From: Krzysztof Opasiak Date: Wed, 21 Oct 2020 18:24:50 +0000 (+0000) Subject: Merge "[COMMON] Make certInitializer share truststore among instances" X-Git-Tag: 7.0.0~111 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=aea88e49e5b3b8205b957dd089282d4f789dc53e;hp=65c2c270679f5ebb1cff99a3061fbf58b62a7623;p=oom.git Merge "[COMMON] Make certInitializer share truststore among instances" --- diff --git a/kubernetes/common/Makefile b/kubernetes/common/Makefile index 58125f8506..817a2e24bc 100644 --- a/kubernetes/common/Makefile +++ b/kubernetes/common/Makefile @@ -20,12 +20,14 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets COMMON_CHARTS_DIR := common EXCLUDES := +PROCESSED_LAST := cert-wrapper +TO_FILTER := $(EXCLUDES) $(PROCESSED_LAST) HELM_BIN := helm -HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) +HELM_CHARTS := $(filter-out $(TO_FILTER), $(sort $(patsubst %/.,%,$(wildcard */.)))) $(PROCESSED_LAST) HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}") -.PHONY: $(EXCLUDES) $(HELM_CHARTS) +.PHONY: $(HELM_CHARTS) $(TO_FILTER) all: $(COMMON_CHARTS_DIR) $(HELM_CHARTS) diff --git a/kubernetes/common/cert-wrapper/Chart.yaml b/kubernetes/common/cert-wrapper/Chart.yaml new file mode 100644 index 0000000000..68d5400743 --- /dev/null +++ b/kubernetes/common/cert-wrapper/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Wrapper chart to allow truststore to be shared among cert-initializer instances +name: cert-wrapper +version: 6.0.0 diff --git a/kubernetes/common/cert-wrapper/requirements.yaml b/kubernetes/common/cert-wrapper/requirements.yaml new file mode 100644 index 0000000000..b6a667e448 --- /dev/null +++ b/kubernetes/common/cert-wrapper/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: certInitializer + version: ~6.x-0 + repository: 'file://../certInitializer' diff --git a/kubernetes/common/cert-wrapper/values.yaml b/kubernetes/common/cert-wrapper/values.yaml new file mode 100644 index 0000000000..fcece0e3f5 --- /dev/null +++ b/kubernetes/common/cert-wrapper/values.yaml @@ -0,0 +1,17 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +certInitializer: + nameOverride: cert-initializer + createCertsCM: true diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml index 6734e0be81..800364f1a2 100644 --- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml +++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml @@ -172,7 +172,7 @@ medium: Memory - name: aaf-agent-certs configMap: - name: {{ include "common.fullname" $subchartDot }}-certs + name: {{ tpl $subchartDot.Values.certsCMName $subchartDot }} defaultMode: 0700 {{- if $initRoot.aaf_add_config }} diff --git a/kubernetes/common/certInitializer/templates/configmap.yaml b/kubernetes/common/certInitializer/templates/configmap.yaml index a89a33152b..69d74e1ca7 100644 --- a/kubernetes/common/certInitializer/templates/configmap.yaml +++ b/kubernetes/common/certInitializer/templates/configmap.yaml @@ -23,6 +23,7 @@ data: aaf-add-config.sh: | {{ tpl .Values.aaf_add_config . | indent 4 }} {{- end }} +{{- if .Values.createCertsCM }} --- apiVersion: v1 kind: ConfigMap @@ -30,3 +31,4 @@ kind: ConfigMap metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . ) | nindent 2 }} data: {{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }} +{{- end -}} diff --git a/kubernetes/common/certInitializer/values.yaml b/kubernetes/common/certInitializer/values.yaml index 642fe7799b..00e74c46d6 100644 --- a/kubernetes/common/certInitializer/values.yaml +++ b/kubernetes/common/certInitializer/values.yaml @@ -56,3 +56,6 @@ importCustomCertsEnabled: false truststoreMountpath: "" truststoreOutputFileName: truststore.jks truststorePassword: changeit + +createCertsCM: false +certsCMName: '{{ include "common.release" . }}-cert-initializer-certs' diff --git a/kubernetes/onap/requirements.yaml b/kubernetes/onap/requirements.yaml index 9143c1feff..7110117442 100755 --- a/kubernetes/onap/requirements.yaml +++ b/kubernetes/onap/requirements.yaml @@ -162,3 +162,7 @@ dependencies: version: ~6.x-0 repository: '@local' condition: a1policymanagement.enabled + - name: cert-wrapper + version: ~6.x-0 + repository: '@local' + condition: cert-wrapper.enabled diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 3413c3840e..2791f0fab0 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -313,3 +313,6 @@ platform: enabled: false a1policymanagement: enabled: false + +cert-wrapper: + enabled: true