diff options
author | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2020-04-07 14:52:20 +0200 |
---|---|---|
committer | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2020-04-15 13:59:12 +0200 |
commit | d1ca1ee8e3816ca94621f4f9c619ee7c9d52b353 (patch) | |
tree | 334cff3fec8ac5ac9d4dbf36c15f0965ea2e1201 /kubernetes/contrib/components/ejbca/templates/deployment.yaml | |
parent | a5bb31b95347229e400099565bedd3f6a3785c9a (diff) |
[Contrib] Add EJBCA Server
EJBCA Server is used to test that CMPv2 Certificate handling is well
done in ONAP.
Issue-ID: AAF-1083
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I5e2d25b68b5cd80d3c7bf282ce871dd81e711ff6
Diffstat (limited to 'kubernetes/contrib/components/ejbca/templates/deployment.yaml')
-rw-r--r-- | kubernetes/contrib/components/ejbca/templates/deployment.yaml | 92 |
1 files changed, 92 insertions, 0 deletions
diff --git a/kubernetes/contrib/components/ejbca/templates/deployment.yaml b/kubernetes/contrib/components/ejbca/templates/deployment.yaml new file mode 100644 index 0000000000..c6981e5fc4 --- /dev/null +++ b/kubernetes/contrib/components/ejbca/templates/deployment.yaml @@ -0,0 +1,92 @@ +# Copyright © 2020, Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: {{- include "common.selectors" . | nindent 4 }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: + - name: {{ include "common.name" . }}-db-readiness + command: + - /root/ready.py + args: + - --container-name + {{- if .Values.global.mariadbGalera.localCluster }} + - ejbca-galera + {{- else }} + - ejbca-config + {{- end }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + containers: + - name: {{ include "common.name" . }}-ejbca + image: {{ .Values.ejbca.image }} + imagePullPolicy: {{ .Values.pullPolicy }} + lifecycle: + postStart: + exec: + command: ["/bin/sh", "-c", "/opt/primekey/scripts/ejbca-config.sh"] + volumeMounts: + - name: "{{ include "common.fullname" . }}-volume" + mountPath: /opt/primekey/scripts/ + ports: {{ include "common.containerPorts" . | nindent 10 }} + env: + - name: INITIAL_ADMIN + value: ";PublicAccessAuthenticationToken:TRANSPORT_ANY;" + - name: DATABASE_JDBC_URL + value: jdbc:mariadb://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ .Values.mysqlDatabase }} + - name: DATABASE_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-db-secret" "key" "login") | indent 10 }} + - name: DATABASE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-db-secret" "key" "password") | indent 10 }} + - name: RA_IAK + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-ra-iak" "key" "password") | indent 10 }} + - name: CLIENT_IAK + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-client-iak" "key" "password") | indent 10 }} + livenessProbe: + httpGet: + port: {{ .Values.liveness.port }} + path: {{ .Values.liveness.path }} + scheme: HTTPS + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + readinessProbe: + httpGet: + port: {{ .Values.readiness.port }} + path: {{ .Values.readiness.path }} + scheme: HTTPS + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + {{- if .Values.nodeSelector }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: {{ toYaml .Values.affinity | nindent 10 }} + {{- end }} + volumes: + - configMap: + name: "{{ include "common.fullname" . }}-config-script" + defaultMode: 0755 + name: "{{ include "common.fullname" . }}-volume" |