[COMMON] Create certManagerCertificate chart

- Create certManagerCertificate chart for Certificate template - Change default values for duration and renewBefore - Add creation Secret with keystore password - Use template in SDNC (add volumes and volumesMounts) Issue-ID: OOM-2568 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: Ib70d91b599fa6813ed0a6d5b96206508f2fdafcf
author: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> 2021-01-12 17:37:08 +0100
committer: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> 2021-02-05 14:48:06 +0100
commit: 595710111489903aa963c028c364584cb5bebaa4 (patch)
tree: 4cdaf12041b840d138837dc04cc50e160836b135 /kubernetes/common/common
parent: f812cf9697596afd71b871aaff22fd22c599da74 (diff)
1 files changed, 0 insertions, 192 deletions
diff --git a/kubernetes/common/common/templates/_certificate.tpl b/kubernetes/common/common/templates/_certificate.tpl
deleted file mode 100644
index d3313b2bc1..0000000000
--- a/kubernetes/common/common/templates/_certificate.tpl
+++ /dev/null
@@ -1,192 +0,0 @@
-{{/*#
-# Copyright © 2020, Nokia
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.*/}}
-
-{{/*
-# This is a template for requesting a certificate from the cert-manager (https://cert-manager.io).
-#
-# To request a certificate following steps are to be done:
-#  - create an object 'certificates' in the values.yaml
-#  - create a file templates/certificates.yaml and invoke the function "commom.certificate".
-#
-# Here is an example of the certificate request for a component:
-#
-# Directory structure:
-#   component
-#     templates
-#       certifictes.yaml
-#     values.yaml
-#
-# To be added in the file certificates.yamll
-#
-# To be added in the file values.yaml
-#  1. Minimal version (certificates only in PEM format)
-#  certificates:
-#    - commonName: component.onap.org
-#
-#  2. Extended version (with defined own issuer and additional certificate format):
-#  certificates:
-#    - name:       onap-component-certificate
-#      secretName: onap-component-certificate
-#      commonName: component.onap.org
-#      dnsNames:
-#        - component.onap.org
-#      issuer:
-#        group: certmanager.onap.org
-#        kind: CMPv2Issuer
-#        name: cmpv2-issuer-for-the-component
-#      p12Keystore:
-#        create: true
-#        passwordSecretRef:
-#          name: secret-name
-#          key:  secret-key
-#      jksKeystore:
-#        create: true
-#        passwordSecretRef:
-#          name: secret-name
-#          key:  secret-key
-#
-# Fields 'name', 'secretName' and 'commonName' are mandatory and required to be defined.
-# Other mandatory fields for the certificate definition do not have to be defined directly,
-# in that case they will be taken from default values.
-#
-# Default values are defined in file onap/values.yaml (see-> global.certificate.default)
-# and can be overriden during onap installation process.
-#
-*/}}
-
-{{- define "common.certificate" -}}
-{{- $dot := default . .dot -}}
-{{- $certificates := $dot.Values.certificates -}}
-
-{{ range $i, $certificate := $certificates }}
-{{/*# General certifiacate attributes  #*/}}
-{{- $name           := include "common.fullname" $dot                                                             -}}
-{{- $certName       := default (printf "%s-cert-%d"   $name $i) $certificate.name                                 -}}
-{{- $secretName     := default (printf "%s-secret-%d" $name $i) $certificate.secretName                           -}}
-{{- $commonName     := default $dot.Values.global.certificate.default.commonName      $certificate.commonName     -}}
-{{- $renewBefore    := default $dot.Values.global.certificate.default.renewBefore     $certificate.renewBefore    -}}
-{{- $duration       := $certificate.duration                                                                      -}}
-{{- $namespace      := default $dot.Release.Namespace         $dot.Values.global.certificate.default.namespace    -}}
-{{- if $certificate.namespace -}}
-{{-   $namespace    = default $namespace                                              $certificate.namespace      -}}
-{{- end -}}
-{{/*# SAN's #*/}}
-{{- $dnsNames       := default $dot.Values.global.certificate.default.dnsNames        $certificate.dnsNames       -}}
-{{- $ipAddresses    := default $dot.Values.global.certificate.default.ipAddresses     $certificate.ipAddresses    -}}
-{{- $uris           := default $dot.Values.global.certificate.default.uris            $certificate.uris           -}}
-{{- $emailAddresses := default $dot.Values.global.certificate.default.emailAddresses  $certificate.emailAddresses -}}
-{{/*# Subject #*/}}
-{{- $subject        := $dot.Values.global.certificate.default.subject                                             -}}
-{{- if $certificate.subject -}}
-{{-   $subject       = mergeOverwrite $subject  $certificate.subject                                              -}}
-{{- end -}}
-{{/*# Issuer #*/}}
-{{- $issuer         := $dot.Values.global.certificate.default.issuer                                              -}}
-{{- if $certificate.issuer -}}
-{{-   $issuer        = mergeOverwrite $issuer   $certificate.issuer                                               -}}
-{{- end -}}
-{{/*# Keystores #*/}}
-{{- $createJksKeystore                  := $dot.Values.global.certificate.default.jksKeystore.create                  -}}
-{{- $jksKeystorePasswordSecretName      := $dot.Values.global.certificate.default.jksKeystore.passwordSecretRef.name  -}}
-{{- $jksKeystorePasswordSecreKey        := $dot.Values.global.certificate.default.jksKeystore.passwordSecretRef.key   -}}
-{{- $createP12Keystore                  := $dot.Values.global.certificate.default.p12Keystore.create                  -}}
-{{- $p12KeystorePasswordSecretName      := $dot.Values.global.certificate.default.p12Keystore.passwordSecretRef.name  -}}
-{{- $p12KeystorePasswordSecreKey        := $dot.Values.global.certificate.default.p12Keystore.passwordSecretRef.key   -}}
-{{- if $certificate.jksKeystore -}}
-{{-   $createJksKeystore                 = default $createJksKeystore                $certificate.jksKeystore.create                   -}}
-{{-   if $certificate.jksKeystore.passwordSecretRef -}}
-{{-     $jksKeystorePasswordSecretName   = default $jksKeystorePasswordSecretName    $certificate.jksKeystore.passwordSecretRef.name   -}}
-{{-     $jksKeystorePasswordSecreKey     = default $jksKeystorePasswordSecreKey      $certificate.jksKeystore.passwordSecretRef.key    -}}
-{{-   end -}}
-{{- end -}}
-{{- if $certificate.p12Keystore -}}
-{{-   $createP12Keystore                 = default $createP12Keystore                $certificate.p12Keystore.create                   -}}
-{{-   if $certificate.p12Keystore.passwordSecretRef -}}
-{{-     $p12KeystorePasswordSecretName   = default $p12KeystorePasswordSecretName    $certificate.p12Keystore.passwordSecretRef.name   -}}
-{{-     $p12KeystorePasswordSecreKey     = default $p12KeystorePasswordSecreKey      $certificate.p12Keystore.passwordSecretRef.key    -}}
-{{-   end -}}
-{{- end -}}
----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name:        {{ $certName }}
-  namespace:   {{ $namespace }}
-spec:
-  secretName:  {{ $secretName }}
-  commonName:  {{ $commonName }}
-  renewBefore: {{ $renewBefore }}
-  {{- if $duration }}
-  duration:    {{ $duration }}
-  {{- end }}
-  subject:
-    organizations:
-      - {{ $subject.organization }}
-    countries:
-      - {{ $subject.country }}
-    localities:
-      - {{ $subject.locality }}
-    provinces:
-      - {{ $subject.province }}
-    organizationalUnits:
-      - {{ $subject.organizationalUnit }}
-  {{- if $dnsNames }}
-  dnsNames:
-    {{- range $dnsName := $dnsNames }}
-      - {{ $dnsName }}
-    {{- end }}
-  {{- end }}
-  {{- if $ipAddresses }}
-  ipAddresses:
-    {{- range $ipAddress := $ipAddresses }}
-      - {{ $ipAddress }}
-    {{- end }}
-  {{- end }}
-  {{- if $uris }}
-  uris:
-    {{- range $uri := $uris }}
-      - {{ $uri }}
-    {{- end }}
-  {{- end }}
-  {{- if $emailAddresses }}
-  emailAddresses:
-    {{- range $emailAddress := $emailAddresses }}
-      - {{ $emailAddress }}
-    {{- end }}
-  {{- end }}
-  issuerRef:
-    group: {{ $issuer.group }}
-    kind:  {{ $issuer.kind }}
-    name:  {{ $issuer.name }}
-  {{- if or $createJksKeystore $createP12Keystore }}
-  keystores:
-    {{- if $createJksKeystore }}
-    jks:
-      create: {{ $createJksKeystore }}
-      passwordSecretRef:
-        name: {{ $jksKeystorePasswordSecretName }}
-        key:  {{ $jksKeystorePasswordSecreKey }}
-    {{- end }}
-    {{- if $createP12Keystore }}
-    pkcs12:
-      create: {{ $createP12Keystore }}
-      passwordSecretRef:
-        name: {{ $p12KeystorePasswordSecretName }}
-        key:  {{ $p12KeystorePasswordSecreKey }}
-    {{- end }}
-  {{- end }}
-{{ end }}
-
-{{- end -}}
author	Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>	2021-01-12 17:37:08 +0100
committer	Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>	2021-02-05 14:48:06 +0100
commit	595710111489903aa963c028c364584cb5bebaa4 (patch)
tree	4cdaf12041b840d138837dc04cc50e160836b135 /kubernetes/common/common
parent	f812cf9697596afd71b871aaff22fd22c599da74 (diff)