[COMMON][CERTS] Allow to provide custom certs easily

Instead of mandating to provide custom certificates before creation of
helm packages, let's propose to include certificates from a known
secret or configmap.
The current implementation will first search for secret and if not
provided will look for configmap.

Issue-ID: OOM-2731
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: If2f90adc18efe59c0516db9409964a236bd17a66

1 files changed, 17 insertions, 0 deletions

diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
index 414192e2bc..3b165a4c20 100644
--- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml
+++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
@@ -137,6 +137,8 @@
   volumeMounts:
     - mountPath: /certs
       name: aaf-agent-certs
+    - mountPath: /more_certs
+      name: provided-custom-certs
     - mountPath: /root/import-custom-certs.sh
       name: aaf-agent-certs
       subPath: import-custom-certs.sh
@@ -177,6 +179,21 @@
   configMap:
     name: {{ tpl $subchartDot.Values.certsCMName $subchartDot }}
     defaultMode: 0700
+{{- if $dot.Values.global.importCustomCertsEnabled }}
+- name: provided-custom-certs
+{{-   if $dot.Values.global.customCertsSecret }}
+  secret:
+    secretName: {{ $dot.Values.global.customCertsSecret }}
+{{-   else }}
+{{-     if $dot.Values.global.customCertsConfigMap }}
+  configMap:
+    name: {{ $dot.Values.global.customCertsConfigMap }}
+{{-     else }}
+  emptyDir:
+    medium: Memory
+{{-     end }}
+{{-   end }}
+{{- end }}
 - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }}
   configMap:
     name: {{ include "common.fullname" $subchartDot }}-add-config