From: Krzysztof Opasiak Date: Tue, 20 Oct 2020 21:17:17 +0000 (+0200) Subject: [COMMON] Move onap truststore to cert-wrapper X-Git-Tag: 7.0.0~82^2~2 X-Git-Url: https://gerrit.onap.org/r/gitweb?p=oom.git;a=commitdiff_plain;h=599764901bdf353c358be66fca47a41f3382b56e [COMMON] Move onap truststore to cert-wrapper certInitializer is included multiple times in number of different projects. If it contains the truststore then under if it is not used it increases the size of the chart itself so that it our final ONAP chart does not fit into default 20 Mb chartmuseum limit. Let's resolve this by moving the configmap and its content to the cert-wrapper which is included only once per onap instance. Issue-ID: AAF-1134 Signed-off-by: Krzysztof Opasiak Change-Id: I654d9158e7b776c012653dbef2c8091a393635f0 --- diff --git a/kubernetes/common/certInitializer/resources/import-custom-certs.sh b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh similarity index 100% rename from kubernetes/common/certInitializer/resources/import-custom-certs.sh rename to kubernetes/common/cert-wrapper/resources/import-custom-certs.sh diff --git a/kubernetes/common/certInitializer/resources/truststoreONAP.p12.b64 b/kubernetes/common/cert-wrapper/resources/truststoreONAP.p12.b64 similarity index 100% rename from kubernetes/common/certInitializer/resources/truststoreONAP.p12.b64 rename to kubernetes/common/cert-wrapper/resources/truststoreONAP.p12.b64 diff --git a/kubernetes/common/certInitializer/resources/truststoreONAPall.jks.b64 b/kubernetes/common/cert-wrapper/resources/truststoreONAPall.jks.b64 similarity index 100% rename from kubernetes/common/certInitializer/resources/truststoreONAPall.jks.b64 rename to kubernetes/common/cert-wrapper/resources/truststoreONAPall.jks.b64 diff --git a/kubernetes/common/cert-wrapper/templates/configmap.yaml b/kubernetes/common/cert-wrapper/templates/configmap.yaml new file mode 100644 index 0000000000..117a4ab718 --- /dev/null +++ b/kubernetes/common/cert-wrapper/templates/configmap.yaml @@ -0,0 +1,22 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +{{- $suffix := "certs" }} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . ) | nindent 2 }} +data: +{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }} diff --git a/kubernetes/common/certInitializer/templates/configmap.yaml b/kubernetes/common/certInitializer/templates/configmap.yaml index 69d74e1ca7..7abbf9c7d8 100644 --- a/kubernetes/common/certInitializer/templates/configmap.yaml +++ b/kubernetes/common/certInitializer/templates/configmap.yaml @@ -23,12 +23,3 @@ data: aaf-add-config.sh: | {{ tpl .Values.aaf_add_config . | indent 4 }} {{- end }} -{{- if .Values.createCertsCM }} ---- -apiVersion: v1 -kind: ConfigMap -{{- $suffix := "certs" }} -metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . ) | nindent 2 }} -data: -{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }} -{{- end -}} diff --git a/kubernetes/common/certInitializer/values.yaml b/kubernetes/common/certInitializer/values.yaml index 00e74c46d6..66251fa29a 100644 --- a/kubernetes/common/certInitializer/values.yaml +++ b/kubernetes/common/certInitializer/values.yaml @@ -57,5 +57,8 @@ truststoreMountpath: "" truststoreOutputFileName: truststore.jks truststorePassword: changeit -createCertsCM: false -certsCMName: '{{ include "common.release" . }}-cert-initializer-certs' +# This introduces implicit dependency on cert-wrapper +# if you are using cert initializer cert-wrapper has to be also deployed. +# We had to move this CM to a separate chart to reduce the total size of our charts +# as it exceeds the default helm limits. +certsCMName: '{{ include "common.release" . }}-cert-wrapper-certs'