dbServiceName: *appc-db
service:
name: appc-dgbuilder
-
+ serviceAccount:
+ nameOverride: appc-dgbuilder
ingress:
enabled: false
service:
+++ /dev/null
-# Copyright © 2021 Nokia
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: Template used to add cmpv2 certificates to components
-name: cmpv2Certificate
-version: 8.0.0
+++ /dev/null
-# Copyright © 2021 Nokia
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~8.x-0
- repository: 'file://../common'
- - name: repositoryGenerator
- version: ~8.x-0
- repository: 'file://../repositoryGenerator'
- - name: cmpv2Config
- version: ~8.x-0
- repository: 'file://../cmpv2Config'
+++ /dev/null
-{{/*
-# Copyright © 2021 Nokia
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{/*
-In order to use certServiceClient it is needed do define certificates array in target component values.yaml. Each
-certificate will be requested from separate init container
-
-Minimum example of array in target component values.yaml:
-certificates:
- - mountPath: /var/custom-certs
- commonName: common-name
-
-Full example (other fields are ignored):
-certificates:
- - mountPath: /var/custom-certs
- caName: RA
- keystore:
- outputType:
- - jks
- commonName: common-name
- dnsNames:
- - dns-name-1
- - dns-name-2
- ipAddresses:
- - 192.168.0.1
- - 192.168.0.2
- emailAddresses:
- - email-1@onap.org
- - email-2@onap.org
- uris:
- - http://uri-1.onap.org
- - http://uri-2.onap.org
- subject:
- organization: Linux-Foundation
- country: US
- locality: San Francisco
- province: California
- organizationalUnit: ONAP
-
-There also need to be some includes used in a target component deployment (indent values may need to be adjusted):
- 1. In initContainers section:
- {{ include "common.certServiceClient.initContainer" . | indent 6 }}
- 2. In volumeMounts section of container using certificates:
- {{ include "common.certServiceClient.volumeMounts" . | indent 10 }}
- 3. In volumes section:
- {{ include "common.certServiceClient.volumes" . | indent 8 }}
-
-*/}}
-
-{{- define "common.certServiceClient.initContainer" -}}
-{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.cmpv2Certificate.cmpv2Config .initRoot -}}
-{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
-{{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}}
-{{- range $index, $certificate := $dot.Values.certificates -}}
-{{/*# General certifiacate attributes #*/}}
-{{- $commonName := (required "'commonName' for Certificate is required." $certificate.commonName) -}}
-{{/*# SAN's #*/}}
-{{- $dnsNames := default (list) $certificate.dnsNames -}}
-{{- $ipAddresses := default (list) $certificate.ipAddresses -}}
-{{- $uris := default (list) $certificate.uris -}}
-{{- $emailAddresses := default (list) $certificate.emailAddresses -}}
-{{- $sansList := concat $dnsNames $ipAddresses $uris $emailAddresses -}}
-{{- $sans := join "," $sansList }}
-{{/*# Subject #*/}}
-{{- $organization := $subchartGlobal.certificate.default.subject.organization -}}
-{{- $country := $subchartGlobal.certificate.default.subject.country -}}
-{{- $locality := $subchartGlobal.certificate.default.subject.locality -}}
-{{- $province := $subchartGlobal.certificate.default.subject.province -}}
-{{- $orgUnit := $subchartGlobal.certificate.default.subject.organizationalUnit -}}
-{{- if $certificate.subject -}}
-{{- $organization := $certificate.subject.organization -}}
-{{- $country := $certificate.subject.country -}}
-{{- $locality := $certificate.subject.locality -}}
-{{- $province := $certificate.subject.province -}}
-{{- $orgUnit := $certificate.subject.organizationalUnit -}}
-{{- end -}}
-{{- $caName := default $subchartGlobal.platform.certServiceClient.envVariables.caName $certificate.caName -}}
-{{- $outputType := $subchartGlobal.platform.certServiceClient.envVariables.outputType -}}
-{{- if $certificate.keystore -}}
-{{- $outputTypeList := (required "'outputType' in 'keystore' section is required." $certificate.keystore.outputType) -}}
-{{- $outputType = mustFirst ($outputTypeList) | upper -}}
-{{- end -}}
-{{- $requestUrl := $subchartGlobal.platform.certServiceClient.envVariables.requestURL -}}
-{{- $certPath := $subchartGlobal.platform.certServiceClient.envVariables.certPath -}}
-{{- $requestTimeout := $subchartGlobal.platform.certServiceClient.envVariables.requestTimeout -}}
-{{- $certificatesSecret:= $subchartGlobal.platform.certServiceClient.clientSecretName -}}
-{{- $certificatesSecretMountPath := $subchartGlobal.platform.certServiceClient.certificatesSecretMountPath -}}
-{{- $keystorePath := (printf "%s%s" $subchartGlobal.platform.certServiceClient.certificatesSecretMountPath $subchartGlobal.platform.certificates.keystoreKeyRef ) -}}
-{{- $keystorePasswordSecret := $subchartGlobal.platform.certificates.keystorePasswordSecretName -}}
-{{- $keystorePasswordSecretKey := $subchartGlobal.platform.certificates.keystorePasswordSecretKey -}}
-{{- $truststorePath := (printf "%s%s" $subchartGlobal.platform.certServiceClient.certificatesSecretMountPath $subchartGlobal.platform.certificates.truststoreKeyRef ) -}}
-{{- $truststorePasswordSecret := $subchartGlobal.platform.certificates.truststorePasswordSecretName -}}
-{{- $truststorePasswordSecretKey := $subchartGlobal.platform.certificates.truststorePasswordSecretKey -}}
-- name: certs-init-{{ $index }}
- image: {{ include "repositoryGenerator.image.certserviceclient" $dot }}
- imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
- env:
- - name: REQUEST_URL
- value: {{ $requestUrl | quote }}
- - name: REQUEST_TIMEOUT
- value: {{ $requestTimeout | quote }}
- - name: OUTPUT_PATH
- value: {{ $certPath | quote }}
- - name: OUTPUT_TYPE
- value: {{ $outputType | quote }}
- - name: CA_NAME
- value: {{ $caName | quote }}
- - name: COMMON_NAME
- value: {{ $commonName | quote }}
- - name: SANS
- value: {{ $sans | quote }}
- - name: ORGANIZATION
- value: {{ $organization | quote }}
- - name: ORGANIZATION_UNIT
- value: {{ $orgUnit | quote }}
- - name: LOCATION
- value: {{ $locality | quote }}
- - name: STATE
- value: {{ $province | quote }}
- - name: COUNTRY
- value: {{ $country | quote }}
- - name: KEYSTORE_PATH
- value: {{ $keystorePath | quote }}
- - name: KEYSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ $keystorePasswordSecret | quote}}
- key: {{ $keystorePasswordSecretKey | quote}}
- - name: TRUSTSTORE_PATH
- value: {{ $truststorePath | quote }}
- - name: TRUSTSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ $truststorePasswordSecret | quote}}
- key: {{ $truststorePasswordSecretKey | quote}}
- terminationMessagePath: /dev/termination-log
- terminationMessagePolicy: File
- volumeMounts:
- - mountPath: {{ $certPath }}
- name: cmpv2-certs-volume-{{ $index }}
- - mountPath: {{ $certificatesSecretMountPath }}
- name: certservice-tls-volume
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{- define "common.certServiceClient.volumes" -}}
-{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.cmpv2Certificate.cmpv2Config .initRoot -}}
-{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
-{{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}}
-{{- $certificatesSecretName := $subchartGlobal.platform.certificates.clientSecretName -}}
-- name: certservice-tls-volume
- secret:
- secretName: {{ $certificatesSecretName }}
-{{ range $index, $certificate := $dot.Values.certificates -}}
-- name: cmpv2-certs-volume-{{ $index }}
- emptyDir:
- medium: Memory
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{- define "common.certServiceClient.volumeMounts" -}}
-{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.cmpv2Certificate.cmpv2Config .initRoot -}}
-{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
-{{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}}
-{{- range $index, $certificate := $dot.Values.certificates -}}
-{{- $mountPath := $certificate.mountPath -}}
-- mountPath: {{ $mountPath }}
- name: cmpv2-certs-volume-{{ $index }}
-{{ end -}}
-{{- end -}}
-{{- end -}}
+++ /dev/null
-# Copyright © 2021 Nokia
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
# Enabling CMPv2
cmpv2Enabled: true
- CMPv2CertManagerIntegration: false
certificate:
default:
keystorePasswordSecretKey: password
truststorePasswordSecretName: oom-cert-service-truststore-password
truststorePasswordSecretKey: password
- certServiceClient:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3
- certificatesSecretMountPath: /etc/onap/oom/certservice/certs/
- envVariables:
- certPath: "/var/custom-certs"
- # Certificate related
- caName: "RA"
- # Client configuration related
- requestURL: "https://oom-cert-service:8443/v1/certificate/"
- requestTimeout: "30000"
- outputType: "P12"
certPostProcessor:
image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.3
- name: repositoryGenerator
version: ~8.x-0
repository: 'file://../repositoryGenerator'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: 'file://../serviceAccount'
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
{{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
memory: 4Gi
unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: dgbuilder
+ roles:
+ - read
{{- include "repositoryGenerator.image._helper" (merge (dict "image" "curlImage") .) }}
{{- end -}}
-{{- define "repositoryGenerator.image.certserviceclient" -}}
- {{- include "repositoryGenerator.image._helper" (merge (dict "image" "certServiceClientImage") .) }}
-{{- end -}}
-
{{- define "repositoryGenerator.image.dcaepolicysync" -}}
{{- include "repositoryGenerator.image._helper" (merge (dict "image" "dcaePolicySyncImage") .) }}
{{- end -}}
# common global images
busyboxImage: busybox:1.32
curlImage: curlimages/curl:7.69.1
- certServiceClientImage: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3
envsubstImage: dibi/envsubst:1
# there's only latest image for htpasswd
htpasswdImage: xmartlabs/htpasswd:latest
imageRepoMapping:
busyboxImage: dockerHubRepository
curlImage: dockerHubRepository
- certServiceClientImage: repository
envsubstImage: dockerHubRepository
htpasswdImage: dockerHubRepository
jreImage: repository
*/}}
{{- define "dcaegen2-services-common.shouldUseCmpv2Certificates" -}}
{{- $certDir := default "" .Values.certDirectory . -}}
- {{- if (and $certDir .Values.certificates .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration .Values.useCmpv2Certificates) -}}
+ {{- if (and $certDir .Values.certificates .Values.global.cmpv2Enabled .Values.useCmpv2Certificates) -}}
true
{{- end -}}
{{- end -}}
# It is used only when:
# - certDirectory is set
# - global cmpv2Enabled flag is set to true
-# - global CertManagerIntegration flag is set to true
# - flag useCmpv2Certificates is set to true
# Disabled by default
useCmpv2Certificates: false
# It is used only when:
# - certDirectory is set
# - global cmpv2Enabled flag is set to true
-# - global CertManagerIntegration flag is set to true
# - flag useCmpv2Certificates is set to true
# Disabled by default
useCmpv2Certificates: false
name: {{ include "common.release" . }}-dcae-external-repo-configmap-sa91-rel16
namespace: {{ include "common.namespace" . }}
data:
-{{ (.Files.Glob "resources/external/schema/sa91-rel16/*").AsConfig | indent 2 }}
\ No newline at end of file
+{{ (.Files.Glob "resources/external/schemas/sa91-rel16/*").AsConfig | indent 2 }}
\ No newline at end of file
"ca_cert_configmap": "{{ include "common.fullname" . }}-dcae-cacert"
},
"external_cert": {
- "image_tag": "{{ include "repositoryGenerator.repository" . }}/{{ .Values.cmpv2Config.global.platform.certServiceClient.image }}",
- "request_url": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.requestURL }}",
- "timeout": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.requestTimeout }}",
"country": "{{ .Values.cmpv2Config.global.certificate.default.subject.country }}",
"organization": "{{ .Values.cmpv2Config.global.certificate.default.subject.organization }}",
"state": "{{ .Values.cmpv2Config.global.certificate.default.subject.province }}",
"image_tag": "{{ include "repositoryGenerator.repository" . }}/{{ .Values.cmpv2Config.global.platform.certPostProcessor.image }}"
},
"cmpv2_issuer": {
- "enabled": "{{ .Values.global.CMPv2CertManagerIntegration }}",
+ "enabled": "true",
"name": "{{ .Values.cmpv2issuer.name }}"
}
}
repositoryCred:
user: docker
password: docker
- # Enabling CMPv2 with CertManager
- CMPv2CertManagerIntegration: false
cmpv2issuer:
name: cmpv2-issuer-onap
global:
addTestingComponents: &testing true
centralizedLoggingEnabled: ¢ralizedLogging false
- CMPv2CertManagerIntegration: false
cassandra:
enabled: true
mariadb-galera:
# Copyright © 2020 Nordix Foundation
-# Modifications Copyright © 2020 Nokia
+# Modifications Copyright © 2020-2021 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
global:
cmpv2Enabled: true
- CMPv2CertManagerIntegration: true
- platform:
- certServiceClient:
- envVariables:
- # Certificate related
- cmpv2Organization: "Linux-Foundation"
- cmpv2OrganizationalUnit: "ONAP"
- cmpv2Location: "San-Francisco"
- cmpv2State: "California"
- cmpv2Country: "US"
- # Client configuration related
- caName: "RA"
+ certificate:
+ default:
+ renewBefore: 720h #30 days
+ duration: 8760h #365 days
+ subject:
+ organization: "Linux-Foundation"
+ country: "US"
+ locality: "San-Francisco"
+ province: "California"
+ organizationalUnit: "ONAP"
+ issuer:
+ group: certmanager.onap.org
+ kind: CMPv2Issuer
+ name: cmpv2-issuer-onap
# Enabling CMPv2
cmpv2Enabled: true
- CMPv2CertManagerIntegration: false
platform:
certificates:
clientSecretName: oom-cert-service-client-tls-secret
keystorePasswordSecretKey: password
truststorePasswordSecretName: oom-cert-service-certificates-password
truststorePasswordSecretKey: password
- certServiceClient:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3
- certificatesSecretMountPath: /etc/onap/oom/certservice/certs/
- envVariables:
- certPath: "/var/custom-certs"
- # Certificate related
- caName: "RA"
- # Client configuration related
- requestURL: "https://oom-cert-service:8443/v1/certificate/"
- requestTimeout: "30000"
- outputType: "P12"
# Indicates offline deployment build
# Set to true if you are rendering helm charts for offline deployment
-{{ if .Values.global.CMPv2CertManagerIntegration }}
+{{ if .Values.global.cmpv2Enabled }}
# ============LICENSE_START=======================================================
# Copyright (c) 2020 Nokia
-{{ if .Values.global.CMPv2CertManagerIntegration }}
+{{ if .Values.global.cmpv2Enabled }}
# ============LICENSE_START=======================================================
# Copyright (c) 2020 Nokia
-{{ if .Values.global.CMPv2CertManagerIntegration }}
+{{ if .Values.global.cmpv2Enabled }}
# ============LICENSE_START=======================================================
# Copyright (c) 2020 Nokia
-{{ if .Values.global.CMPv2CertManagerIntegration }}
+{{ if .Values.global.cmpv2Enabled }}
# ============LICENSE_START=======================================================
# Copyright (c) 2020 Nokia
busyboxRepository: registry.hub.docker.com
busyboxImage: library/busybox:latest
repository: "nexus3.onap.org:10001"
- CMPv2CertManagerIntegration: false
namespace: onap
cmpv2Enabled: true
addTestingComponents: false
- certService:
- certServiceClient:
- secret:
- name: oom-cert-service-client-tls-secret
-
#################################################################
# Application configuration defaults.
#################################################################
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
requests:
cpu: 3m
memory: 20Mi
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: {{ include "common.fullname" . }}-localtime
hostPath:
cpu: 200m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: sdc-be
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
requests:
cpu: 200m
memory: 300Mi
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-environments
configMap:
ingress:
enabled: false
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: sdc-cs
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
requests:
cpu: 3m
memory: 20Mi
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-localtime
hostPath:
cpu: 80m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: sdc-fe
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
requests:
cpu: 3m
memory: 20Mi
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: {{ include "common.fullname" . }}-localtime
hostPath:
cpu: 80m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: sdc-onboarding-be
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
value: "{{ .Values.config.serverSSLTrustStoreType }}"
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
resources: {{ include "common.resources" . | nindent 12 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
cpu: 80m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: sdc-wfd-be
+ roles:
+ - read
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
requests:
cpu: 3m
memory: 20Mi
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-localtime
hostPath:
cpu: 80m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: sdc-wfd-fe
+ roles:
+ - read
- name: certInitializer
version: ~8.x-0
repository: '@local'
- - name: cmpv2Certificate
- version: ~8.x-0
- repository: '@local'
- name: certManagerCertificate
version: ~8.x-0
repository: '@local'
contenttype=application/json
group=myG
id=C1
-timeout=50000
limit=10000
[pnfRegistration]
contenttype=application/json
group=myG
id=C1
-timeout=50000
limit=10000
# limitations under the License.
*/}}
-{{ if and .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }}
+{{ if .Values.global.cmpv2Enabled }}
{{ include "certManagerCertificate.certificate" . }}
{{ end }}
name: {{ include "common.name" . }}-readiness
{{ end -}}
{{ include "common.certInitializer.initContainer" . | indent 6 }}
-{{ include "common.certServiceClient.initContainer" . | indent 6 }}
- name: {{ include "common.name" . }}-chown
image: {{ include "repositoryGenerator.image.busybox" . }}
command:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{- if and .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }}
+ {{- if .Values.global.cmpv2Enabled }}
{{- $linkCommand := include "common.certManager.linkVolumeMounts" . }}
lifecycle:
postStart:
value: "{{ .Values.config.sdnr.netconfCallHome.enabled | default "false" }}"
volumeMounts:
{{ include "common.certInitializer.volumeMount" . | indent 10 }}
-{{ include "common.certServiceClient.volumeMounts" . | indent 10 }}
-{{- if and .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }}
+{{- if .Values.global.cmpv2Enabled }}
{{ include "common.certManager.volumeMounts" . | indent 10 }}
{{- end }}
- mountPath: /etc/localtime
emptyDir: {}
{{ else }}
{{ include "common.certInitializer.volumes" . | nindent 8 }}
-{{ include "common.certServiceClient.volumes" . | nindent 8 }}
-{{- if and .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }}
+{{- if .Values.global.cmpv2Enabled }}
{{ include "common.certManager.volumes" . | nindent 8 }}
{{- end }}
volumeClaimTemplates:
service: mariadb-galera
internalPort: 3306
nameOverride: mariadb-galera
- # Enabling CMPv2 with CertManager
- CMPv2CertManagerIntegration: false
#################################################################
# Secrets metaconfig
dbServiceName: mariadb-galera
# This should be revisited and changed to plain text
dgUserPassword: cc03e747a6afbbcbf8be7668acfebee5
+ serviceAccount:
+ nameOverride: sdnc-dgbuilder
mariadb-galera:
service:
name: sdnc-dgbuilder
Code Review / oom.git / commitdiff