diff options
author | Micha? Jagie??o <michal.jagiello@t-mobile.pl> | 2023-08-09 15:35:19 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2023-08-09 15:35:19 +0000 |
commit | 400da4b81869c8b5d92867857179080aa488d07e (patch) | |
tree | a7de15a1489c5a22e7c454c108376c596d628e0b /kubernetes/common/certInitializer | |
parent | 6212653fb318e884a8d3691bab3d4586cc7865c6 (diff) | |
parent | 8f4b6ef8866c8da748916ad7e49f79abb03b2da8 (diff) |
Merge "[COMMON] Cleanup charts from unsupported parts"
Diffstat (limited to 'kubernetes/common/certInitializer')
9 files changed, 0 insertions, 564 deletions
diff --git a/kubernetes/common/certInitializer/Chart.yaml b/kubernetes/common/certInitializer/Chart.yaml deleted file mode 100644 index d70b1de52b..0000000000 --- a/kubernetes/common/certInitializer/Chart.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v2 -description: Template used to obtain certificates in onap -name: certInitializer -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: 'file://../common' - - name: readinessCheck - version: ~13.x-0 - repository: 'file://../readinessCheck' - - name: repositoryGenerator - version: ~13.x-0 - repository: 'file://../repositoryGenerator' - - name: serviceAccount - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/common/certInitializer/resources/ingress/onboard.sh b/kubernetes/common/certInitializer/resources/ingress/onboard.sh deleted file mode 100644 index 9cc5ec580e..0000000000 --- a/kubernetes/common/certInitializer/resources/ingress/onboard.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/sh - -{{/* -# Copyright © 2020 Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/ -}} - -echo "*** retrieving certificates and keys" -export CRT=$(cat {{ .Values.credsPath }}/certs/tls.crt | base64 -w 0) -export KEY=$(cat {{ .Values.credsPath }}/certs/tls.key | base64 -w 0) -export CACERT=$(cat {{ .Values.credsPath }}/certs/cacert.pem | base64 -w 0) -echo "*** creating tls secret" -cat <<EOF | kubectl apply -f - -apiVersion: v1 -kind: Secret -metadata: - name: {{ tpl .Values.ingressTlsSecret . }} - namespace: {{ include "common.namespace" . }} -data: - ca.crt: "${CACERT}" - tls.crt: "${CRT}" - tls.key: '${KEY}' -type: kubernetes.io/tls -EOF diff --git a/kubernetes/common/certInitializer/resources/retrieval/retrieval_check.sh b/kubernetes/common/certInitializer/resources/retrieval/retrieval_check.sh deleted file mode 100644 index 76f384502f..0000000000 --- a/kubernetes/common/certInitializer/resources/retrieval/retrieval_check.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh - -{{/* -# Copyright © 2021 Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/ -}} - -echo "*** retrieving passwords for certificates" -export $(/opt/app/aaf_config/bin/agent.sh local showpass \ - {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c' | xargs -0) -if [ -z "${{ .Values.envVarToCheck }}" ] -then - echo " /!\ certificates retrieval failed" - exit 1 -fi -echo "*** password retrieval succeeded" diff --git a/kubernetes/common/certInitializer/resources/retrieval/tls_certs_configure.sh b/kubernetes/common/certInitializer/resources/retrieval/tls_certs_configure.sh deleted file mode 100644 index f201eadd0a..0000000000 --- a/kubernetes/common/certInitializer/resources/retrieval/tls_certs_configure.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/sh - -{{/* -# Copyright © 2021 Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/ -}} - -echo "--- Cert transformation for use with Ingress" -echo "*** transform AAF certs into pem files" -mkdir -p {{ .Values.credsPath }}/certs -keytool -exportcert -rfc -file {{ .Values.credsPath }}/certs/cacert.pem \ - -keystore {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.trust.jks \ - -alias ca_local_0 \ - -storepass $cadi_truststore_password -openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \ - -out {{ .Values.credsPath }}/certs/tls.crt -nokeys \ - -passin pass:$cadi_keystore_password_p12 \ - -passout pass:$cadi_keystore_password_p12 -cp {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key \ - {{ .Values.credsPath }}/certs/tls.key -echo "--- Done" diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml deleted file mode 100644 index 1312d98009..0000000000 --- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml +++ /dev/null @@ -1,253 +0,0 @@ -{{/* -# Copyright © 2020 Bell Canada, Samsung Electronics -# Copyright © 2021 Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - - - -{{- define "common.certInitializer._aafConfigVolumeName" -}} - {{ include "common.fullname" . }}-aaf-config -{{- end -}} - -{{- define "common.certInitializer._aafAddConfigVolumeName" -}} - {{ print "aaf-add-config" }} -{{- end -}} - -{{/* - common templates to enable cert initialization for applictaions - - In deployments/jobs/stateful include: - initContainers: - {{ include "common.certInitializer.initContainer" . | nindent XX }} - - containers: - volumeMounts: - {{- include "common.certInitializer.volumeMount" . | nindent XX }} - volumes: - {{- include "common.certInitializer.volume" . | nindent XX}} -*/}} -{{- define "common.certInitializer._initContainer" -}} -{{- $dot := default . .dot -}} -{{- $initRoot := default $dot.Values.certInitializer .initRoot -}} -{{- $initName := default "certInitializer" -}} -{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }} -{{ include "common.readinessCheck.waitFor" $subchartDot }} -- name: {{ include "common.name" $dot }}-aaf-config - image: {{ include "repositoryGenerator.repository" $subchartDot }}/{{ $subchartDot.Values.global.aafAgentImage }} - imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }} - securityContext: - runAsUser: 0 - volumeMounts: - - mountPath: {{ $initRoot.mountPath }} - name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }} - - mountPath: /opt/app/aaf_config/cert/truststoreONAPall.jks.b64 - name: aaf-agent-certs - subPath: truststoreONAPall.jks.b64 - - mountPath: /opt/app/aaf_config/cert/truststoreONAP.p12.b64 - name: aaf-agent-certs - subPath: truststoreONAP.p12.b64 - - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }} - mountPath: /opt/app/aaf_config/bin/retrieval_check.sh - subPath: retrieval_check.sh -{{- if hasKey $initRoot "ingressTlsSecret" }} - - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }} - mountPath: /opt/app/aaf_config/bin/tls_certs_configure.sh - subPath: tls_certs_configure.sh -{{- end }} -{{- if $initRoot.aaf_add_config }} - - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }} - mountPath: /opt/app/aaf_config/bin/aaf-add-config.sh - subPath: aaf-add-config.sh -{{- end }} - command: - - sh - - -c - - | - /opt/app/aaf_config/bin/agent.sh - . /opt/app/aaf_config/bin/retrieval_check.sh -{{- if hasKey $initRoot "ingressTlsSecret" }} - /opt/app/aaf_config/bin/tls_certs_configure.sh -{{- end -}} -{{- if $initRoot.aaf_add_config }} - /opt/app/aaf_config/bin/aaf-add-config.sh -{{- end }} - env: - - name: APP_FQI - value: "{{ $initRoot.fqi }}" - {{- if $initRoot.aaf_namespace }} - - name: aaf_locate_url - value: "https://aaf-locate.{{ $initRoot.aaf_namespace }}:8095" - - name: aaf_locator_container_ns - value: "{{ $initRoot.aaf_namespace }}" - {{- else }} - - name: aaf_locate_url - value: "https://aaf-locate.{{ $dot.Release.Namespace }}:8095" - - name: aaf_locator_container_ns - value: "{{ $dot.Release.Namespace }}" - {{- end }} - - name: aaf_locator_container - value: "oom" - - name: aaf_locator_fqdn - value: "{{ $initRoot.fqdn }}" - - name: aaf_locator_app_ns - value: "{{ $initRoot.app_ns }}" - - name: DEPLOY_FQI - {{- include "common.secret.envFromSecretFast" (dict "global" $subchartDot "uid" "deployer-creds" "key" "login") | indent 6 }} - - name: DEPLOY_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" $subchartDot "uid" "deployer-creds" "key" "password") | indent 6 }} - #Note: want to put this on Nodes, eventually - - name: cadi_longitude - value: "{{ default "52.3" $initRoot.cadi_longitude }}" - - name: cadi_latitude - value: "{{ default "13.2" $initRoot.cadi_latitude }}" - #Hello specific. Clients don't don't need this, unless Registering with AAF Locator - - name: aaf_locator_public_fqdn - value: "{{ $initRoot.public_fqdn | default "" }}" -{{- end -}} - -{{/* - This init container will import custom .pem certificates to truststoreONAPall.jks - Custom certificates must be placed in common/certInitializer/resources directory. - - The feature is enabled by setting Values.global.importCustomCertsEnabled = true - It can be used independently of aafEnabled, however it requires the same includes - as describe above for _initContainer. - - When AAF is enabled the truststoreONAPAll.jks (which contains AAF CA) will be used - to import custom certificates, otherwise the default java keystore will be used. - - The updated truststore file will be placed in /updatedTruststore and can be mounted per component - to a specific path by defining Values.certInitializer.truststoreMountpath (see _trustStoreVolumeMount) - The truststore file will be available to mount even if no custom certificates were imported. -*/}} -{{- define "common.certInitializer._initImportCustomCertsContainer" -}} -{{- $dot := default . .dot -}} -{{- $initRoot := default $dot.Values.certInitializer .initRoot -}} -{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }} -- name: {{ include "common.name" $dot }}-import-custom-certs - image: {{ include "repositoryGenerator.image.jre" $subchartDot }} - imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }} - securityContext: - runAsUser: 0 - command: - - /bin/sh - - -c - - /root/import-custom-certs.sh - env: - - name: AAF_ENABLED - value: "{{ $subchartDot.Values.global.aafEnabled }}" - - name: TRUSTSTORE_OUTPUT_FILENAME - value: "{{ $initRoot.truststoreOutputFileName }}" - - name: TRUSTSTORE_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" $subchartDot "uid" "truststore-creds" "key" "password") | indent 6 }} - volumeMounts: - - mountPath: /certs - name: aaf-agent-certs - - mountPath: /more_certs - name: provided-custom-certs - - mountPath: /root/import-custom-certs.sh - name: aaf-agent-certs - subPath: import-custom-certs.sh - - mountPath: /updatedTruststore - name: updated-truststore -{{- end -}} - -{{- define "common.certInitializer._volumeMount" -}} -{{- $dot := default . .dot -}} -{{- $initRoot := default $dot.Values.certInitializer .initRoot -}} -- mountPath: {{ $initRoot.appMountPath }} - name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }} -{{- end -}} - -{{/* - This is used together with _initImportCustomCertsContainer - It mounts the updated truststore (with imported custom certificates) to the - truststoreMountpath defined in the values file for the component. -*/}} -{{- define "common.certInitializer._trustStoreVolumeMount" -}} -{{- $dot := default . .dot -}} -{{- $initRoot := default $dot.Values.certInitializer .initRoot -}} -{{- if gt (len $initRoot.truststoreMountpath) 0 }} -- mountPath: {{ $initRoot.truststoreMountpath }}/{{ $initRoot.truststoreOutputFileName }} - name: updated-truststore - subPath: {{ $initRoot.truststoreOutputFileName }} -- mountPath: /etc/ssl/certs/ca-certificates.crt - name: updated-truststore - subPath: ca-certificates.crt -{{- end -}} -{{- end -}} - -{{- define "common.certInitializer._volumes" -}} -{{- $dot := default . .dot -}} -{{- $initRoot := default $dot.Values.certInitializer .initRoot -}} -{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot))}} -- name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }} - emptyDir: - medium: Memory -- name: aaf-agent-certs - configMap: - name: {{ tpl $subchartDot.Values.certsCMName $subchartDot }} - defaultMode: 0700 -{{- if $dot.Values.global.importCustomCertsEnabled }} -- name: provided-custom-certs -{{- if $dot.Values.global.customCertsSecret }} - secret: - secretName: {{ $dot.Values.global.customCertsSecret }} -{{- else }} -{{- if $dot.Values.global.customCertsConfigMap }} - configMap: - name: {{ $dot.Values.global.customCertsConfigMap }} -{{- else }} - emptyDir: - medium: Memory -{{- end }} -{{- end }} -{{- end }} -- name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }} - configMap: - name: {{ include "common.fullname" $subchartDot }}-add-config - defaultMode: 0700 -{{- if $dot.Values.global.importCustomCertsEnabled }} -- name: updated-truststore - emptyDir: {} -{{- end -}} -{{- end -}} - -{{- define "common.certInitializer.initContainer" -}} -{{- $dot := default . .dot -}} - {{- if $dot.Values.global.importCustomCertsEnabled }} - {{ include "common.certInitializer._initImportCustomCertsContainer" . }} - {{- end -}} - {{- if $dot.Values.global.aafEnabled }} - {{ include "common.certInitializer._initContainer" . }} - {{- end -}} -{{- end -}} - -{{- define "common.certInitializer.volumeMount" -}} -{{- $dot := default . .dot -}} - {{- if $dot.Values.global.aafEnabled }} - {{- include "common.certInitializer._volumeMount" . }} - {{- end -}} - {{- if $dot.Values.global.importCustomCertsEnabled }} - {{- include "common.certInitializer._trustStoreVolumeMount" . }} - {{- end -}} -{{- end -}} - -{{- define "common.certInitializer.volumes" -}} -{{- $dot := default . .dot -}} - {{- if or ($dot.Values.global.aafEnabled ) ($dot.Values.global.importCustomCertsEnabled) }} - {{- include "common.certInitializer._volumes" . }} - {{- end -}} -{{- end -}} diff --git a/kubernetes/common/certInitializer/templates/configmap.yaml b/kubernetes/common/certInitializer/templates/configmap.yaml deleted file mode 100644 index abd1575774..0000000000 --- a/kubernetes/common/certInitializer/templates/configmap.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{/* -# Copyright © 2020 Samsung Electronics -# Copyright © 2021 Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -{{- $suffix := "add-config" }} -metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }} -data: -{{ tpl (.Files.Glob "resources/retrieval/retrieval_check.sh").AsConfig . | indent 2 }} -{{- if hasKey .Values "ingressTlsSecret" }} -{{ tpl (.Files.Glob "resources/retrieval/tls_certs_configure.sh").AsConfig . | indent 2 }} -{{- end }} -{{ if .Values.aaf_add_config }} - aaf-add-config.sh: | - {{ tpl .Values.aaf_add_config . | indent 4 | trim }} -{{- end }} -{{- if hasKey .Values "ingressTlsSecret" }} ---- -apiVersion: v1 -kind: ConfigMap -{{- $suffix := "ingress" }} -metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }} -data: -{{ tpl (.Files.Glob "resources/ingress/onboard.sh").AsConfig . | indent 2 }} -{{- end }} diff --git a/kubernetes/common/certInitializer/templates/job.yaml b/kubernetes/common/certInitializer/templates/job.yaml deleted file mode 100644 index 3120455300..0000000000 --- a/kubernetes/common/certInitializer/templates/job.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{/* -# Copyright © 2021 Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if hasKey .Values "ingressTlsSecret" }} -apiVersion: batch/v1 -kind: Job -{{- $suffix := "set-tls-secret" }} -metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }} -spec: - backoffLimit: 20 - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - initContainers: {{ include "common.certInitializer.initContainer" (dict "dot" . "initRoot" .Values) | nindent 6 }} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" - containers: - - name: create-tls-secret - command: - - /ingress/onboard.sh - image: {{ include "repositoryGenerator.image.kubectl" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "common.certInitializer.volumeMount" (dict "dot" . "initRoot" .Values) | nindent 8 }} - - name: ingress-scripts - mountPath: /ingress - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: {{ include "common.certInitializer.volumes" (dict "dot" . "initRoot" .Values) | nindent 6 }} - - name: localtime - hostPath: - path: /etc/localtime - - name: ingress-scripts - configMap: - name: {{ include "common.fullname" . }}-ingress - defaultMode: 0777 - restartPolicy: Never -{{- end}} diff --git a/kubernetes/common/certInitializer/templates/secret.yaml b/kubernetes/common/certInitializer/templates/secret.yaml deleted file mode 100644 index 34932b713d..0000000000 --- a/kubernetes/common/certInitializer/templates/secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.secretFast" . }} diff --git a/kubernetes/common/certInitializer/values.yaml b/kubernetes/common/certInitializer/values.yaml deleted file mode 100644 index 0fde2cf532..0000000000 --- a/kubernetes/common/certInitializer/values.yaml +++ /dev/null @@ -1,78 +0,0 @@ -# Copyright © 2020 Bell Canada, Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -global: - aafAgentImage: onap/aaf/aaf_agent:2.1.20 - aafEnabled: true - # Give the name of a config map where certInitializer will onboard all certs - # given (certs must be in pem format) - customCertsConfigMap: - # Give the name of a secret where certInitializer will onboard all certs given - # (certs must be in pem format) - # this one superseedes previous one (so if both are given, only certs from - # secret will be onboarded). - customCertsSecret: - - -pullPolicy: Always - -secrets: - - uid: deployer-creds - type: basicAuth - externalSecret: '{{ ternary (tpl (default "" .Values.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}' - login: '{{ .Values.aafDeployFqi }}' - password: '{{ .Values.aafDeployPass }}' - passwordPolicy: required - - uid: truststore-creds - type: password - externalSecret: '{{ tpl (default "" .Values.truststoreCredsExternalSecret) . }}' - password: '{{ .Values.truststorePassword }}' - passwordPolicy: required - -readinessCheck: - wait_for: - - aaf-locate - - aaf-cm - - aaf-service - -fqdn: "" -app_ns: "org.osaaf.aaf" -fqi: "" -fqi_namespace: "" -public_fqdn: "aaf.osaaf.org" -aafDeployFqi: "deployer@people.osaaf.org" -aafDeployPass: demo123456! -cadi_latitude: "38.0" -cadi_longitude: "-72.0" -aaf_add_config: "" -mountPath: "/opt/app/osaaf" -appMountPath: "/opt/app/osaaf" -importCustomCertsEnabled: false -truststoreMountpath: "" -truststoreOutputFileName: truststore.jks -truststorePassword: changeit -envVarToCheck: cadi_keystore_password_p12 -# ingressTlsSecret: - -# This introduces implicit dependency on cert-wrapper -# if you are using cert initializer cert-wrapper has to be also deployed. -# We had to move this CM to a separate chart to reduce the total size of our charts -# as it exceeds the default helm limits. -certsCMName: '{{ include "common.release" . }}-cert-wrapper-certs' - -#Pods Service Account -serviceAccount: - nameOverride: certinitializer - roles: - - read
\ No newline at end of file |