diff options
Diffstat (limited to 'k8s/README.md')
| -rw-r--r-- | k8s/README.md | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/k8s/README.md b/k8s/README.md index 3fdbf1a..21e7564 100644 --- a/k8s/README.md +++ b/k8s/README.md @@ -19,6 +19,8 @@ creates the following Kubernetes entities: - If the blueprint specifies that the component uses TLS (HTTPS) via the `tls_info` property, the `Deployment` includes an init container, a volume that holds TLS certificate artifacts, and volume mounts on the init container and the component's container. The init container populates the TLS certificate artifacts volume with certificates, keys, keystores, etc. + - If the blueprint specifies that the component uses external TLS via the `external_cert` property, the `Deployment` includes an additional init container + and the component's container. The init container populates the external TLS certificate artifacts in mounted volume. The container requires CMPv2 CertService to work properly. - If the blueprint indicates that the component exposes any ports, the plugin will create a Kubernetes `Service` that allocates an address in the Kubernetes network address space that will route traffic to a container that's running the component. This `Service` provides a fixed "virtual IP" for the component. @@ -56,6 +58,15 @@ The configuration is provided as JSON object with the following properties: - `tls`: object containing configuration for setting up TLS init container - `cert_path`: mount point for the TLS certificate artifact volume in the init container - `image`: Docker image to use for the TLS init container + - `external_cert`: object containing configuration for setting up external TLS init container + - `image_tag`: CertService client image name and version + - `request_url`: URL to Cert Service API + - `timeout`: Request timeout + - `country`: Country name in ISO 3166-1 alpha-2 format, for which certificate will be created + - `organization`: Organization name, for which certificate will be created + - `state`: State name, for which certificate will be created + - `organizational_unit`: Organizational unit name, for which certificate will be created + - `location`: Location name, for which certificate will be created #### Kubernetes access information @@ -297,4 +308,4 @@ node_ids: ``` Note that the `node_ids` list is required by the `execute_operation` workflow. The list contains all of the nodes that are being targeted by the workflow. For an `update_image` operation, the list typically has only one element. -Note also that the `update_image` operation targets the container running the application code (i.e., the container running the image specified in the `image` node property). This plugin may deploy "sidecar" containers running supporting code--for example, the "filebeat" container that relays logs to the central log server. The `update_image` operation does not touch any "sidecar" containers.
\ No newline at end of file +Note also that the `update_image` operation targets the container running the application code (i.e., the container running the image specified in the `image` node property). This plugin may deploy "sidecar" containers running supporting code--for example, the "filebeat" container that relays logs to the central log server. The `update_image` operation does not touch any "sidecar" containers. |