Remove AAF truststore files from configmap

Moved security-related files from the configmap to an init container, to dramatically reduce the overall size of the ONAP deployment configmap. Change-Id: I5e1c176f14d2e010c69e6c1e86c487583ed18f59 Issue-ID: OOM-1061 Signed-off-by: Mike Elliott <mike.elliott@amdocs.com>
author: Mike Elliott <mike.elliott@amdocs.com> 2018-05-08 14:22:13 -0400
committer: Mike Elliott <mike.elliott@amdocs.com> 2018-05-08 16:27:16 -0400
commit: 77a201bf8b09dba3ab89cc635ec8fa0efcaa11c4 (patch)
tree: c298ba5c90611350b386036b35cb94e6e84e3789 /templates
parent: 92e9569f5fe2885a71c2cf73aa4d597ebfd6d6d3 (diff)
3 files changed, 22 insertions, 34 deletions
diff --git a/templates/configmap.yaml b/templates/configmap.yaml
index cfa57f7..9d21e05 100644
--- a/templates/configmap.yaml
+++ b/templates/configmap.yaml
@@ -23,14 +23,6 @@ data:
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ .Release.Name }}-aaf-public
-  namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/public/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
   name: {{ .Release.Name }}-aaf-local
   namespace: {{ include "common.namespace" . }}
 data:
diff --git a/templates/job.yaml b/templates/job.yaml
index 7ce871e..85c0940 100644
--- a/templates/job.yaml
+++ b/templates/job.yaml
@@ -29,6 +29,21 @@ spec:
         app: aaf-init-job
         release: {{ .Release.Name }}
     spec:
+      initContainers:
+      - name: {{ include "common.name" . }}-inject-config
+        command:
+        - /bin/bash
+        - -c
+        - >
+          git clone -b {{ .Values.config.gerritBranch }} --single-branch {{ .Values.config.gerritProject }} /tmp/gerrit;
+          echo "Clone complete. Copying from /tmp/gerrit/ to /public";
+          cp -rf /tmp/gerrit/auth/sample/public/* /public;
+          echo "Done.";
+        image: "{{ .Values.global.ubuntuInitRepository }}/{{ .Values.global.ubuntuInitImage }}"
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        volumeMounts:
+        - name: aaf-public
+          mountPath: "/public"
       containers:
       - command: ["/bin/bash","-c","if [ ! -d /data/backup ]; then mkdir /data/data && cp -Ra /data1/data/..data/* /data/data/ && mkdir /data/etc && cp -Ra /data1/etc/..data/* data/etc/ && mkdir /data/backup && cp -Ra /data1/backup/..data/* /data/backup/ && cp -Ra /data1/public /data/ && cp -Ra /data1/local /data && mkdir -p /data/logs/oauth && mkdir -p /data/logs/hello && mkdir -p /data/logs/fs && mkdir -p /data/logs/gui && mkdir -p /data/logs/locate && mkdir -p /data/logs/cm && mkdir -p /data/logs/service; fi; exit 0"]
         image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
@@ -51,13 +66,13 @@ spec:
           name: aaf-public
           subPath: aaf_2_0.xsd
         - mountPath: /data1/public/truststoreONAP.p12
-          name: aaf-public-secret
+          name: aaf-public
           subPath: truststoreONAP.p12
         - mountPath: /data1/public/AAF_RootCA.cer
-          name: aaf-public-secret
+          name: aaf-public
           subPath: AAF_RootCA.cer
         - mountPath: /data1/public/truststoreONAPall.jks
-          name: aaf-public-secret
+          name: aaf-public
           subPath: truststoreONAPall.jks
         - mountPath: /data1/local/org.osaaf.location.props
           name: aaf-local
@@ -85,6 +100,8 @@ spec:
           subPath: org.osaaf.aaf.cm.p12
         - mountPath: /data1/backup
           name: aaf-backup
+        - mountPath: /share
+          name: aaf-public
         resources: 
 {{ toYaml .Values.resources | indent 12 }}
       {{- if .Values.nodeSelector }}
@@ -102,9 +119,6 @@ spec:
       - name: aaf-local-secret
         secret:
           secretName: {{ .Release.Name }}-aaf-local-secret
-      - name: aaf-public-secret
-        secret:
-          secretName: {{ .Release.Name }}-aaf-public-secret
       - name: aaf-etc
         configMap:
           name: {{ .Release.Name }}-aaf-etc
@@ -114,9 +128,6 @@ spec:
       - name: aaf-backup
         configMap:
           name: {{ .Release.Name }}-aaf-backup
-      - name: aaf-public
-        configMap:
-          name: {{ .Release.Name }}-aaf-public
       - name: aaf-data
         configMap:
           name: {{ .Release.Name }}-aaf-data
@@ -127,6 +138,8 @@ spec:
       {{- else }}
         emptyDir: {}
       {{- end }}
+      - name: aaf-public
+        emptyDir: {}
       restartPolicy: OnFailure
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/templates/secrets.yaml b/templates/secrets.yaml
index d67601c..fe876e1 100644
--- a/templates/secrets.yaml
+++ b/templates/secrets.yaml
@@ -28,20 +28,3 @@ data:
 {{ (.Files.Glob "resources/config/local/org.osaaf.aaf.keyfile").AsSecrets | indent 2 }}
 {{ (.Files.Glob "resources/config/local/org.osaaf.aaf.cm.p12").AsSecrets | indent 2 }}
 type: Opaque
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ .Release.Name}}-aaf-public-secret
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-data:
-{{ (.Files.Glob "resources/config/public/truststoreONAP.p12").AsSecrets | indent 2 }}
-{{ (.Files.Glob "resources/config/public/AAF_RootCA.cer").AsSecrets | indent 2 }}
-{{ (.Files.Glob "resources/config/public/truststoreONAPall.jks").AsSecrets | indent 2 }}
-type: Opaque
-
author	Mike Elliott <mike.elliott@amdocs.com>	2018-05-08 14:22:13 -0400
committer	Mike Elliott <mike.elliott@amdocs.com>	2018-05-08 16:27:16 -0400
commit	77a201bf8b09dba3ab89cc635ec8fa0efcaa11c4 (patch)
tree	c298ba5c90611350b386036b35cb94e6e84e3789 /templates
parent	92e9569f5fe2885a71c2cf73aa4d597ebfd6d6d3 (diff)