aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKrzysztof Opasiak <k.opasiak@samsung.com>2020-10-21 18:24:50 +0000
committerGerrit Code Review <gerrit@onap.org>2020-10-21 18:24:50 +0000
commitaea88e49e5b3b8205b957dd089282d4f789dc53e (patch)
treee97cde6f79668bd476f4f5af7d5d4ef6eeaf63e7
parent65c2c270679f5ebb1cff99a3061fbf58b62a7623 (diff)
parent75f18758d0cc3e14ec5dd4fd61ee9a46a838a272 (diff)
Merge "[COMMON] Make certInitializer share truststore among instances"
-rw-r--r--kubernetes/common/Makefile6
-rw-r--r--kubernetes/common/cert-wrapper/Chart.yaml18
-rw-r--r--kubernetes/common/cert-wrapper/requirements.yaml18
-rw-r--r--kubernetes/common/cert-wrapper/values.yaml17
-rw-r--r--kubernetes/common/certInitializer/templates/_certInitializer.yaml2
-rw-r--r--kubernetes/common/certInitializer/templates/configmap.yaml2
-rw-r--r--kubernetes/common/certInitializer/values.yaml3
-rwxr-xr-xkubernetes/onap/requirements.yaml4
-rwxr-xr-xkubernetes/onap/values.yaml3
9 files changed, 70 insertions, 3 deletions
diff --git a/kubernetes/common/Makefile b/kubernetes/common/Makefile
index 58125f8506..817a2e24bc 100644
--- a/kubernetes/common/Makefile
+++ b/kubernetes/common/Makefile
@@ -20,12 +20,14 @@ SECRET_DIR := $(OUTPUT_DIR)/secrets
COMMON_CHARTS_DIR := common
EXCLUDES :=
+PROCESSED_LAST := cert-wrapper
+TO_FILTER := $(EXCLUDES) $(PROCESSED_LAST)
HELM_BIN := helm
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_CHARTS := $(filter-out $(TO_FILTER), $(sort $(patsubst %/.,%,$(wildcard */.)))) $(PROCESSED_LAST)
HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
-.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+.PHONY: $(HELM_CHARTS) $(TO_FILTER)
all: $(COMMON_CHARTS_DIR) $(HELM_CHARTS)
diff --git a/kubernetes/common/cert-wrapper/Chart.yaml b/kubernetes/common/cert-wrapper/Chart.yaml
new file mode 100644
index 0000000000..68d5400743
--- /dev/null
+++ b/kubernetes/common/cert-wrapper/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: Wrapper chart to allow truststore to be shared among cert-initializer instances
+name: cert-wrapper
+version: 6.0.0
diff --git a/kubernetes/common/cert-wrapper/requirements.yaml b/kubernetes/common/cert-wrapper/requirements.yaml
new file mode 100644
index 0000000000..b6a667e448
--- /dev/null
+++ b/kubernetes/common/cert-wrapper/requirements.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: certInitializer
+ version: ~6.x-0
+ repository: 'file://../certInitializer'
diff --git a/kubernetes/common/cert-wrapper/values.yaml b/kubernetes/common/cert-wrapper/values.yaml
new file mode 100644
index 0000000000..fcece0e3f5
--- /dev/null
+++ b/kubernetes/common/cert-wrapper/values.yaml
@@ -0,0 +1,17 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+certInitializer:
+ nameOverride: cert-initializer
+ createCertsCM: true
diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
index 6734e0be81..800364f1a2 100644
--- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml
+++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
@@ -172,7 +172,7 @@
medium: Memory
- name: aaf-agent-certs
configMap:
- name: {{ include "common.fullname" $subchartDot }}-certs
+ name: {{ tpl $subchartDot.Values.certsCMName $subchartDot }}
defaultMode: 0700
{{- if $initRoot.aaf_add_config }}
diff --git a/kubernetes/common/certInitializer/templates/configmap.yaml b/kubernetes/common/certInitializer/templates/configmap.yaml
index a89a33152b..69d74e1ca7 100644
--- a/kubernetes/common/certInitializer/templates/configmap.yaml
+++ b/kubernetes/common/certInitializer/templates/configmap.yaml
@@ -23,6 +23,7 @@ data:
aaf-add-config.sh: |
{{ tpl .Values.aaf_add_config . | indent 4 }}
{{- end }}
+{{- if .Values.createCertsCM }}
---
apiVersion: v1
kind: ConfigMap
@@ -30,3 +31,4 @@ kind: ConfigMap
metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . ) | nindent 2 }}
data:
{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }}
+{{- end -}}
diff --git a/kubernetes/common/certInitializer/values.yaml b/kubernetes/common/certInitializer/values.yaml
index 642fe7799b..00e74c46d6 100644
--- a/kubernetes/common/certInitializer/values.yaml
+++ b/kubernetes/common/certInitializer/values.yaml
@@ -56,3 +56,6 @@ importCustomCertsEnabled: false
truststoreMountpath: ""
truststoreOutputFileName: truststore.jks
truststorePassword: changeit
+
+createCertsCM: false
+certsCMName: '{{ include "common.release" . }}-cert-initializer-certs'
diff --git a/kubernetes/onap/requirements.yaml b/kubernetes/onap/requirements.yaml
index 9143c1feff..7110117442 100755
--- a/kubernetes/onap/requirements.yaml
+++ b/kubernetes/onap/requirements.yaml
@@ -162,3 +162,7 @@ dependencies:
version: ~6.x-0
repository: '@local'
condition: a1policymanagement.enabled
+ - name: cert-wrapper
+ version: ~6.x-0
+ repository: '@local'
+ condition: cert-wrapper.enabled
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 3413c3840e..2791f0fab0 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -313,3 +313,6 @@ platform:
enabled: false
a1policymanagement:
enabled: false
+
+cert-wrapper:
+ enabled: true