diff options
| author |   Krzysztof Opasiak <k.opasiak@samsung.com> | 2020-10-20 23:17:17 +0200 |
|---|---|---|
| committer | Krzysztof Opasiak <k.opasiak@samsung.com> | 2020-10-20 23:17:17 +0200 |
| commit | 599764901bdf353c358be66fca47a41f3382b56e (patch) | |
| tree | 55a5cd9ab8568206e3aa33a1bfee361fb3a436c1 | |
| parent | 75f18758d0cc3e14ec5dd4fd61ee9a46a838a272 (diff) | |
[COMMON] Move onap truststore to cert-wrapper
certInitializer is included multiple times in number of different
projects. If it contains the truststore then under if it is not used
it increases the size of the chart itself so that it our final ONAP
chart does not fit into default 20 Mb chartmuseum limit.
Let's resolve this by moving the configmap and its content to the
cert-wrapper which is included only once per onap instance.
Issue-ID: AAF-1134
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I654d9158e7b776c012653dbef2c8091a393635f0
| -rwxr-xr-x | kubernetes/common/cert-wrapper/resources/import-custom-certs.sh (renamed from kubernetes/common/certInitializer/resources/import-custom-certs.sh) | 0 | ||||
| -rw-r--r-- | kubernetes/common/cert-wrapper/resources/truststoreONAP.p12.b64 (renamed from kubernetes/common/certInitializer/resources/truststoreONAP.p12.b64) | 0 | ||||
| -rw-r--r-- | kubernetes/common/cert-wrapper/resources/truststoreONAPall.jks.b64 (renamed from kubernetes/common/certInitializer/resources/truststoreONAPall.jks.b64) | 0 | ||||
| -rw-r--r-- | kubernetes/common/cert-wrapper/templates/configmap.yaml | 22 | ||||
| -rw-r--r-- | kubernetes/common/certInitializer/templates/configmap.yaml | 9 | ||||
| -rw-r--r-- | kubernetes/common/certInitializer/values.yaml | 7 |
6 files changed, 27 insertions, 11 deletions
diff --git a/kubernetes/common/certInitializer/resources/import-custom-certs.sh b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh index dd311830e7..dd311830e7 100755 --- a/kubernetes/common/certInitializer/resources/import-custom-certs.sh +++ b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh diff --git a/kubernetes/common/certInitializer/resources/truststoreONAP.p12.b64 b/kubernetes/common/cert-wrapper/resources/truststoreONAP.p12.b64 index 71b6782c58..71b6782c58 100644 --- a/kubernetes/common/certInitializer/resources/truststoreONAP.p12.b64 +++ b/kubernetes/common/cert-wrapper/resources/truststoreONAP.p12.b64 diff --git a/kubernetes/common/certInitializer/resources/truststoreONAPall.jks.b64 b/kubernetes/common/cert-wrapper/resources/truststoreONAPall.jks.b64 index 17b051268f..17b051268f 100644 --- a/kubernetes/common/certInitializer/resources/truststoreONAPall.jks.b64 +++ b/kubernetes/common/cert-wrapper/resources/truststoreONAPall.jks.b64 diff --git a/kubernetes/common/cert-wrapper/templates/configmap.yaml b/kubernetes/common/cert-wrapper/templates/configmap.yaml new file mode 100644 index 0000000000..117a4ab718 --- /dev/null +++ b/kubernetes/common/cert-wrapper/templates/configmap.yaml @@ -0,0 +1,22 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +{{- $suffix := "certs" }} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . ) | nindent 2 }} +data: +{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }} diff --git a/kubernetes/common/certInitializer/templates/configmap.yaml b/kubernetes/common/certInitializer/templates/configmap.yaml index 69d74e1ca7..7abbf9c7d8 100644 --- a/kubernetes/common/certInitializer/templates/configmap.yaml +++ b/kubernetes/common/certInitializer/templates/configmap.yaml @@ -23,12 +23,3 @@ data: aaf-add-config.sh: | {{ tpl .Values.aaf_add_config . | indent 4 }} {{- end }} -{{- if .Values.createCertsCM }} ---- -apiVersion: v1 -kind: ConfigMap -{{- $suffix := "certs" }} -metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . ) | nindent 2 }} -data: -{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }} -{{- end -}} diff --git a/kubernetes/common/certInitializer/values.yaml b/kubernetes/common/certInitializer/values.yaml index 00e74c46d6..66251fa29a 100644 --- a/kubernetes/common/certInitializer/values.yaml +++ b/kubernetes/common/certInitializer/values.yaml @@ -57,5 +57,8 @@ truststoreMountpath: "" truststoreOutputFileName: truststore.jks truststorePassword: changeit -createCertsCM: false -certsCMName: '{{ include "common.release" . }}-cert-initializer-certs' +# This introduces implicit dependency on cert-wrapper +# if you are using cert initializer cert-wrapper has to be also deployed. +# We had to move this CM to a separate chart to reduce the total size of our charts +# as it exceeds the default helm limits. +certsCMName: '{{ include "common.release" . }}-cert-wrapper-certs' |