aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes
diff options
context:
space:
mode:
authorSylvain Desbureaux <sylvain.desbureaux@orange.com>2020-11-24 08:27:40 +0000
committerGerrit Code Review <gerrit@onap.org>2020-11-24 08:27:40 +0000
commit5229ec2ce61bbaf416c746c91254cb39175ff2bc (patch)
tree6f6303b522698ca39a5156c3445fb8e0213c45f8 /kubernetes
parentfebf47fd7552d4551bbdcd9ae4898cdafad818f1 (diff)
parent11eafc54cb946d13c663d55449dcd033db387d89 (diff)
Merge "[PLATFORM] Add new fake deployment to fix offline certificates generation"
Diffstat (limited to 'kubernetes')
-rwxr-xr-xkubernetes/onap/values.yaml5
-rw-r--r--kubernetes/platform/components/oom-cert-service/Makefile11
-rw-r--r--kubernetes/platform/components/oom-cert-service/templates/fake_deployment.yaml31
-rw-r--r--kubernetes/platform/components/oom-cert-service/values.yaml5
4 files changed, 49 insertions, 3 deletions
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 5e5e249f71..3c8b1e9d90 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -185,6 +185,11 @@ global:
truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks"
truststorePassword: "secret"
+ # Indicates offline deployment build
+ # Set to true if you are rendering helm charts for offline deployment
+ # Otherwise keep it disabled
+ offlineDeploymentBuild: false
+
# TLS
# Set to false if you want to disable TLS for NodePorts. Be aware that this
# will loosen your security.
diff --git a/kubernetes/platform/components/oom-cert-service/Makefile b/kubernetes/platform/components/oom-cert-service/Makefile
index c4723dfdd1..c15fdc7a51 100644
--- a/kubernetes/platform/components/oom-cert-service/Makefile
+++ b/kubernetes/platform/components/oom-cert-service/Makefile
@@ -27,7 +27,12 @@ all: start_docker \
# Starts docker container for generating certificates - deletes first, if already running
start_docker:
@make stop_docker
- docker run -d --rm --name ${DOCKER_CONTAINER} --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/certs -w /certs docker.io/openjdk:11-jre-slim tail -f /dev/null
+ $(eval REPOSITORY := $(shell cat ./values.yaml | grep -i "^[ \t]*repository" -m1 | xargs | cut -d ' ' -f2))
+ $(eval JAVA_IMAGE := $(shell cat ./values.yaml | grep -i "^[ \t]*certificateGenerationImage" -m1 | xargs | cut -d ' ' -f2))
+ $(eval FULL_JAVA_IMAGE := $(REPOSITORY)/$(JAVA_IMAGE))
+ $(eval USER :=$(shell id -u))
+ $(eval GROUP :=$(shell id -g))
+ docker run --rm --name ${DOCKER_CONTAINER} --user "$(USER):$(GROUP)" --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/app -w /app --entrypoint "sh" -td $(FULL_JAVA_IMAGE)
# Stops docker container for generating certificates. 'true' is used to return 0 status code, if container is already deleted
stop_docker:
@@ -89,7 +94,7 @@ client_sign_certificate_by_root:
#Import root certificate into client
client_import_root_certificate:
@echo "Import root certificate into intermediate"
- ${DOCKER_EXEC} bash -c "cat root.crt >> certServiceClientByRoot.crt"
+ ${DOCKER_EXEC} sh -c "cat root.crt >> certServiceClientByRoot.crt"
@echo "####done####"
#Import signed certificate into certService's client
@@ -124,7 +129,7 @@ server_sign_certificate_by_root:
#Import root certificate into server
server_import_root_certificate:
@echo "Import root certificate into intermediate(server)"
- ${DOCKER_EXEC} bash -c "cat root.crt >> certServiceServerByRoot.crt"
+ ${DOCKER_EXEC} sh -c "cat root.crt >> certServiceServerByRoot.crt"
@echo "####done####"
#Import signed certificate into certService
diff --git a/kubernetes/platform/components/oom-cert-service/templates/fake_deployment.yaml b/kubernetes/platform/components/oom-cert-service/templates/fake_deployment.yaml
new file mode 100644
index 0000000000..1d1224afa4
--- /dev/null
+++ b/kubernetes/platform/components/oom-cert-service/templates/fake_deployment.yaml
@@ -0,0 +1,31 @@
+{{/*
+ # Copyright © 2020, Nokia
+ #
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+*/}}
+
+{{- if .Values.global.offlineDeploymentBuild }}
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "common.repository" . }}/{{ .Values.certifcateGenerationImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{ end -}}
diff --git a/kubernetes/platform/components/oom-cert-service/values.yaml b/kubernetes/platform/components/oom-cert-service/values.yaml
index d4586a1d4b..ee51ec7a7d 100644
--- a/kubernetes/platform/components/oom-cert-service/values.yaml
+++ b/kubernetes/platform/components/oom-cert-service/values.yaml
@@ -21,6 +21,8 @@ global:
enabled: true
# Standard OOM
pullPolicy: "Always"
+ repository: "nexus3.onap.org:10001"
+ offlineDeploymentBuild: false
# Service configuration
@@ -31,8 +33,11 @@ service:
port: 8443
port_protocol: http
+# Certificates generation configuration
+certificateGenerationImage: onap/integration-java11:7.1.0
# Deployment configuration
+repository: "nexus3.onap.org:10001"
image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.1.0
pullPolicy: Always
replicaCount: 1