summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAdam Wudzinski <adam.wudzinski@nokia.com>2020-10-28 11:45:20 +0100
committerPawel <pawel.kasperkiewicz@nokia.com>2020-11-26 09:17:47 +0100
commit751f0f12fadbd9d471aa7f0c02a1bfb08636e624 (patch)
tree07b821589512f20191ca522c0edfeb429b739b06
parent6574b647a5838435b3688af82709507deb5724b5 (diff)
[PLATFORM] Add new fake deployment to fix offline certificates generation
Add new fake deployment to CertService, controlled by new global flag global.offlineDeployment, which is disabled as default. Change Makefile to use java image from ONAP Nexus for certificate generation. Signed-off-by: Adam Wudzinski <adam.wudzinski@nokia.com> Issue-ID: OOM-2588 Change-Id: I2f9fe4b626604c5bfd8512449d893015bdc6ca98
-rwxr-xr-xkubernetes/onap/values.yaml5
-rw-r--r--kubernetes/platform/components/oom-cert-service/Makefile11
-rw-r--r--kubernetes/platform/components/oom-cert-service/templates/fake_deployment.yaml31
-rw-r--r--kubernetes/platform/components/oom-cert-service/values.yaml3
4 files changed, 47 insertions, 3 deletions
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 9473a6abcb..5baa804792 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -146,6 +146,11 @@ global:
truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks"
truststorePassword: "secret"
+ # Indicates offline deployment build
+ # Set to true if you are rendering helm charts for offline deployment
+ # Otherwise keep it disabled
+ offlineDeploymentBuild: false
+
# TLS
# Set to false if you want to disable TLS for NodePorts. Be aware that this
# will loosen your security.
diff --git a/kubernetes/platform/components/oom-cert-service/Makefile b/kubernetes/platform/components/oom-cert-service/Makefile
index c4723dfdd1..736a19fbd4 100644
--- a/kubernetes/platform/components/oom-cert-service/Makefile
+++ b/kubernetes/platform/components/oom-cert-service/Makefile
@@ -27,7 +27,12 @@ all: start_docker \
# Starts docker container for generating certificates - deletes first, if already running
start_docker:
@make stop_docker
- docker run -d --rm --name ${DOCKER_CONTAINER} --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/certs -w /certs docker.io/openjdk:11-jre-slim tail -f /dev/null
+ $(eval REPOSITORY := $(shell cat ./values.yaml | grep -i "^[ \t]*repository" -m1 | xargs | cut -d ' ' -f2))
+ $(eval JAVA_IMAGE := $(shell cat ./values.yaml | grep -i "^[ \t]*certificateGenerationImage" -m1 | xargs | cut -d ' ' -f2))
+ $(eval FULL_JAVA_IMAGE := $(REPOSITORY)/$(JAVA_IMAGE))
+ $(eval USERNAME :=$(shell id -u))
+ $(eval GROUP :=$(shell id -g))
+ docker run --rm --name ${DOCKER_CONTAINER} --user "$(USERNAME):$(GROUP)" --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/app -w /app --entrypoint "sh" -td $(FULL_JAVA_IMAGE)
# Stops docker container for generating certificates. 'true' is used to return 0 status code, if container is already deleted
stop_docker:
@@ -89,7 +94,7 @@ client_sign_certificate_by_root:
#Import root certificate into client
client_import_root_certificate:
@echo "Import root certificate into intermediate"
- ${DOCKER_EXEC} bash -c "cat root.crt >> certServiceClientByRoot.crt"
+ ${DOCKER_EXEC} sh -c "cat root.crt >> certServiceClientByRoot.crt"
@echo "####done####"
#Import signed certificate into certService's client
@@ -124,7 +129,7 @@ server_sign_certificate_by_root:
#Import root certificate into server
server_import_root_certificate:
@echo "Import root certificate into intermediate(server)"
- ${DOCKER_EXEC} bash -c "cat root.crt >> certServiceServerByRoot.crt"
+ ${DOCKER_EXEC} sh -c "cat root.crt >> certServiceServerByRoot.crt"
@echo "####done####"
#Import signed certificate into certService
diff --git a/kubernetes/platform/components/oom-cert-service/templates/fake_deployment.yaml b/kubernetes/platform/components/oom-cert-service/templates/fake_deployment.yaml
new file mode 100644
index 0000000000..ba12874eb6
--- /dev/null
+++ b/kubernetes/platform/components/oom-cert-service/templates/fake_deployment.yaml
@@ -0,0 +1,31 @@
+{{/*
+ # Copyright © 2020, Nokia
+ #
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+*/}}
+
+{{- if .Values.global.offlineDeploymentBuild }}
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "common.repository" . }}/{{ .Values.certificateGenerationImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{ end -}}
diff --git a/kubernetes/platform/components/oom-cert-service/values.yaml b/kubernetes/platform/components/oom-cert-service/values.yaml
index 3ab9895037..bcb2544ce5 100644
--- a/kubernetes/platform/components/oom-cert-service/values.yaml
+++ b/kubernetes/platform/components/oom-cert-service/values.yaml
@@ -34,6 +34,7 @@ global:
# Standard OOM
pullPolicy: "Always"
repository: "nexus3.onap.org:10001"
+ offlineDeploymentBuild: false
# Service configuration
@@ -44,6 +45,8 @@ service:
port: 8443
port_protocol: http
+# Certificates generation configuration
+certificateGenerationImage: onap/integration-java11:7.1.0
# Deployment configuration
repository: nexus3.onap.org:10001