aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKrzysztof Opasiak <k.opasiak@samsung.com>2020-10-20 23:17:17 +0200
committerKrzysztof Opasiak <k.opasiak@samsung.com>2020-10-20 23:17:17 +0200
commit599764901bdf353c358be66fca47a41f3382b56e (patch)
tree55a5cd9ab8568206e3aa33a1bfee361fb3a436c1
parent75f18758d0cc3e14ec5dd4fd61ee9a46a838a272 (diff)
[COMMON] Move onap truststore to cert-wrapper
certInitializer is included multiple times in number of different projects. If it contains the truststore then under if it is not used it increases the size of the chart itself so that it our final ONAP chart does not fit into default 20 Mb chartmuseum limit. Let's resolve this by moving the configmap and its content to the cert-wrapper which is included only once per onap instance. Issue-ID: AAF-1134 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I654d9158e7b776c012653dbef2c8091a393635f0
-rwxr-xr-xkubernetes/common/cert-wrapper/resources/import-custom-certs.sh (renamed from kubernetes/common/certInitializer/resources/import-custom-certs.sh)0
-rw-r--r--kubernetes/common/cert-wrapper/resources/truststoreONAP.p12.b64 (renamed from kubernetes/common/certInitializer/resources/truststoreONAP.p12.b64)0
-rw-r--r--kubernetes/common/cert-wrapper/resources/truststoreONAPall.jks.b64 (renamed from kubernetes/common/certInitializer/resources/truststoreONAPall.jks.b64)0
-rw-r--r--kubernetes/common/cert-wrapper/templates/configmap.yaml22
-rw-r--r--kubernetes/common/certInitializer/templates/configmap.yaml9
-rw-r--r--kubernetes/common/certInitializer/values.yaml7
6 files changed, 27 insertions, 11 deletions
diff --git a/kubernetes/common/certInitializer/resources/import-custom-certs.sh b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh
index dd311830e7..dd311830e7 100755
--- a/kubernetes/common/certInitializer/resources/import-custom-certs.sh
+++ b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh
diff --git a/kubernetes/common/certInitializer/resources/truststoreONAP.p12.b64 b/kubernetes/common/cert-wrapper/resources/truststoreONAP.p12.b64
index 71b6782c58..71b6782c58 100644
--- a/kubernetes/common/certInitializer/resources/truststoreONAP.p12.b64
+++ b/kubernetes/common/cert-wrapper/resources/truststoreONAP.p12.b64
diff --git a/kubernetes/common/certInitializer/resources/truststoreONAPall.jks.b64 b/kubernetes/common/cert-wrapper/resources/truststoreONAPall.jks.b64
index 17b051268f..17b051268f 100644
--- a/kubernetes/common/certInitializer/resources/truststoreONAPall.jks.b64
+++ b/kubernetes/common/cert-wrapper/resources/truststoreONAPall.jks.b64
diff --git a/kubernetes/common/cert-wrapper/templates/configmap.yaml b/kubernetes/common/cert-wrapper/templates/configmap.yaml
new file mode 100644
index 0000000000..117a4ab718
--- /dev/null
+++ b/kubernetes/common/cert-wrapper/templates/configmap.yaml
@@ -0,0 +1,22 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+{{- $suffix := "certs" }}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . ) | nindent 2 }}
+data:
+{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/common/certInitializer/templates/configmap.yaml b/kubernetes/common/certInitializer/templates/configmap.yaml
index 69d74e1ca7..7abbf9c7d8 100644
--- a/kubernetes/common/certInitializer/templates/configmap.yaml
+++ b/kubernetes/common/certInitializer/templates/configmap.yaml
@@ -23,12 +23,3 @@ data:
aaf-add-config.sh: |
{{ tpl .Values.aaf_add_config . | indent 4 }}
{{- end }}
-{{- if .Values.createCertsCM }}
----
-apiVersion: v1
-kind: ConfigMap
-{{- $suffix := "certs" }}
-metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . ) | nindent 2 }}
-data:
-{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }}
-{{- end -}}
diff --git a/kubernetes/common/certInitializer/values.yaml b/kubernetes/common/certInitializer/values.yaml
index 00e74c46d6..66251fa29a 100644
--- a/kubernetes/common/certInitializer/values.yaml
+++ b/kubernetes/common/certInitializer/values.yaml
@@ -57,5 +57,8 @@ truststoreMountpath: ""
truststoreOutputFileName: truststore.jks
truststorePassword: changeit
-createCertsCM: false
-certsCMName: '{{ include "common.release" . }}-cert-initializer-certs'
+# This introduces implicit dependency on cert-wrapper
+# if you are using cert initializer cert-wrapper has to be also deployed.
+# We had to move this CM to a separate chart to reduce the total size of our charts
+# as it exceeds the default helm limits.
+certsCMName: '{{ include "common.release" . }}-cert-wrapper-certs'