aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAdam Wudzinski <adam.wudzinski@nokia.com>2020-10-28 11:45:20 +0100
committerPawel <pawel.kasperkiewicz@nokia.com>2020-11-23 14:12:30 +0100
commit11eafc54cb946d13c663d55449dcd033db387d89 (patch)
tree395a163c7d1143165361199a8ba076baec8c89fe
parentf0dacd23777a7998915afe00150b25135b932f86 (diff)
[PLATFORM] Add new fake deployment to fix offline certificates generation
Add new fake deployment to CertService, controlled by new global flag global.offlineDeployment, which is disabled as default. Change Makefile to use java image from ONAP Nexus for certificate generation. Signed-off-by: Adam Wudzinski <adam.wudzinski@nokia.com> Issue-ID: OOM-2588 Change-Id: I2f9fe4b626604c5bfd8512449d893015bdc6ca98
-rwxr-xr-xkubernetes/onap/values.yaml5
-rw-r--r--kubernetes/platform/components/oom-cert-service/Makefile11
-rw-r--r--kubernetes/platform/components/oom-cert-service/templates/fake_deployment.yaml31
-rw-r--r--kubernetes/platform/components/oom-cert-service/values.yaml5
4 files changed, 49 insertions, 3 deletions
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 5e5e249f71..3c8b1e9d90 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -185,6 +185,11 @@ global:
truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks"
truststorePassword: "secret"
+ # Indicates offline deployment build
+ # Set to true if you are rendering helm charts for offline deployment
+ # Otherwise keep it disabled
+ offlineDeploymentBuild: false
+
# TLS
# Set to false if you want to disable TLS for NodePorts. Be aware that this
# will loosen your security.
diff --git a/kubernetes/platform/components/oom-cert-service/Makefile b/kubernetes/platform/components/oom-cert-service/Makefile
index c4723dfdd1..c15fdc7a51 100644
--- a/kubernetes/platform/components/oom-cert-service/Makefile
+++ b/kubernetes/platform/components/oom-cert-service/Makefile
@@ -27,7 +27,12 @@ all: start_docker \
# Starts docker container for generating certificates - deletes first, if already running
start_docker:
@make stop_docker
- docker run -d --rm --name ${DOCKER_CONTAINER} --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/certs -w /certs docker.io/openjdk:11-jre-slim tail -f /dev/null
+ $(eval REPOSITORY := $(shell cat ./values.yaml | grep -i "^[ \t]*repository" -m1 | xargs | cut -d ' ' -f2))
+ $(eval JAVA_IMAGE := $(shell cat ./values.yaml | grep -i "^[ \t]*certificateGenerationImage" -m1 | xargs | cut -d ' ' -f2))
+ $(eval FULL_JAVA_IMAGE := $(REPOSITORY)/$(JAVA_IMAGE))
+ $(eval USER :=$(shell id -u))
+ $(eval GROUP :=$(shell id -g))
+ docker run --rm --name ${DOCKER_CONTAINER} --user "$(USER):$(GROUP)" --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/app -w /app --entrypoint "sh" -td $(FULL_JAVA_IMAGE)
# Stops docker container for generating certificates. 'true' is used to return 0 status code, if container is already deleted
stop_docker:
@@ -89,7 +94,7 @@ client_sign_certificate_by_root:
#Import root certificate into client
client_import_root_certificate:
@echo "Import root certificate into intermediate"
- ${DOCKER_EXEC} bash -c "cat root.crt >> certServiceClientByRoot.crt"
+ ${DOCKER_EXEC} sh -c "cat root.crt >> certServiceClientByRoot.crt"
@echo "####done####"
#Import signed certificate into certService's client
@@ -124,7 +129,7 @@ server_sign_certificate_by_root:
#Import root certificate into server
server_import_root_certificate:
@echo "Import root certificate into intermediate(server)"
- ${DOCKER_EXEC} bash -c "cat root.crt >> certServiceServerByRoot.crt"
+ ${DOCKER_EXEC} sh -c "cat root.crt >> certServiceServerByRoot.crt"
@echo "####done####"
#Import signed certificate into certService
diff --git a/kubernetes/platform/components/oom-cert-service/templates/fake_deployment.yaml b/kubernetes/platform/components/oom-cert-service/templates/fake_deployment.yaml
new file mode 100644
index 0000000000..1d1224afa4
--- /dev/null
+++ b/kubernetes/platform/components/oom-cert-service/templates/fake_deployment.yaml
@@ -0,0 +1,31 @@
+{{/*
+ # Copyright © 2020, Nokia
+ #
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+*/}}
+
+{{- if .Values.global.offlineDeploymentBuild }}
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "common.repository" . }}/{{ .Values.certifcateGenerationImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{ end -}}
diff --git a/kubernetes/platform/components/oom-cert-service/values.yaml b/kubernetes/platform/components/oom-cert-service/values.yaml
index d4586a1d4b..ee51ec7a7d 100644
--- a/kubernetes/platform/components/oom-cert-service/values.yaml
+++ b/kubernetes/platform/components/oom-cert-service/values.yaml
@@ -21,6 +21,8 @@ global:
enabled: true
# Standard OOM
pullPolicy: "Always"
+ repository: "nexus3.onap.org:10001"
+ offlineDeploymentBuild: false
# Service configuration
@@ -31,8 +33,11 @@ service:
port: 8443
port_protocol: http
+# Certificates generation configuration
+certificateGenerationImage: onap/integration-java11:7.1.0
# Deployment configuration
+repository: "nexus3.onap.org:10001"
image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.1.0
pullPolicy: Always
replicaCount: 1