diff options
| author |   Remigiusz Janeczek <remigiusz.janeczek@nokia.com> | 2020-12-10 13:10:15 +0100 |
|---|---|---|
| committer | Remigiusz Janeczek <remigiusz.janeczek@nokia.com> | 2021-01-20 18:37:49 +0100 |
| commit | 42177a154d827dd1fddea3a451597c7708b65b6e (patch) | |
| tree | 2b74b9d47a303a56d4b43848b3ad4669fe9da290 /kubernetes/sdnc | |
| parent | 0e6972b5a5f94d76848a22f5155f49925522b324 (diff) | |
[COMMON] Add template for CertServiceClient
Create generic template to simplify CertServiceClient use
Issue-ID: OOM-2568
Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
Change-Id: I4fb9829b27b1dd13a9e7a098f807710cc5648438
Diffstat (limited to 'kubernetes/sdnc')
| -rw-r--r-- | kubernetes/sdnc/requirements.yaml | 4 | ||||
| -rw-r--r-- | kubernetes/sdnc/templates/statefulset.yaml | 63 | ||||
| -rw-r--r-- | kubernetes/sdnc/values.yaml | 31 |
3 files changed, 14 insertions, 84 deletions
diff --git a/kubernetes/sdnc/requirements.yaml b/kubernetes/sdnc/requirements.yaml index 57c165c4c0..f58ecb16be 100644 --- a/kubernetes/sdnc/requirements.yaml +++ b/kubernetes/sdnc/requirements.yaml @@ -1,5 +1,6 @@ # Copyright © 2017 Amdocs, Bell Canada, # Copyright © 2020 highstreet technologies GmbH +# Copyright © 2021 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,6 +21,9 @@ dependencies: - name: certInitializer version: ~7.x-0 repository: '@local' + - name: cmpv2Certificate + version: ~7.x-0 + repository: '@local' - name: logConfiguration version: ~7.x-0 repository: '@local' diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml index 63b56f87a9..b668fd8e4d 100644 --- a/kubernetes/sdnc/templates/statefulset.yaml +++ b/kubernetes/sdnc/templates/statefulset.yaml @@ -1,6 +1,7 @@ {{/* # Copyright © 2020 Samsung Electronics # Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2021 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -98,50 +99,8 @@ spec: name: {{ include "common.name" . }}-readiness {{ end -}} {{ include "common.certInitializer.initContainer" . | indent 6 }} - - {{ if .Values.global.cmpv2Enabled }} - - name: certs-init - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.platform.certServiceClient.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: REQUEST_URL - value: {{ .Values.global.platform.certServiceClient.envVariables.requestURL }} - - name: REQUEST_TIMEOUT - value: "30000" - - name: OUTPUT_PATH - value: {{ .Values.global.platform.certServiceClient.envVariables.cert_path }} - - name: CA_NAME - value: {{ .Values.global.platform.certServiceClient.envVariables.caName }} - - name: COMMON_NAME - value: {{ .Values.global.platform.certServiceClient.envVariables.common_name }} - - name: ORGANIZATION - value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2Organization }} - - name: ORGANIZATION_UNIT - value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2OrganizationalUnit }} - - name: LOCATION - value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2Location }} - - name: STATE - value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2State }} - - name: COUNTRY - value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2Country }} - - name: KEYSTORE_PATH - value: {{ .Values.global.platform.certServiceClient.envVariables.keystorePath }} - - name: KEYSTORE_PASSWORD - value: {{ .Values.global.platform.certServiceClient.envVariables.keystorePassword }} - - name: TRUSTSTORE_PATH - value: {{ .Values.global.platform.certServiceClient.envVariables.truststorePath }} - - name: TRUSTSTORE_PASSWORD - value: {{ .Values.global.platform.certServiceClient.envVariables.truststorePassword }} - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: {{ .Values.global.platform.certServiceClient.envVariables.cert_path }} - name: certs - - mountPath: {{ .Values.global.platform.certServiceClient.secret.mountPath }} - name: certservice-tls-volume - {{ end }} - - - name: {{ include "common.name" . }}-init-files +{{ include "common.certServiceClient.initContainer" . | indent 6 }} + - name: {{ include "common.name" . }}-chown image: {{ include "repositoryGenerator.image.busybox" . }} command: - sh @@ -150,7 +109,7 @@ spec: - | mkdir {{ .Values.persistence.mdsalPath }}/daexim mkdir {{ .Values.persistence.mdsalPath }}/journal - mkdir {{ .Values.persistence.mdsalPath }}/snapshots + mkdir {{ .Values.persistence.mdsalPath }}/snapshots chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.persistence.mdsalPath }} {{- if .Values.global.aafEnabled }} chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certInitializer.credsPath }} @@ -236,6 +195,7 @@ spec: volumeMounts: {{ include "common.certInitializer.volumeMount" . | indent 10 }} +{{ include "common.certServiceClient.volumeMounts" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -294,10 +254,6 @@ spec: - mountPath: {{ .Values.config.odl.etcDir }}/mountpoint-state-provider.properties name: properties subPath: mountpoint-state-provider.properties - {{ if .Values.global.cmpv2Enabled }} - - mountPath: {{ .Values.global.platform.certServiceClient.envVariables.cert_path }} - name: certs - {{- end }} resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -348,19 +304,12 @@ spec: - name: properties emptyDir: medium: Memory - {{ if .Values.global.cmpv2Enabled }} - - name: certs - emptyDir: - medium: Memory - - name: certservice-tls-volume - secret: - secretName: {{ .Values.global.platform.certServiceClient.secret.name }} - {{- end }} {{ if not .Values.persistence.enabled }} - name: {{ include "common.fullname" . }}-data emptyDir: {} {{ else }} {{ include "common.certInitializer.volumes" . | nindent 8 }} +{{ include "common.certServiceClient.volumes" . | nindent 8 }} volumeClaimTemplates: - metadata: name: {{ include "common.fullname" . }}-data diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index faf6594e2a..4354fe4a23 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -1,5 +1,6 @@ # Copyright © 2020 Samsung Electronics, highstreet technologies GmbH # Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2021 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -29,33 +30,8 @@ global: service: mariadb-galera internalPort: 3306 nameOverride: mariadb-galera - service: mariadb-galera - # Enabling CMPv2 - cmpv2Enabled: true + # Enabling CMPv2 with CertManager CMPv2CertManagerIntegration: false - platform: - certServiceClient: - image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.2 - secret: - name: oom-cert-service-client-tls-secret - mountPath: /etc/onap/oom/certservice/certs/ - envVariables: - # Certificate related - cert_path: /var/custom-certs - cmpv2Organization: "Linux-Foundation" - cmpv2OrganizationalUnit: "ONAP" - cmpv2Location: "San-Francisco" - cmpv2Country: "US" - # Client configuration related - caName: "RA" - common_name: "sdnc.simpledemo.onap.org" - requestURL: "https://oom-cert-service:8443/v1/certificate/" - requestTimeout: "30000" - keystorePath: "/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks" - outputType: "P12" - keystorePassword: "secret" - truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks" - truststorePassword: "secret" ################################################################# # Secrets metaconfig @@ -141,7 +117,8 @@ secrets: # Certificates ################################################################# certificates: - - commonName: sdnc.simpledemo.onap.org + - mountPath: /var/custom-certs + commonName: sdnc.simpledemo.onap.org dnsNames: - sdnc.simpledemo.onap.org p12Keystore: |