[COMMON][CERTINIT] Generate cert with certInit

Some components are http based but want to be usable from outside world.
Instead of dealing with TLS part on the component itself, let's use
certInitializer to generate a secret with the certs which will be usable
by Ingress

Issue-ID: SO-3078
Issue-ID: SO-3237
Issue-ID: CPS-281
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: If166716d159586b1eb94c111e9d3d82a54c2fd6e

1 files changed, 9 insertions, 0 deletions

diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
index 414192e2bc..68bea64da1 100644
--- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml
+++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
@@ -1,5 +1,6 @@
 {{/*
 # Copyright © 2020 Bell Canada, Samsung Electronics
+# Copyright © 2021 Orange
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -58,6 +59,11 @@
   - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }}
     mountPath: /opt/app/aaf_config/bin/retrieval_check.sh
     subPath: retrieval_check.sh
+{{-     if hasKey $initRoot "ingressTlsSecret" }}
+  - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }}
+    mountPath: /opt/app/aaf_config/bin/tls_certs_configure.sh
+    subPath: tls_certs_configure.sh
+{{-     end }}
 {{-     if $initRoot.aaf_add_config }}
   - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }}
     mountPath: /opt/app/aaf_config/bin/aaf-add-config.sh
@@ -69,6 +75,9 @@
     - |
       /opt/app/aaf_config/bin/agent.sh
       . /opt/app/aaf_config/bin/retrieval_check.sh
+{{-     if hasKey $initRoot "ingressTlsSecret" }}
+      /opt/app/aaf_config/bin/tls_certs_configure.sh
+{{-     end -}}
 {{-     if $initRoot.aaf_add_config }}
       /opt/app/aaf_config/bin/aaf-add-config.sh
 {{-     end }}