From 751f0f12fadbd9d471aa7f0c02a1bfb08636e624 Mon Sep 17 00:00:00 2001 From: Adam Wudzinski Date: Wed, 28 Oct 2020 11:45:20 +0100 Subject: [PATCH] [PLATFORM] Add new fake deployment to fix offline certificates generation Add new fake deployment to CertService, controlled by new global flag global.offlineDeployment, which is disabled as default. Change Makefile to use java image from ONAP Nexus for certificate generation. Signed-off-by: Adam Wudzinski Issue-ID: OOM-2588 Change-Id: I2f9fe4b626604c5bfd8512449d893015bdc6ca98 --- kubernetes/onap/values.yaml | 5 ++++ .../platform/components/oom-cert-service/Makefile | 11 +++++--- .../templates/fake_deployment.yaml | 31 ++++++++++++++++++++++ .../components/oom-cert-service/values.yaml | 3 +++ 4 files changed, 47 insertions(+), 3 deletions(-) create mode 100644 kubernetes/platform/components/oom-cert-service/templates/fake_deployment.yaml diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 9473a6abcb..5baa804792 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -146,6 +146,11 @@ global: truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks" truststorePassword: "secret" + # Indicates offline deployment build + # Set to true if you are rendering helm charts for offline deployment + # Otherwise keep it disabled + offlineDeploymentBuild: false + # TLS # Set to false if you want to disable TLS for NodePorts. Be aware that this # will loosen your security. diff --git a/kubernetes/platform/components/oom-cert-service/Makefile b/kubernetes/platform/components/oom-cert-service/Makefile index c4723dfdd1..736a19fbd4 100644 --- a/kubernetes/platform/components/oom-cert-service/Makefile +++ b/kubernetes/platform/components/oom-cert-service/Makefile @@ -27,7 +27,12 @@ all: start_docker \ # Starts docker container for generating certificates - deletes first, if already running start_docker: @make stop_docker - docker run -d --rm --name ${DOCKER_CONTAINER} --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/certs -w /certs docker.io/openjdk:11-jre-slim tail -f /dev/null + $(eval REPOSITORY := $(shell cat ./values.yaml | grep -i "^[ \t]*repository" -m1 | xargs | cut -d ' ' -f2)) + $(eval JAVA_IMAGE := $(shell cat ./values.yaml | grep -i "^[ \t]*certificateGenerationImage" -m1 | xargs | cut -d ' ' -f2)) + $(eval FULL_JAVA_IMAGE := $(REPOSITORY)/$(JAVA_IMAGE)) + $(eval USERNAME :=$(shell id -u)) + $(eval GROUP :=$(shell id -g)) + docker run --rm --name ${DOCKER_CONTAINER} --user "$(USERNAME):$(GROUP)" --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/app -w /app --entrypoint "sh" -td $(FULL_JAVA_IMAGE) # Stops docker container for generating certificates. 'true' is used to return 0 status code, if container is already deleted stop_docker: @@ -89,7 +94,7 @@ client_sign_certificate_by_root: #Import root certificate into client client_import_root_certificate: @echo "Import root certificate into intermediate" - ${DOCKER_EXEC} bash -c "cat root.crt >> certServiceClientByRoot.crt" + ${DOCKER_EXEC} sh -c "cat root.crt >> certServiceClientByRoot.crt" @echo "####done####" #Import signed certificate into certService's client @@ -124,7 +129,7 @@ server_sign_certificate_by_root: #Import root certificate into server server_import_root_certificate: @echo "Import root certificate into intermediate(server)" - ${DOCKER_EXEC} bash -c "cat root.crt >> certServiceServerByRoot.crt" + ${DOCKER_EXEC} sh -c "cat root.crt >> certServiceServerByRoot.crt" @echo "####done####" #Import signed certificate into certService diff --git a/kubernetes/platform/components/oom-cert-service/templates/fake_deployment.yaml b/kubernetes/platform/components/oom-cert-service/templates/fake_deployment.yaml new file mode 100644 index 0000000000..ba12874eb6 --- /dev/null +++ b/kubernetes/platform/components/oom-cert-service/templates/fake_deployment.yaml @@ -0,0 +1,31 @@ +{{/* + # Copyright © 2020, Nokia + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. +*/}} + +{{- if .Values.global.offlineDeploymentBuild }} +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: {{- include "common.selectors" . | nindent 4 }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + containers: + - name: {{ include "common.name" . }} + image: {{ include "common.repository" . }}/{{ .Values.certificateGenerationImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} +{{ end -}} diff --git a/kubernetes/platform/components/oom-cert-service/values.yaml b/kubernetes/platform/components/oom-cert-service/values.yaml index 3ab9895037..bcb2544ce5 100644 --- a/kubernetes/platform/components/oom-cert-service/values.yaml +++ b/kubernetes/platform/components/oom-cert-service/values.yaml @@ -34,6 +34,7 @@ global: # Standard OOM pullPolicy: "Always" repository: "nexus3.onap.org:10001" + offlineDeploymentBuild: false # Service configuration @@ -44,6 +45,8 @@ service: port: 8443 port_protocol: http +# Certificates generation configuration +certificateGenerationImage: onap/integration-java11:7.1.0 # Deployment configuration repository: nexus3.onap.org:10001 -- 2.16.6