Add new fake deployment to CertService, controlled by new global flag global.offlineDeployment, which is disabled as default. Change Makefile to use java image from ONAP Nexus for certificate generation.
Signed-off-by: Adam Wudzinski <adam.wudzinski@nokia.com>
Issue-ID: OOM-2588
Change-Id: I2f9fe4b626604c5bfd8512449d893015bdc6ca98
truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks"
truststorePassword: "secret"
+ # Indicates offline deployment build
+ # Set to true if you are rendering helm charts for offline deployment
+ # Otherwise keep it disabled
+ offlineDeploymentBuild: false
+
# TLS
# Set to false if you want to disable TLS for NodePorts. Be aware that this
# will loosen your security.
# Starts docker container for generating certificates - deletes first, if already running
start_docker:
@make stop_docker
- docker run -d --rm --name ${DOCKER_CONTAINER} --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/certs -w /certs docker.io/openjdk:11-jre-slim tail -f /dev/null
+ $(eval REPOSITORY := $(shell cat ./values.yaml | grep -i "^[ \t]*repository" -m1 | xargs | cut -d ' ' -f2))
+ $(eval JAVA_IMAGE := $(shell cat ./values.yaml | grep -i "^[ \t]*certificateGenerationImage" -m1 | xargs | cut -d ' ' -f2))
+ $(eval FULL_JAVA_IMAGE := $(REPOSITORY)/$(JAVA_IMAGE))
+ $(eval USERNAME :=$(shell id -u))
+ $(eval GROUP :=$(shell id -g))
+ docker run --rm --name ${DOCKER_CONTAINER} --user "$(USERNAME):$(GROUP)" --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/app -w /app --entrypoint "sh" -td $(FULL_JAVA_IMAGE)
# Stops docker container for generating certificates. 'true' is used to return 0 status code, if container is already deleted
stop_docker:
#Import root certificate into client
client_import_root_certificate:
@echo "Import root certificate into intermediate"
- ${DOCKER_EXEC} bash -c "cat root.crt >> certServiceClientByRoot.crt"
+ ${DOCKER_EXEC} sh -c "cat root.crt >> certServiceClientByRoot.crt"
@echo "####done####"
#Import signed certificate into certService's client
#Import root certificate into server
server_import_root_certificate:
@echo "Import root certificate into intermediate(server)"
- ${DOCKER_EXEC} bash -c "cat root.crt >> certServiceServerByRoot.crt"
+ ${DOCKER_EXEC} sh -c "cat root.crt >> certServiceServerByRoot.crt"
@echo "####done####"
#Import signed certificate into certService
--- /dev/null
+{{/*
+ # Copyright © 2020, Nokia
+ #
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+*/}}
+
+{{- if .Values.global.offlineDeploymentBuild }}
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "common.repository" . }}/{{ .Values.certificateGenerationImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{ end -}}
# Standard OOM
pullPolicy: "Always"
repository: "nexus3.onap.org:10001"
+ offlineDeploymentBuild: false
# Service configuration
port: 8443
port_protocol: http
+# Certificates generation configuration
+certificateGenerationImage: onap/integration-java11:7.1.0
# Deployment configuration
repository: nexus3.onap.org:10001