diff options
author | Mike Elliott <mike.elliott@amdocs.com> | 2018-05-08 14:22:13 -0400 |
---|---|---|
committer | Mike Elliott <mike.elliott@amdocs.com> | 2018-05-08 16:27:16 -0400 |
commit | b35b5804c30e5592eef1e46afc6d06d27719a756 (patch) | |
tree | 649ec51e8c3a63e5271bea47030961cfec096467 /kubernetes/aaf/templates | |
parent | dd56858b505f0a8d35168ed423f7533fbfc6597d (diff) |
Remove AAF truststore files from configmap
Moved security-related files from the configmap to an
init container, to dramatically reduce the overall size
of the ONAP deployment configmap.
Change-Id: I5e1c176f14d2e010c69e6c1e86c487583ed18f59
Issue-ID: OOM-1061
Signed-off-by: Mike Elliott <mike.elliott@amdocs.com>
Diffstat (limited to 'kubernetes/aaf/templates')
-rw-r--r-- | kubernetes/aaf/templates/configmap.yaml | 8 | ||||
-rw-r--r-- | kubernetes/aaf/templates/job.yaml | 31 | ||||
-rw-r--r-- | kubernetes/aaf/templates/secrets.yaml | 17 |
3 files changed, 22 insertions, 34 deletions
diff --git a/kubernetes/aaf/templates/configmap.yaml b/kubernetes/aaf/templates/configmap.yaml index cfa57f7d99..9d21e057d6 100644 --- a/kubernetes/aaf/templates/configmap.yaml +++ b/kubernetes/aaf/templates/configmap.yaml @@ -23,14 +23,6 @@ data: apiVersion: v1 kind: ConfigMap metadata: - name: {{ .Release.Name }}-aaf-public - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/public/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: name: {{ .Release.Name }}-aaf-local namespace: {{ include "common.namespace" . }} data: diff --git a/kubernetes/aaf/templates/job.yaml b/kubernetes/aaf/templates/job.yaml index 7ce871e54a..85c09402a2 100644 --- a/kubernetes/aaf/templates/job.yaml +++ b/kubernetes/aaf/templates/job.yaml @@ -29,6 +29,21 @@ spec: app: aaf-init-job release: {{ .Release.Name }} spec: + initContainers: + - name: {{ include "common.name" . }}-inject-config + command: + - /bin/bash + - -c + - > + git clone -b {{ .Values.config.gerritBranch }} --single-branch {{ .Values.config.gerritProject }} /tmp/gerrit; + echo "Clone complete. Copying from /tmp/gerrit/ to /public"; + cp -rf /tmp/gerrit/auth/sample/public/* /public; + echo "Done."; + image: "{{ .Values.global.ubuntuInitRepository }}/{{ .Values.global.ubuntuInitImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: aaf-public + mountPath: "/public" containers: - command: ["/bin/bash","-c","if [ ! -d /data/backup ]; then mkdir /data/data && cp -Ra /data1/data/..data/* /data/data/ && mkdir /data/etc && cp -Ra /data1/etc/..data/* data/etc/ && mkdir /data/backup && cp -Ra /data1/backup/..data/* /data/backup/ && cp -Ra /data1/public /data/ && cp -Ra /data1/local /data && mkdir -p /data/logs/oauth && mkdir -p /data/logs/hello && mkdir -p /data/logs/fs && mkdir -p /data/logs/gui && mkdir -p /data/logs/locate && mkdir -p /data/logs/cm && mkdir -p /data/logs/service; fi; exit 0"] image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" @@ -51,13 +66,13 @@ spec: name: aaf-public subPath: aaf_2_0.xsd - mountPath: /data1/public/truststoreONAP.p12 - name: aaf-public-secret + name: aaf-public subPath: truststoreONAP.p12 - mountPath: /data1/public/AAF_RootCA.cer - name: aaf-public-secret + name: aaf-public subPath: AAF_RootCA.cer - mountPath: /data1/public/truststoreONAPall.jks - name: aaf-public-secret + name: aaf-public subPath: truststoreONAPall.jks - mountPath: /data1/local/org.osaaf.location.props name: aaf-local @@ -85,6 +100,8 @@ spec: subPath: org.osaaf.aaf.cm.p12 - mountPath: /data1/backup name: aaf-backup + - mountPath: /share + name: aaf-public resources: {{ toYaml .Values.resources | indent 12 }} {{- if .Values.nodeSelector }} @@ -102,9 +119,6 @@ spec: - name: aaf-local-secret secret: secretName: {{ .Release.Name }}-aaf-local-secret - - name: aaf-public-secret - secret: - secretName: {{ .Release.Name }}-aaf-public-secret - name: aaf-etc configMap: name: {{ .Release.Name }}-aaf-etc @@ -114,9 +128,6 @@ spec: - name: aaf-backup configMap: name: {{ .Release.Name }}-aaf-backup - - name: aaf-public - configMap: - name: {{ .Release.Name }}-aaf-public - name: aaf-data configMap: name: {{ .Release.Name }}-aaf-data @@ -127,6 +138,8 @@ spec: {{- else }} emptyDir: {} {{- end }} + - name: aaf-public + emptyDir: {} restartPolicy: OnFailure imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/templates/secrets.yaml b/kubernetes/aaf/templates/secrets.yaml index d67601ca65..fe876e1c6c 100644 --- a/kubernetes/aaf/templates/secrets.yaml +++ b/kubernetes/aaf/templates/secrets.yaml @@ -28,20 +28,3 @@ data: {{ (.Files.Glob "resources/config/local/org.osaaf.aaf.keyfile").AsSecrets | indent 2 }} {{ (.Files.Glob "resources/config/local/org.osaaf.aaf.cm.p12").AsSecrets | indent 2 }} type: Opaque ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Release.Name}}-aaf-public-secret - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: -{{ (.Files.Glob "resources/config/public/truststoreONAP.p12").AsSecrets | indent 2 }} -{{ (.Files.Glob "resources/config/public/AAF_RootCA.cer").AsSecrets | indent 2 }} -{{ (.Files.Glob "resources/config/public/truststoreONAPall.jks").AsSecrets | indent 2 }} -type: Opaque - |