summaryrefslogtreecommitdiffstats
path: root/kubernetes/contrib/components/ejbca/templates/deployment.yaml
diff options
context:
space:
mode:
authorSylvain Desbureaux <sylvain.desbureaux@orange.com>2020-04-07 14:52:20 +0200
committerSylvain Desbureaux <sylvain.desbureaux@orange.com>2020-04-15 13:59:12 +0200
commitd1ca1ee8e3816ca94621f4f9c619ee7c9d52b353 (patch)
tree334cff3fec8ac5ac9d4dbf36c15f0965ea2e1201 /kubernetes/contrib/components/ejbca/templates/deployment.yaml
parenta5bb31b95347229e400099565bedd3f6a3785c9a (diff)
[Contrib] Add EJBCA Server
EJBCA Server is used to test that CMPv2 Certificate handling is well done in ONAP. Issue-ID: AAF-1083 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I5e2d25b68b5cd80d3c7bf282ce871dd81e711ff6
Diffstat (limited to 'kubernetes/contrib/components/ejbca/templates/deployment.yaml')
-rw-r--r--kubernetes/contrib/components/ejbca/templates/deployment.yaml92
1 files changed, 92 insertions, 0 deletions
diff --git a/kubernetes/contrib/components/ejbca/templates/deployment.yaml b/kubernetes/contrib/components/ejbca/templates/deployment.yaml
new file mode 100644
index 0000000000..c6981e5fc4
--- /dev/null
+++ b/kubernetes/contrib/components/ejbca/templates/deployment.yaml
@@ -0,0 +1,92 @@
+# Copyright © 2020, Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-db-readiness
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ {{- if .Values.global.mariadbGalera.localCluster }}
+ - ejbca-galera
+ {{- else }}
+ - ejbca-config
+ {{- end }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ containers:
+ - name: {{ include "common.name" . }}-ejbca
+ image: {{ .Values.ejbca.image }}
+ imagePullPolicy: {{ .Values.pullPolicy }}
+ lifecycle:
+ postStart:
+ exec:
+ command: ["/bin/sh", "-c", "/opt/primekey/scripts/ejbca-config.sh"]
+ volumeMounts:
+ - name: "{{ include "common.fullname" . }}-volume"
+ mountPath: /opt/primekey/scripts/
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
+ env:
+ - name: INITIAL_ADMIN
+ value: ";PublicAccessAuthenticationToken:TRANSPORT_ANY;"
+ - name: DATABASE_JDBC_URL
+ value: jdbc:mariadb://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ .Values.mysqlDatabase }}
+ - name: DATABASE_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-db-secret" "key" "login") | indent 10 }}
+ - name: DATABASE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-db-secret" "key" "password") | indent 10 }}
+ - name: RA_IAK
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-ra-iak" "key" "password") | indent 10 }}
+ - name: CLIENT_IAK
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-client-iak" "key" "password") | indent 10 }}
+ livenessProbe:
+ httpGet:
+ port: {{ .Values.liveness.port }}
+ path: {{ .Values.liveness.path }}
+ scheme: HTTPS
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ readinessProbe:
+ httpGet:
+ port: {{ .Values.readiness.port }}
+ path: {{ .Values.readiness.path }}
+ scheme: HTTPS
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity: {{ toYaml .Values.affinity | nindent 10 }}
+ {{- end }}
+ volumes:
+ - configMap:
+ name: "{{ include "common.fullname" . }}-config-script"
+ defaultMode: 0755
+ name: "{{ include "common.fullname" . }}-volume"