summaryrefslogtreecommitdiffstats
path: root/kubernetes/so/templates/_certificates.tpl
diff options
context:
space:
mode:
authorSylvain Desbureaux <sylvain.desbureaux@orange.com>2020-03-18 18:13:51 +0100
committerSylvain Desbureaux <sylvain.desbureaux@orange.com>2020-03-31 08:34:31 +0200
commitaadf545643827a440b082f4dcf6afdfd1c2012e2 (patch)
treeba293ac6337478c5ab5371286d8213fb8dec3d31 /kubernetes/so/templates/_certificates.tpl
parent5af320fc0c9e5f250e595cfa8daa93835016fca1 (diff)
[SO] Onboard ONAP CA during init phase
Workaround for retrieving ONAP root CA and keeping SO container being run by no root user. Issue-ID: SO-2730 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ib1b48c0a6fcca359a780640b8c705e75fd78dc1a
Diffstat (limited to 'kubernetes/so/templates/_certificates.tpl')
-rw-r--r--kubernetes/so/templates/_certificates.tpl32
1 files changed, 32 insertions, 0 deletions
diff --git a/kubernetes/so/templates/_certificates.tpl b/kubernetes/so/templates/_certificates.tpl
new file mode 100644
index 0000000000..8bd25d27a1
--- /dev/null
+++ b/kubernetes/so/templates/_certificates.tpl
@@ -0,0 +1,32 @@
+{{- define "so.certificate.container_importer" -}}
+- name: {{ include "common.name" . }}-certs-importer
+ image: "{{ include "common.repository" . }}/{{ .Values.global.soBaseImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - "/bin/sh"
+ args:
+ - "-c"
+ - "update-ca-certificates --fresh && \
+ cp -r {{ .Values.global.certificates.path }}/* /certificates"
+ volumeMounts:
+ - name: {{ include "common.name" . }}-certificates
+ mountPath: /certificates
+ - name: {{ include "common.name" . }}-onap-certificates
+ mountPath: {{ .Values.global.certificates.share_path }}
+{{- end -}}
+
+{{- define "so.certificate.volume-mounts" -}}
+- name: {{ include "common.name" . }}-certificates
+ mountPath: {{ .Values.global.certificates.path }}
+- name: {{ include "common.name" . }}-onap-certificates
+ mountPath: {{ .Values.global.certificates.share_path }}
+{{- end -}}
+
+{{- define "so.certificate.volumes" -}}
+- name: {{ include "common.name" . }}-certificates
+ emptyDir:
+ medium: Memory
+- name: {{ include "common.name" . }}-onap-certificates
+ secret:
+ secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "so-onap-certs") }}
+{{- end -}}