summaryrefslogtreecommitdiffstats
path: root/kubernetes/common/cmpv2Certificate/templates
diff options
context:
space:
mode:
authorPiotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>2021-03-26 13:06:35 +0100
committerPiotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>2021-04-22 14:08:36 +0000
commit3267293a468d65a8bae755da77d2a48a9e25663a (patch)
tree542bc3419c8637b32baa7cb2b2db694b9cae10cd /kubernetes/common/cmpv2Certificate/templates
parent1b162638763115959a0960a1195618f571d5499b (diff)
[PLATFORM] Generate Cert-Service certs with Cert-Manager
Utilize Cert-Manager to secure communication between Cert-Service and its clients, adjust templates and configs. Issue-ID: OOM-2712 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: I96426b1a184b4d254575e76d29214d9deda08cce Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
Diffstat (limited to 'kubernetes/common/cmpv2Certificate/templates')
-rw-r--r--kubernetes/common/cmpv2Certificate/templates/_certServiceClient.tpl31
1 files changed, 20 insertions, 11 deletions
diff --git a/kubernetes/common/cmpv2Certificate/templates/_certServiceClient.tpl b/kubernetes/common/cmpv2Certificate/templates/_certServiceClient.tpl
index 58cc9c7249..f80b06b4d3 100644
--- a/kubernetes/common/cmpv2Certificate/templates/_certServiceClient.tpl
+++ b/kubernetes/common/cmpv2Certificate/templates/_certServiceClient.tpl
@@ -62,7 +62,7 @@ There also need to be some includes used in a target component deployment (inden
{{- define "common.certServiceClient.initContainer" -}}
{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.cmpv2Certificate .initRoot -}}
+{{- $initRoot := default $dot.Values.cmpv2Certificate.cmpv2Config .initRoot -}}
{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
{{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}}
{{- range $index, $certificate := $dot.Values.certificates -}}
@@ -97,11 +97,14 @@ There also need to be some includes used in a target component deployment (inden
{{- $requestUrl := $subchartGlobal.platform.certServiceClient.envVariables.requestURL -}}
{{- $certPath := $subchartGlobal.platform.certServiceClient.envVariables.certPath -}}
{{- $requestTimeout := $subchartGlobal.platform.certServiceClient.envVariables.requestTimeout -}}
-{{- $certificatesSecretMountPath := $subchartGlobal.platform.certServiceClient.secret.mountPath -}}
-{{- $keystorePath := $subchartGlobal.platform.certServiceClient.envVariables.keystorePath -}}
-{{- $keystorePassword := $subchartGlobal.platform.certServiceClient.envVariables.keystorePassword -}}
-{{- $truststorePath := $subchartGlobal.platform.certServiceClient.envVariables.truststorePath -}}
-{{- $truststorePassword := $subchartGlobal.platform.certServiceClient.envVariables.truststorePassword -}}
+{{- $certificatesSecret:= $subchartGlobal.platform.certServiceClient.clientSecretName -}}
+{{- $certificatesSecretMountPath := $subchartGlobal.platform.certServiceClient.certificatesSecretMountPath -}}
+{{- $keystorePath := (printf "%s%s" $subchartGlobal.platform.certServiceClient.certificatesSecretMountPath $subchartGlobal.platform.certificates.keystoreKeyRef ) -}}
+{{- $keystorePasswordSecret := $subchartGlobal.platform.certificates.keystorePasswordSecretName -}}
+{{- $keystorePasswordSecretKey := $subchartGlobal.platform.certificates.keystorePasswordSecretKey -}}
+{{- $truststorePath := (printf "%s%s" $subchartGlobal.platform.certServiceClient.certificatesSecretMountPath $subchartGlobal.platform.certificates.truststoreKeyRef ) -}}
+{{- $truststorePasswordSecret := $subchartGlobal.platform.certificates.truststorePasswordSecretName -}}
+{{- $truststorePasswordSecretKey := $subchartGlobal.platform.certificates.truststorePasswordSecretKey -}}
- name: certs-init-{{ $index }}
image: {{ include "repositoryGenerator.image.certserviceclient" $dot }}
imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
@@ -133,11 +136,17 @@ There also need to be some includes used in a target component deployment (inden
- name: KEYSTORE_PATH
value: {{ $keystorePath | quote }}
- name: KEYSTORE_PASSWORD
- value: {{ $keystorePassword | quote }}
+ valueFrom:
+ secretKeyRef:
+ name: {{ $keystorePasswordSecret | quote}}
+ key: {{ $keystorePasswordSecretKey | quote}}
- name: TRUSTSTORE_PATH
value: {{ $truststorePath | quote }}
- name: TRUSTSTORE_PASSWORD
- value: {{ $truststorePassword | quote }}
+ valueFrom:
+ secretKeyRef:
+ name: {{ $truststorePasswordSecret | quote}}
+ key: {{ $truststorePasswordSecretKey | quote}}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
@@ -151,10 +160,10 @@ There also need to be some includes used in a target component deployment (inden
{{- define "common.certServiceClient.volumes" -}}
{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.cmpv2Certificate .initRoot -}}
+{{- $initRoot := default $dot.Values.cmpv2Certificate.cmpv2Config .initRoot -}}
{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
{{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}}
-{{- $certificatesSecretName := $subchartGlobal.platform.certServiceClient.secret.name -}}
+{{- $certificatesSecretName := $subchartGlobal.platform.certificates.clientSecretName -}}
- name: certservice-tls-volume
secret:
secretName: {{ $certificatesSecretName }}
@@ -168,7 +177,7 @@ There also need to be some includes used in a target component deployment (inden
{{- define "common.certServiceClient.volumeMounts" -}}
{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.cmpv2Certificate .initRoot -}}
+{{- $initRoot := default $dot.Values.cmpv2Certificate.cmpv2Config .initRoot -}}
{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
{{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}}
{{- range $index, $certificate := $dot.Values.certificates -}}