[POLICY] certInit support + refactoring

[oom.git] / kubernetes / policy / components / policy-apex-pdp / templates / statefulset.yaml

diff --git a/kubernetes/policy/charts/policy-apex-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml
old mode 100644 (file)
new mode 100755 (executable)
similarity index 80%
rename from kubernetes/policy/charts/policy-apex-pdp/templates/statefulset.yaml
rename to kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml
index 71a7f3d..4deb21a
--- a/kubernetes/policy/charts/policy-apex-pdp/templates/statefulset.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml
@@ -1,5 +1,6 @@
 #  ============LICENSE_START=======================================================
 #   Copyright (C) 2018 Ericsson. All rights reserved.
+#   Modifications Copyright (C) 2020 AT&T Intellectual Property.
 #  ================================================================================
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -47,6 +48,8 @@ spec:
         env:
         - name: TRUSTSTORE_PASSWORD
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-pass" "key" "password") | indent 10 }}
+        - name: KEYSTORE_PASSWORD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-pass" "key" "password") | indent 10 }}
         - name: RESTSERVER_USER
           {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
         - name: RESTSERVER_PASSWORD
@@ -59,14 +62,15 @@ spec:
         image: "{{ .Values.global.envsubstImage }}"
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-update-config
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
       containers:
         - name: {{ include "common.name" . }}
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
-          command:
-          - /opt/app/policy/apex-pdp/bin/apexOnapPf.sh
-          - -c
-          - /home/apexuser/config/OnapPfConfig.json
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          command: ["bash","-c"]
+          args: ["if [ -f {{ .Values.certInitializer.credsPath }}/.ci ]; then \
+                  source {{ .Values.certInitializer.credsPath }}/.ci; fi;\
+                  /opt/app/policy/apex-pdp/bin/apexOnapPf.sh -c /home/apexuser/config/OnapPfConfig.json"]
           ports:
           - containerPort: {{ .Values.service.externalPort }}
           {{- if eq .Values.liveness.enabled true }}
@@ -84,7 +88,14 @@ spec:
           env:
           - name: REPLICAS
             value: "{{ .Values.replicaCount }}"
+{{- if not .Values.global.aafEnabled }}
+          - name: KEYSTORE_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-pass" "key" "password") | indent 12 }}
+          - name: TRUSTSTORE_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-pass" "key" "password") | indent 12 }}
+{{- end }}
           volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
@@ -93,7 +104,7 @@ spec:
           - mountPath: /home/apexuser/config
             name: apexconfig
           resources:
-{{ include "common.resources" . | indent 12 }}
+{{ include "common.resources" . }}
         {{- if .Values.nodeSelector }}
         nodeSelector:
 {{ toYaml .Values.nodeSelector | indent 10 }}
@@ -103,6 +114,7 @@ spec:
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
       volumes:
+{{ include "common.certInitializer.volumes" . | indent 8 }}
         - name: localtime
           hostPath:
             path: /etc/localtime