diff options
author | Krzysztof Opasiak <k.opasiak@samsung.com> | 2020-05-01 01:46:37 +0200 |
---|---|---|
committer | Krzysztof Opasiak <k.opasiak@samsung.com> | 2020-05-06 17:38:13 +0200 |
commit | 020cdb94ca5c6ca3fb4690b1118c08779f3b4d95 (patch) | |
tree | 6341e44e8b8e2602393f048bc03f59fa81fd99fc /kubernetes/common | |
parent | 693b49fc8116ea27635c26590bf85a6746868ea4 (diff) |
[COMMON] Add new template for obtaining certificate
Add new template that can be used to obtain certificate by
component. Make also a PoC with NBI.
Strongly based on aaf-config template.
Issue-ID: AAF-1134
Change-Id: I10cb2a7b36a8dc436be337518cc15431aabbbc5d
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Diffstat (limited to 'kubernetes/common')
6 files changed, 272 insertions, 0 deletions
diff --git a/kubernetes/common/certInitializer/Chart.yaml b/kubernetes/common/certInitializer/Chart.yaml new file mode 100644 index 0000000000..3b20045b1f --- /dev/null +++ b/kubernetes/common/certInitializer/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Template used to obtain certificates in onap +name: certInitializer +version: 6.0.0 diff --git a/kubernetes/common/certInitializer/requirements.yaml b/kubernetes/common/certInitializer/requirements.yaml new file mode 100644 index 0000000000..237f1d1354 --- /dev/null +++ b/kubernetes/common/certInitializer/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: 'file://../common' diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml new file mode 100644 index 0000000000..e4a878b420 --- /dev/null +++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml @@ -0,0 +1,152 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + + + +{{- define "common.certInitializer._aafConfigVolumeName" -}} + {{ include "common.fullname" . }}-aaf-config +{{- end -}} + +{{- define "common.certInitializer._aafAddConfigVolumeName" -}} + {{ print "aaf-add-config" }} +{{- end -}} + +{{/* + common templates to enable cert initialization for applictaions + + In deployments/jobs/stateful include: + initContainers: + {{ include "common.certInitializer.initContainer" . | nindent XX }} + + containers: + volumeMounts: + {{- include "common.certInitializer.volumeMount" . | nindent XX }} + volumes: + {{- include "common.certInitializer.volume" . | nindent XX}} +*/}} +{{- define "common.certInitializer._initContainer" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.certInitializer .initRoot -}} +{{- $initName := default "certInitializer" -}} +{{/* Our version of helm doesn't support deepCopy so we need this nasty trick */}} +{{- $subchartDot := mergeOverwrite (fromJson (toJson $dot)) (dict "Chart" (set (fromJson (toJson .Chart)) "Name" $initRoot.nameOverride) "Values" $initRoot) }} +- name: {{ include "common.name" $dot }}-aaf-readiness + image: "{{ $dot.Values.global.readinessRepository }}/{{ $dot.Values.global.readinessImage }}" + imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }} + command: + - /root/ready.py + args: + - --container-name + - aaf-locate + - --container-name + - aaf-cm + - --container-name + - aaf-service + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace +- name: {{ include "common.name" $dot }}-aaf-config + image: {{ (default $dot.Values.repository $dot.Values.global.repository) }}/{{ $dot.Values.global.aafAgentImage }} + imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }} + volumeMounts: + - mountPath: {{ $initRoot.mountPath }} + name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }} +{{- if $initRoot.aaf_add_config }} + - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }} + mountPath: /opt/app/aaf_config/bin/aaf-add-config.sh + subPath: aaf-add-config.sh +{{- end }} + command: + - sh + - -c + - | + #!/usr/bin/env bash + /opt/app/aaf_config/bin/agent.sh +{{- if $initRoot.aaf_add_config }} + /opt/app/aaf_config/bin/aaf-add-config.sh +{{- end }} + env: + - name: APP_FQI + value: "{{ $initRoot.fqi }}" + - name: aaf_locate_url + value: "https://aaf-locate.{{ $dot.Release.Namespace}}:8095" + - name: aaf_locator_container + value: "oom" + - name: aaf_locator_container_ns + value: "{{ $dot.Release.Namespace }}" + - name: aaf_locator_fqdn + value: "{{ $initRoot.fqdn }}" + - name: aaf_locator_app_ns + value: "{{ $initRoot.app_ns }}" + - name: DEPLOY_FQI + {{- include "common.secret.envFromSecretFast" (dict "global" $subchartDot "uid" "deployer-creds" "key" "login") | indent 6 }} + - name: DEPLOY_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" $subchartDot "uid" "deployer-creds" "key" "password") | indent 6 }} + #Note: want to put this on Nodes, eventually + - name: cadi_longitude + value: "{{ default "52.3" $initRoot.cadi_longitude }}" + - name: cadi_latitude + value: "{{ default "13.2" $initRoot.cadi_latitude }}" + #Hello specific. Clients don't don't need this, unless Registering with AAF Locator + - name: aaf_locator_public_fqdn + value: "{{ $initRoot.public_fqdn | default "" }}" +{{- end -}} + +{{- define "common.certInitializer._volumeMount" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.certInitializer .initRoot -}} +- mountPath: {{ $initRoot.mountPath }} + name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }} +{{- end -}} + +{{- define "common.certInitializer._volumes" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.certInitializer .initRoot -}} +{{- $subchartDot := mergeOverwrite (fromJson (toJson $dot)) (dict "Chart" (set (fromJson (toJson .Chart)) "Name" $initRoot.nameOverride) "Values" $initRoot) }} +- name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }} + emptyDir: + medium: Memory +{{- if $initRoot.aaf_add_config }} +- name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }} + configMap: + name: {{ include "common.fullname" $subchartDot }}-add-config + defaultMode: 0700 +{{- end -}} +{{- end -}} + +{{- define "common.certInitializer.initContainer" -}} +{{- $dot := default . .dot -}} + {{- if $dot.Values.global.aafEnabled }} + {{ include "common.certInitializer._initContainer" . }} + {{- end -}} +{{- end -}} + +{{- define "common.certInitializer.volumeMount" -}} +{{- $dot := default . .dot -}} + {{- if $dot.Values.global.aafEnabled }} + {{- include "common.certInitializer._volumeMount" . }} + {{- end -}} +{{- end -}} + +{{- define "common.certInitializer.volumes" -}} +{{- $dot := default . .dot -}} + {{- if $dot.Values.global.aafEnabled }} + {{- include "common.certInitializer._volumes" . }} + {{- end -}} +{{- end -}} diff --git a/kubernetes/common/certInitializer/templates/configmap.yaml b/kubernetes/common/certInitializer/templates/configmap.yaml new file mode 100644 index 0000000000..640dafd67e --- /dev/null +++ b/kubernetes/common/certInitializer/templates/configmap.yaml @@ -0,0 +1,25 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ if .Values.aaf_add_config }} +apiVersion: v1 +kind: ConfigMap +{{- $suffix := "add-config" }} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }} +data: + aaf-add-config.sh: | + {{ tpl .Values.aaf_add_config . | indent 4 }} +{{- end -}} diff --git a/kubernetes/common/certInitializer/templates/secret.yaml b/kubernetes/common/certInitializer/templates/secret.yaml new file mode 100644 index 0000000000..34932b713d --- /dev/null +++ b/kubernetes/common/certInitializer/templates/secret.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/common/certInitializer/values.yaml b/kubernetes/common/certInitializer/values.yaml new file mode 100644 index 0000000000..b55ba5e2f3 --- /dev/null +++ b/kubernetes/common/certInitializer/values.yaml @@ -0,0 +1,42 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +global: + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + aafAgentImage: onap/aaf/aaf_agent:2.1.20 + aafEnabled: true + +pullPolicy: Always + +secrets: + - uid: deployer-creds + type: basicAuth + externalSecret: '{{ ternary (tpl (default "" .Values.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}' + login: '{{ .Values.aafDeployFqi }}' + password: '{{ .Values.aafDeployPass }}' + passwordPolicy: required + +aafDeployFqi: "changeme" +fqdn: "" +app_ns: "org.osaaf.aaf" +fqi: "" +fqi_namespace: "" +public_fqdn: "aaf.osaaf.org" +aafDeployFqi: "deployer@people.osaaf.org" +aafDeployPass: demo123456! +cadi_latitude: "38.0" +cadi_longitude: "-72.0" +aaf_add_config: "" +mountPath: "/opt/app/osaaf" |