From e33ecd1a590fc1896457e82694aae2582dcf2d54 Mon Sep 17 00:00:00 2001 From: sebdet Date: Wed, 4 Nov 2020 18:22:19 +0100 Subject: [PATCH] [SDC] Re-enable the cert storage Re-enable the cert storage for secure package of the onboarding be Issue-ID: SDC-3361 Signed-off-by: sebdet Signed-off-by: Xue Gao Change-Id: I4325ebdaa2c52432150097032974e11668731492 --- .../sdc-onboarding-be/templates/deployment.yaml | 5 +++ .../components/sdc-onboarding-be/templates/pv.yaml | 41 ++++++++++++++++++++++ .../sdc-onboarding-be/templates/pvc.yaml | 40 +++++++++++++++++++++ 3 files changed, 86 insertions(+) create mode 100644 kubernetes/sdc/components/sdc-onboarding-be/templates/pv.yaml create mode 100644 kubernetes/sdc/components/sdc-onboarding-be/templates/pvc.yaml diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml index 007b1308c0..74757c7be2 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml @@ -151,6 +151,8 @@ spec: readOnly: true - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap + - name: {{ include "common.fullname" . }}-cert-storage + mountPath: "{{ .Values.cert.certDir }}" - name: {{ include "common.fullname" . }}-logback mountPath: /tmp/logback.xml subPath: logback.xml @@ -197,5 +199,8 @@ spec: emptyDir: { medium: "Memory" } - name: {{ include "common.fullname" . }}-logs emptyDir: {} + - name: {{ include "common.fullname" . }}-cert-storage + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }}-cert imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/pv.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/pv.yaml new file mode 100644 index 0000000000..bc110c3b0f --- /dev/null +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/pv.yaml @@ -0,0 +1,41 @@ +{{/* +# ================================================================================ +# Copyright (C) 2019, Nordix Foundation. All rights reserved. +# ================================================================================ +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{- if and .Values.persistence.enabled (not .Values.cert.persistence.existingClaim) -}} +{{- if eq "True" (include "common.needPV" .) -}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ include "common.release" . }}" + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }} +spec: + capacity: + storage: {{ .Values.cert.persistence.size}} + accessModes: + - {{ .Values.cert.persistence.accessMode }} + persistentVolumeReclaimPolicy: {{ .Values.cert.persistence.volumeReclaimPolicy }} + storageClassName: "{{ include "common.fullname" . }}-data" + hostPath: + path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.cert.persistence.mountSubPath }} +{{- end -}} +{{- end -}} diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/pvc.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/pvc.yaml new file mode 100644 index 0000000000..006d736b63 --- /dev/null +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/pvc.yaml @@ -0,0 +1,40 @@ +{{/* +# ================================================================================ +# Copyright (C) 2019, Nordix Foundation. All rights reserved. +# ================================================================================ +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{- if and .Values.cert.persistence.enabled (not .Values.cert.persistence.existingClaim) -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }}-cert + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ include "common.release" . }}" + heritage: "{{ .Release.Service }}" +{{- if .Values.cert.persistence.annotations }} + annotations: +{{ toYaml .Values.cert.persistence.annotations | indent 4 }} +{{- end }} +spec: + accessModes: + - {{ .Values.cert.persistence.accessMode }} + storageClassName: {{ include "common.storageClass" . }} + resources: + requests: + storage: {{ .Values.cert.persistence.size }} +{{- end -}} -- 2.16.6