diff options
author | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2020-11-24 08:27:40 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2020-11-24 08:27:40 +0000 |
commit | 5229ec2ce61bbaf416c746c91254cb39175ff2bc (patch) | |
tree | 6f6303b522698ca39a5156c3445fb8e0213c45f8 /kubernetes | |
parent | febf47fd7552d4551bbdcd9ae4898cdafad818f1 (diff) | |
parent | 11eafc54cb946d13c663d55449dcd033db387d89 (diff) |
Merge "[PLATFORM] Add new fake deployment to fix offline certificates generation"
Diffstat (limited to 'kubernetes')
4 files changed, 49 insertions, 3 deletions
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 5e5e249f71..3c8b1e9d90 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -185,6 +185,11 @@ global: truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks" truststorePassword: "secret" + # Indicates offline deployment build + # Set to true if you are rendering helm charts for offline deployment + # Otherwise keep it disabled + offlineDeploymentBuild: false + # TLS # Set to false if you want to disable TLS for NodePorts. Be aware that this # will loosen your security. diff --git a/kubernetes/platform/components/oom-cert-service/Makefile b/kubernetes/platform/components/oom-cert-service/Makefile index c4723dfdd1..c15fdc7a51 100644 --- a/kubernetes/platform/components/oom-cert-service/Makefile +++ b/kubernetes/platform/components/oom-cert-service/Makefile @@ -27,7 +27,12 @@ all: start_docker \ # Starts docker container for generating certificates - deletes first, if already running start_docker: @make stop_docker - docker run -d --rm --name ${DOCKER_CONTAINER} --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/certs -w /certs docker.io/openjdk:11-jre-slim tail -f /dev/null + $(eval REPOSITORY := $(shell cat ./values.yaml | grep -i "^[ \t]*repository" -m1 | xargs | cut -d ' ' -f2)) + $(eval JAVA_IMAGE := $(shell cat ./values.yaml | grep -i "^[ \t]*certificateGenerationImage" -m1 | xargs | cut -d ' ' -f2)) + $(eval FULL_JAVA_IMAGE := $(REPOSITORY)/$(JAVA_IMAGE)) + $(eval USER :=$(shell id -u)) + $(eval GROUP :=$(shell id -g)) + docker run --rm --name ${DOCKER_CONTAINER} --user "$(USER):$(GROUP)" --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/app -w /app --entrypoint "sh" -td $(FULL_JAVA_IMAGE) # Stops docker container for generating certificates. 'true' is used to return 0 status code, if container is already deleted stop_docker: @@ -89,7 +94,7 @@ client_sign_certificate_by_root: #Import root certificate into client client_import_root_certificate: @echo "Import root certificate into intermediate" - ${DOCKER_EXEC} bash -c "cat root.crt >> certServiceClientByRoot.crt" + ${DOCKER_EXEC} sh -c "cat root.crt >> certServiceClientByRoot.crt" @echo "####done####" #Import signed certificate into certService's client @@ -124,7 +129,7 @@ server_sign_certificate_by_root: #Import root certificate into server server_import_root_certificate: @echo "Import root certificate into intermediate(server)" - ${DOCKER_EXEC} bash -c "cat root.crt >> certServiceServerByRoot.crt" + ${DOCKER_EXEC} sh -c "cat root.crt >> certServiceServerByRoot.crt" @echo "####done####" #Import signed certificate into certService diff --git a/kubernetes/platform/components/oom-cert-service/templates/fake_deployment.yaml b/kubernetes/platform/components/oom-cert-service/templates/fake_deployment.yaml new file mode 100644 index 0000000000..1d1224afa4 --- /dev/null +++ b/kubernetes/platform/components/oom-cert-service/templates/fake_deployment.yaml @@ -0,0 +1,31 @@ +{{/* + # Copyright © 2020, Nokia + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. +*/}} + +{{- if .Values.global.offlineDeploymentBuild }} +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: {{- include "common.selectors" . | nindent 4 }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + containers: + - name: {{ include "common.name" . }} + image: {{ include "common.repository" . }}/{{ .Values.certifcateGenerationImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} +{{ end -}} diff --git a/kubernetes/platform/components/oom-cert-service/values.yaml b/kubernetes/platform/components/oom-cert-service/values.yaml index d4586a1d4b..ee51ec7a7d 100644 --- a/kubernetes/platform/components/oom-cert-service/values.yaml +++ b/kubernetes/platform/components/oom-cert-service/values.yaml @@ -21,6 +21,8 @@ global: enabled: true # Standard OOM pullPolicy: "Always" + repository: "nexus3.onap.org:10001" + offlineDeploymentBuild: false # Service configuration @@ -31,8 +33,11 @@ service: port: 8443 port_protocol: http +# Certificates generation configuration +certificateGenerationImage: onap/integration-java11:7.1.0 # Deployment configuration +repository: "nexus3.onap.org:10001" image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.1.0 pullPolicy: Always replicaCount: 1 |