweb/healthcheck/ejbcahealth
-  port: api
-  initialDelaySeconds: 30
+  port: 8443
+  initialDelaySeconds: 180
   periodSeconds: 30
 
 service:
@@ -106,7 +106,7 @@ service:
       port_protocol: http
 
 # Resource Limit flavor -By Default using small
-flavor: small
+flavor: unlimited
 # Segregation for Different environment (Small and Large)
 resources:
   small: