diff options
Diffstat (limited to 'helm/ves-client/templates')
| -rw-r--r-- | helm/ves-client/templates/NOTES.txt | 17 | ||||
| -rw-r--r-- | helm/ves-client/templates/_helpers.tpl | 11 | ||||
| -rw-r--r-- | helm/ves-client/templates/certificate.yaml | 41 | ||||
| -rw-r--r-- | helm/ves-client/templates/configmap.yaml | 11 | ||||
| -rw-r--r-- | helm/ves-client/templates/deployment.yaml | 78 | ||||
| -rw-r--r-- | helm/ves-client/templates/secret.yaml | 8 | ||||
| -rw-r--r-- | helm/ves-client/templates/service.yaml | 2 |
7 files changed, 147 insertions, 21 deletions
diff --git a/helm/ves-client/templates/NOTES.txt b/helm/ves-client/templates/NOTES.txt new file mode 100644 index 0000000..d6e6f53 --- /dev/null +++ b/helm/ves-client/templates/NOTES.txt @@ -0,0 +1,17 @@ +Application Configuration + +Basic authentication: +config: + useCerts: false + +Certificate authentication with AAF: +config: + useCerts: true + +certMethod: "aaf" + +Certificate authentication with CMPv2: +config: + useCerts: true + +certMethod: "cmpv2" diff --git a/helm/ves-client/templates/_helpers.tpl b/helm/ves-client/templates/_helpers.tpl index 1d8fd9f..e64ffcf 100644 --- a/helm/ves-client/templates/_helpers.tpl +++ b/helm/ves-client/templates/_helpers.tpl @@ -1,4 +1,3 @@ -{{/* vim: set filetype=mustache: */}} {{/* Expand the name of the chart. */}} @@ -51,3 +50,13 @@ app.kubernetes.io/name: {{ include "ves-client.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} +{{/* +Create the name of the service account to use +*/}} +{{- define "ves-client.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "ves-client.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/ves-client/templates/certificate.yaml b/helm/ves-client/templates/certificate.yaml new file mode 100644 index 0000000..4dc0110 --- /dev/null +++ b/helm/ves-client/templates/certificate.yaml @@ -0,0 +1,41 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +{{- with .Values.certificates }} +metadata: + name: {{ .name }} + namespace: {{ .namespace }} +spec: + secretName: {{ .secretName }} + commonName: {{ .commonName }} + renewBefore: {{ .renewBefore }} + {{- if .duration }} + duration: {{ .duration }} + {{- end }} + subject: + organizations: + - {{ .subject.organization }} + countries: + - {{ .subject.country }} + localities: + - {{ .subject.locality }} + provinces: + - {{ .subject.province }} + organizationalUnits: + - {{ .subject.organizationalUnit }} + issuerRef: + group: {{ .issuerRef.group }} + kind: {{ .issuerRef.kind }} + name: {{ .issuerRef.name }} + {{- if .dnsNames }} + dnsNames: + {{- range $.Values.certificates.dnsNames }} + - {{ . }} + {{- end }} + {{- end }} + {{- if .ipAddresses }} + ipAddresses: + - {{ .ipAddresses }} + {{- end }} + keystores: + {{- toYaml .keystores | nindent 4 }} +{{- end }} diff --git a/helm/ves-client/templates/configmap.yaml b/helm/ves-client/templates/configmap.yaml index 4717c38..59c91c9 100644 --- a/helm/ves-client/templates/configmap.yaml +++ b/helm/ves-client/templates/configmap.yaml @@ -1,11 +1,6 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ .Chart.Name }}-configmap -binaryData: - {{- $files := .Files }} - {{- range $key, $value := .Files }} - {{- if hasPrefix "resources/" $key }} - {{ $key | trimPrefix "resources/" }}: {{ $files.Get $key | b64enc | quote }} - {{- end }} - {{- end }} + name: {{ .Values.configMapName }} +data: +{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }} diff --git a/helm/ves-client/templates/deployment.yaml b/helm/ves-client/templates/deployment.yaml index 6220ced..090cee6 100644 --- a/helm/ves-client/templates/deployment.yaml +++ b/helm/ves-client/templates/deployment.yaml @@ -5,7 +5,9 @@ metadata: labels: {{- include "ves-client.labels" . | nindent 4 }} spec: +{{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} +{{- end }} selector: matchLabels: {{- include "ves-client.selectorLabels" . | nindent 6 }} @@ -24,30 +26,85 @@ spec: {{- end }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} + {{ if eq .Values.certMethod "aaf" }} + - name: {{ include "common.name" . }}-readiness + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: {{ .Values.certInitializer.image }} + imagePullPolicy: {{ .Values.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ .Values.aafVolumeName }} + mountPath: /opt/app/osaaf + {{- end }} containers: - - env: + - env: - name: MONGO_HOSTNAME - value: {{ .Values.config.mongoDbServer | quote }} + value: {{ .Values.config.mongoDbName | quote }} - name: USE_CERTIFICATE_FOR_AUTHORIZATION - value: {{ .Values.config.useCertForAuth | quote }} - name: {{ .Chart.Name }} + value: {{ .Values.config.useCerts | quote }} + - name: STRICT_HOSTNAME_VERIFICATION + value: {{ .Values.config.strictHost | quote }} + name: {{ .Values.configMapName }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - - containerPort: {{ .Values.config.containerPort }} + - containerPort: {{ .Values.service.port }} protocol: TCP + livenessProbe: + httpGet: + path: /simulator/config + port: 5000 + initialDelaySeconds: 10 + periodSeconds: 30 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /simulator/config + port: 5000 + initialDelaySeconds: 60 + periodSeconds: 15 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 resources: {{- toYaml .Values.resources | nindent 12 }} volumeMounts: - - name: store-map - mountPath: {{ .Values.storeMap.directory }} + - name: templates + mountPath: {{ .Values.templatesDir }} + {{ if eq .Values.certMethod "cmpv2" }} + - name: certstore + mountPath: {{ .Values.certsDir }} + {{- end }} + {{ if eq .Values.certMethod "aaf" }} + - name: {{ .Values.aafVolumeName }} + mountPath: /app/store + {{- end }} + volumes: - - name: store-map + - name: templates configMap: - name: {{ .Chart.Name }}-configmap + name: {{ .Values.configMapName }} defaultMode: 0755 + {{ if eq .Values.certMethod "cmpv2" }} + - name: certstore + secret: + secretName: {{.Values.certificates.secretName}} + defaultMode: 0400 + {{- end }} + {{ if eq .Values.certMethod "aaf" }} + {{ include "common.certInitializer.volumes" . | nindent 8 }} + - name: {{ .Values.aafVolumeName }} + emptyDir: {} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -60,4 +117,3 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} - diff --git a/helm/ves-client/templates/secret.yaml b/helm/ves-client/templates/secret.yaml new file mode 100644 index 0000000..dd3cf87 --- /dev/null +++ b/helm/ves-client/templates/secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.secretName }} +data: + p12.pass: MjNlOTE3NzVjOTE4ZTRmNjY4ZTFhYzgyZDY5ZjExYWU0ZWU0ZGM2MTM3YzUwMzZkZjE3MmEyODJhYTA5 +type: Opaque + diff --git a/helm/ves-client/templates/service.yaml b/helm/ves-client/templates/service.yaml index ad67f9b..3e23296 100644 --- a/helm/ves-client/templates/service.yaml +++ b/helm/ves-client/templates/service.yaml @@ -10,6 +10,6 @@ spec: - port: {{ .Values.service.port }} targetPort: {{ .Values.service.port }} protocol: TCP - name: {{ .Values.service.port | quote }} + name: {{ .Values.service.name }} selector: {{- include "ves-client.selectorLabels" . | nindent 4 }} |