diff options
| author |   Krzysztof Opasiak <k.opasiak@samsung.com> | 2021-05-06 22:21:01 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <gerrit@onap.org> | 2021-05-06 22:21:01 +0000 |
| commit | 452c96ab637494a9ae5fdd3a6457c43af152aaa3 (patch) | |
| tree | 490c5e4abca50f3becb99086d18895b20aa8733c /kubernetes/common/certInitializer/templates | |
| parent | fc58c5c4bd7f25caefd4893a8909ec8cb42362d7 (diff) | |
| parent | da711dd6a353c79e2d8990815e18b91dfe2354b3 (diff) | |
Merge "[COMMON][CERTINIT] Generate cert with certInit"
Diffstat (limited to 'kubernetes/common/certInitializer/templates')
3 files changed, 67 insertions, 1 deletions
diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml index 3b165a4c20..f3ba8a24e0 100644 --- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml +++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2020 Bell Canada, Samsung Electronics +# Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -58,6 +59,11 @@ - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }} mountPath: /opt/app/aaf_config/bin/retrieval_check.sh subPath: retrieval_check.sh +{{- if hasKey $initRoot "ingressTlsSecret" }} + - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }} + mountPath: /opt/app/aaf_config/bin/tls_certs_configure.sh + subPath: tls_certs_configure.sh +{{- end }} {{- if $initRoot.aaf_add_config }} - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }} mountPath: /opt/app/aaf_config/bin/aaf-add-config.sh @@ -69,6 +75,9 @@ - | /opt/app/aaf_config/bin/agent.sh . /opt/app/aaf_config/bin/retrieval_check.sh +{{- if hasKey $initRoot "ingressTlsSecret" }} + /opt/app/aaf_config/bin/tls_certs_configure.sh +{{- end -}} {{- if $initRoot.aaf_add_config }} /opt/app/aaf_config/bin/aaf-add-config.sh {{- end }} diff --git a/kubernetes/common/certInitializer/templates/configmap.yaml b/kubernetes/common/certInitializer/templates/configmap.yaml index 1e9254abef..abd1575774 100644 --- a/kubernetes/common/certInitializer/templates/configmap.yaml +++ b/kubernetes/common/certInitializer/templates/configmap.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2020 Samsung Electronics +# Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,8 +20,20 @@ kind: ConfigMap {{- $suffix := "add-config" }} metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }} data: -{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/retrieval/retrieval_check.sh").AsConfig . | indent 2 }} +{{- if hasKey .Values "ingressTlsSecret" }} +{{ tpl (.Files.Glob "resources/retrieval/tls_certs_configure.sh").AsConfig . | indent 2 }} +{{- end }} {{ if .Values.aaf_add_config }} aaf-add-config.sh: | {{ tpl .Values.aaf_add_config . | indent 4 | trim }} {{- end }} +{{- if hasKey .Values "ingressTlsSecret" }} +--- +apiVersion: v1 +kind: ConfigMap +{{- $suffix := "ingress" }} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }} +data: +{{ tpl (.Files.Glob "resources/ingress/onboard.sh").AsConfig . | indent 2 }} +{{- end }} diff --git a/kubernetes/common/certInitializer/templates/job.yaml b/kubernetes/common/certInitializer/templates/job.yaml new file mode 100644 index 0000000000..331a58c310 --- /dev/null +++ b/kubernetes/common/certInitializer/templates/job.yaml @@ -0,0 +1,44 @@ +{{/* +# Copyright © 2021 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if hasKey .Values "ingressTlsSecret" }} +apiVersion: batch/v1 +kind: Job +{{- $suffix := "set-tls-secret" }} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }} +spec: + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: {{ include "common.certInitializer.initContainer" (dict "dot" . "initRoot" .Values) | nindent 6 }} + containers: + - name: create tls secret + command: + - /ingress/onboard.sh + image: {{ include "repositoryGenerator.image.kubectl" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: {{ include "common.certInitializer.volumeMount" (dict "dot" . "initRoot" .Values) | nindent 8 }} + - name: ingress-scripts + mountPath: /ingress + volumes: {{ include "common.certInitializer.volumes" (dict "dot" . "initRoot" .Values) | nindent 6 }} + - name: localtime + hostPath: + path: /etc/localtime + - name: ingress-scripts + configMap: + name: {{ include "common.fullname" . }}-ingress + defaultMode: 0777 +{{- end}} |