diff options
author | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2020-03-18 18:13:51 +0100 |
---|---|---|
committer | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2020-03-31 08:34:31 +0200 |
commit | aadf545643827a440b082f4dcf6afdfd1c2012e2 (patch) | |
tree | ba293ac6337478c5ab5371286d8213fb8dec3d31 /kubernetes/so/templates/_certificates.tpl | |
parent | 5af320fc0c9e5f250e595cfa8daa93835016fca1 (diff) |
[SO] Onboard ONAP CA during init phase
Workaround for retrieving ONAP root CA and keeping SO container being
run by no root user.
Issue-ID: SO-2730
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ib1b48c0a6fcca359a780640b8c705e75fd78dc1a
Diffstat (limited to 'kubernetes/so/templates/_certificates.tpl')
-rw-r--r-- | kubernetes/so/templates/_certificates.tpl | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/kubernetes/so/templates/_certificates.tpl b/kubernetes/so/templates/_certificates.tpl new file mode 100644 index 0000000000..8bd25d27a1 --- /dev/null +++ b/kubernetes/so/templates/_certificates.tpl @@ -0,0 +1,32 @@ +{{- define "so.certificate.container_importer" -}} +- name: {{ include "common.name" . }}-certs-importer + image: "{{ include "common.repository" . }}/{{ .Values.global.soBaseImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - "/bin/sh" + args: + - "-c" + - "update-ca-certificates --fresh && \ + cp -r {{ .Values.global.certificates.path }}/* /certificates" + volumeMounts: + - name: {{ include "common.name" . }}-certificates + mountPath: /certificates + - name: {{ include "common.name" . }}-onap-certificates + mountPath: {{ .Values.global.certificates.share_path }} +{{- end -}} + +{{- define "so.certificate.volume-mounts" -}} +- name: {{ include "common.name" . }}-certificates + mountPath: {{ .Values.global.certificates.path }} +- name: {{ include "common.name" . }}-onap-certificates + mountPath: {{ .Values.global.certificates.share_path }} +{{- end -}} + +{{- define "so.certificate.volumes" -}} +- name: {{ include "common.name" . }}-certificates + emptyDir: + medium: Memory +- name: {{ include "common.name" . }}-onap-certificates + secret: + secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "so-onap-certs") }} +{{- end -}} |