aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRahul Tyagi <rahul.tyagi@ericsson.com>2019-03-02 06:15:35 +0000
committerRahul Tyagi <rahul.tyagi@ericsson.com>2019-03-12 14:02:36 +0000
commit44cc1ac1943c68174efb44e4b60fb9c8fbe33903 (patch)
treef241341b0dd1805d2be896385f652db9ac4e45b6
parentc4b0b79045a56050f2ed0eee8f13237a90815c3c (diff)
SDNC-660: Helm integration for Netconf over TLS
This commit introduces a persistent volume for "NETCONF over TLS" usecase in SDNC, so that certificates can be fetched from persistence at deployment time of SDNC/ODL. This functionality can be enbaled/disabled using flag oom/kubernetes/sdnc/values.yaml values.certpersistence.enabled true/false. By default this is enabled (.i.e. true). Mounted paths are Host path : /dockerdata-nfs/sdnc/certs Container path : /opt/opendaylight/current/certs Issue-ID: SDNC-660 Change-Id: Iab2ecdfcb890b6dc779de12655f0fb7bd869fb0f Signed-off-by: Rahul Tyagi <rahul.tyagi@ericsson.com>
-rw-r--r--kubernetes/sdnc/templates/pv.yaml32
-rw-r--r--kubernetes/sdnc/templates/pvc.yaml32
-rw-r--r--kubernetes/sdnc/templates/statefulset.yaml11
-rw-r--r--kubernetes/sdnc/values.yaml16
4 files changed, 90 insertions, 1 deletions
diff --git a/kubernetes/sdnc/templates/pv.yaml b/kubernetes/sdnc/templates/pv.yaml
index f10d67ad68..5a6566a80b 100644
--- a/kubernetes/sdnc/templates/pv.yaml
+++ b/kubernetes/sdnc/templates/pv.yaml
@@ -82,3 +82,35 @@ spec:
path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}2
{{ end }}
{{- end -}}
+{{ if .Values.certpersistence.enabled }}
+---
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}-pv-certs
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}-pv-certs
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+ name: {{ include "common.fullname" . }}-certs
+spec:
+ capacity:
+ storage: {{ .Values.certpersistence.size }}
+ accessModes:
+ - {{ .Values.certpersistence.accessMode }}
+{{- if .Values.certpersistence.storageClass }}
+{{- if (eq "-" .Values.certpersistence.storageClass) }}
+ storageClassName: ""
+{{- else }}
+ storageClassName: "{{ .Values.certpersistence.storageClass }}"
+{{- end }}
+{{- end }}
+ persistentVolumeReclaimPolicy: {{ .Values.certpersistence.volumeReclaimPolicy }}
+ hostPath:
+ path: {{ .Values.global.persistence.mountPath | default .Values.certpersistence.mountPath }}/{{ .Values.certpersistence.mountSubPath }}
+{{ end }}
+
+
+
diff --git a/kubernetes/sdnc/templates/pvc.yaml b/kubernetes/sdnc/templates/pvc.yaml
new file mode 100644
index 0000000000..aa9515b6b5
--- /dev/null
+++ b/kubernetes/sdnc/templates/pvc.yaml
@@ -0,0 +1,32 @@
+{{- if and .Values.certpersistence.enabled (not .Values.certpersistence.existingClaim) -}}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" .}}-pvc-certs
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}-pvc-certs
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+{{- if .Values.certpersistence.annotations }}
+ annotations:
+{{ toYaml .Values.certpersistence.annotations | indent 4 }}
+{{- end }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}-pv-certs
+ accessModes:
+ - {{ .Values.certpersistence.accessMode }}
+ resources:
+ requests:
+ storage: {{ .Values.certpersistence.size }}
+{{- if .Values.certpersistence.storageClass }}
+{{- if (eq "-" .Values.certpersistence.storageClass) }}
+ storageClassName: ""
+{{- else }}
+ storageClassName: "{{ .Values.certpersistence.storageClass }}"
+{{- end }}
+{{- end }}
+{{- end -}} \ No newline at end of file
diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml
index 70713cc311..24ca832d24 100644
--- a/kubernetes/sdnc/templates/statefulset.yaml
+++ b/kubernetes/sdnc/templates/statefulset.yaml
@@ -135,6 +135,8 @@ spec:
name: {{ include "common.fullname" . }}-mdsal
- mountPath: /var/log/onap
name: logs
+ - mountPath: {{ .Values.certpersistence.certPath }}
+ name: {{ include "common.fullname" . }}-certs
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -182,6 +184,13 @@ spec:
configMap:
name: {{ include "common.fullname" . }}-properties
defaultMode: 0644
+ - name: {{ include "common.fullname" . }}-certs
+ {{ if .Values.certpersistence.enabled }}
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}-pvc-certs
+ {{ else }}
+ emptyDir: {}
+ {{ end }}
{{ if not .Values.persistence.enabled }}
- name: {{ include "common.fullname" . }}-mdsal
emptyDir: {}
@@ -200,4 +209,4 @@ spec:
selector:
matchLabels:
name: {{ include "common.fullname" . }}
- {{ end }}
+ {{ end }} \ No newline at end of file
diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index 7faba15a57..95bc31a96b 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -198,6 +198,22 @@ persistence:
mountSubPath: sdnc/mdsal
mdsalPath: /opt/opendaylight/current/daexim
+certpersistence:
+ enabled: true
+
+ ## A manually managed Persistent Volume and Claim
+ ## Requires persistence.enabled: true
+ ## If defined, PVC must be created manually before volume will be bound
+ # existingClaim:
+
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteOnce
+ size: 50Mi
+ mountPath: /dockerdata-nfs
+ mountSubPath: sdnc/certs
+ certPath: /opt/opendaylight/current/certs
+ ##storageClass: "manual"
+
ingress:
enabled: false