diff options
Diffstat (limited to 'kubernetes/common/certInitializer/templates')
4 files changed, 0 insertions, 357 deletions
diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml deleted file mode 100644 index 1312d98009..0000000000 --- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml +++ /dev/null @@ -1,253 +0,0 @@ -{{/* -# Copyright © 2020 Bell Canada, Samsung Electronics -# Copyright © 2021 Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - - - -{{- define "common.certInitializer._aafConfigVolumeName" -}} - {{ include "common.fullname" . }}-aaf-config -{{- end -}} - -{{- define "common.certInitializer._aafAddConfigVolumeName" -}} - {{ print "aaf-add-config" }} -{{- end -}} - -{{/* - common templates to enable cert initialization for applictaions - - In deployments/jobs/stateful include: - initContainers: - {{ include "common.certInitializer.initContainer" . | nindent XX }} - - containers: - volumeMounts: - {{- include "common.certInitializer.volumeMount" . | nindent XX }} - volumes: - {{- include "common.certInitializer.volume" . | nindent XX}} -*/}} -{{- define "common.certInitializer._initContainer" -}} -{{- $dot := default . .dot -}} -{{- $initRoot := default $dot.Values.certInitializer .initRoot -}} -{{- $initName := default "certInitializer" -}} -{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }} -{{ include "common.readinessCheck.waitFor" $subchartDot }} -- name: {{ include "common.name" $dot }}-aaf-config - image: {{ include "repositoryGenerator.repository" $subchartDot }}/{{ $subchartDot.Values.global.aafAgentImage }} - imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }} - securityContext: - runAsUser: 0 - volumeMounts: - - mountPath: {{ $initRoot.mountPath }} - name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }} - - mountPath: /opt/app/aaf_config/cert/truststoreONAPall.jks.b64 - name: aaf-agent-certs - subPath: truststoreONAPall.jks.b64 - - mountPath: /opt/app/aaf_config/cert/truststoreONAP.p12.b64 - name: aaf-agent-certs - subPath: truststoreONAP.p12.b64 - - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }} - mountPath: /opt/app/aaf_config/bin/retrieval_check.sh - subPath: retrieval_check.sh -{{- if hasKey $initRoot "ingressTlsSecret" }} - - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }} - mountPath: /opt/app/aaf_config/bin/tls_certs_configure.sh - subPath: tls_certs_configure.sh -{{- end }} -{{- if $initRoot.aaf_add_config }} - - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }} - mountPath: /opt/app/aaf_config/bin/aaf-add-config.sh - subPath: aaf-add-config.sh -{{- end }} - command: - - sh - - -c - - | - /opt/app/aaf_config/bin/agent.sh - . /opt/app/aaf_config/bin/retrieval_check.sh -{{- if hasKey $initRoot "ingressTlsSecret" }} - /opt/app/aaf_config/bin/tls_certs_configure.sh -{{- end -}} -{{- if $initRoot.aaf_add_config }} - /opt/app/aaf_config/bin/aaf-add-config.sh -{{- end }} - env: - - name: APP_FQI - value: "{{ $initRoot.fqi }}" - {{- if $initRoot.aaf_namespace }} - - name: aaf_locate_url - value: "https://aaf-locate.{{ $initRoot.aaf_namespace }}:8095" - - name: aaf_locator_container_ns - value: "{{ $initRoot.aaf_namespace }}" - {{- else }} - - name: aaf_locate_url - value: "https://aaf-locate.{{ $dot.Release.Namespace }}:8095" - - name: aaf_locator_container_ns - value: "{{ $dot.Release.Namespace }}" - {{- end }} - - name: aaf_locator_container - value: "oom" - - name: aaf_locator_fqdn - value: "{{ $initRoot.fqdn }}" - - name: aaf_locator_app_ns - value: "{{ $initRoot.app_ns }}" - - name: DEPLOY_FQI - {{- include "common.secret.envFromSecretFast" (dict "global" $subchartDot "uid" "deployer-creds" "key" "login") | indent 6 }} - - name: DEPLOY_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" $subchartDot "uid" "deployer-creds" "key" "password") | indent 6 }} - #Note: want to put this on Nodes, eventually - - name: cadi_longitude - value: "{{ default "52.3" $initRoot.cadi_longitude }}" - - name: cadi_latitude - value: "{{ default "13.2" $initRoot.cadi_latitude }}" - #Hello specific. Clients don't don't need this, unless Registering with AAF Locator - - name: aaf_locator_public_fqdn - value: "{{ $initRoot.public_fqdn | default "" }}" -{{- end -}} - -{{/* - This init container will import custom .pem certificates to truststoreONAPall.jks - Custom certificates must be placed in common/certInitializer/resources directory. - - The feature is enabled by setting Values.global.importCustomCertsEnabled = true - It can be used independently of aafEnabled, however it requires the same includes - as describe above for _initContainer. - - When AAF is enabled the truststoreONAPAll.jks (which contains AAF CA) will be used - to import custom certificates, otherwise the default java keystore will be used. - - The updated truststore file will be placed in /updatedTruststore and can be mounted per component - to a specific path by defining Values.certInitializer.truststoreMountpath (see _trustStoreVolumeMount) - The truststore file will be available to mount even if no custom certificates were imported. -*/}} -{{- define "common.certInitializer._initImportCustomCertsContainer" -}} -{{- $dot := default . .dot -}} -{{- $initRoot := default $dot.Values.certInitializer .initRoot -}} -{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }} -- name: {{ include "common.name" $dot }}-import-custom-certs - image: {{ include "repositoryGenerator.image.jre" $subchartDot }} - imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }} - securityContext: - runAsUser: 0 - command: - - /bin/sh - - -c - - /root/import-custom-certs.sh - env: - - name: AAF_ENABLED - value: "{{ $subchartDot.Values.global.aafEnabled }}" - - name: TRUSTSTORE_OUTPUT_FILENAME - value: "{{ $initRoot.truststoreOutputFileName }}" - - name: TRUSTSTORE_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" $subchartDot "uid" "truststore-creds" "key" "password") | indent 6 }} - volumeMounts: - - mountPath: /certs - name: aaf-agent-certs - - mountPath: /more_certs - name: provided-custom-certs - - mountPath: /root/import-custom-certs.sh - name: aaf-agent-certs - subPath: import-custom-certs.sh - - mountPath: /updatedTruststore - name: updated-truststore -{{- end -}} - -{{- define "common.certInitializer._volumeMount" -}} -{{- $dot := default . .dot -}} -{{- $initRoot := default $dot.Values.certInitializer .initRoot -}} -- mountPath: {{ $initRoot.appMountPath }} - name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }} -{{- end -}} - -{{/* - This is used together with _initImportCustomCertsContainer - It mounts the updated truststore (with imported custom certificates) to the - truststoreMountpath defined in the values file for the component. -*/}} -{{- define "common.certInitializer._trustStoreVolumeMount" -}} -{{- $dot := default . .dot -}} -{{- $initRoot := default $dot.Values.certInitializer .initRoot -}} -{{- if gt (len $initRoot.truststoreMountpath) 0 }} -- mountPath: {{ $initRoot.truststoreMountpath }}/{{ $initRoot.truststoreOutputFileName }} - name: updated-truststore - subPath: {{ $initRoot.truststoreOutputFileName }} -- mountPath: /etc/ssl/certs/ca-certificates.crt - name: updated-truststore - subPath: ca-certificates.crt -{{- end -}} -{{- end -}} - -{{- define "common.certInitializer._volumes" -}} -{{- $dot := default . .dot -}} -{{- $initRoot := default $dot.Values.certInitializer .initRoot -}} -{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot))}} -- name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }} - emptyDir: - medium: Memory -- name: aaf-agent-certs - configMap: - name: {{ tpl $subchartDot.Values.certsCMName $subchartDot }} - defaultMode: 0700 -{{- if $dot.Values.global.importCustomCertsEnabled }} -- name: provided-custom-certs -{{- if $dot.Values.global.customCertsSecret }} - secret: - secretName: {{ $dot.Values.global.customCertsSecret }} -{{- else }} -{{- if $dot.Values.global.customCertsConfigMap }} - configMap: - name: {{ $dot.Values.global.customCertsConfigMap }} -{{- else }} - emptyDir: - medium: Memory -{{- end }} -{{- end }} -{{- end }} -- name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }} - configMap: - name: {{ include "common.fullname" $subchartDot }}-add-config - defaultMode: 0700 -{{- if $dot.Values.global.importCustomCertsEnabled }} -- name: updated-truststore - emptyDir: {} -{{- end -}} -{{- end -}} - -{{- define "common.certInitializer.initContainer" -}} -{{- $dot := default . .dot -}} - {{- if $dot.Values.global.importCustomCertsEnabled }} - {{ include "common.certInitializer._initImportCustomCertsContainer" . }} - {{- end -}} - {{- if $dot.Values.global.aafEnabled }} - {{ include "common.certInitializer._initContainer" . }} - {{- end -}} -{{- end -}} - -{{- define "common.certInitializer.volumeMount" -}} -{{- $dot := default . .dot -}} - {{- if $dot.Values.global.aafEnabled }} - {{- include "common.certInitializer._volumeMount" . }} - {{- end -}} - {{- if $dot.Values.global.importCustomCertsEnabled }} - {{- include "common.certInitializer._trustStoreVolumeMount" . }} - {{- end -}} -{{- end -}} - -{{- define "common.certInitializer.volumes" -}} -{{- $dot := default . .dot -}} - {{- if or ($dot.Values.global.aafEnabled ) ($dot.Values.global.importCustomCertsEnabled) }} - {{- include "common.certInitializer._volumes" . }} - {{- end -}} -{{- end -}} diff --git a/kubernetes/common/certInitializer/templates/configmap.yaml b/kubernetes/common/certInitializer/templates/configmap.yaml deleted file mode 100644 index abd1575774..0000000000 --- a/kubernetes/common/certInitializer/templates/configmap.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{/* -# Copyright © 2020 Samsung Electronics -# Copyright © 2021 Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -{{- $suffix := "add-config" }} -metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }} -data: -{{ tpl (.Files.Glob "resources/retrieval/retrieval_check.sh").AsConfig . | indent 2 }} -{{- if hasKey .Values "ingressTlsSecret" }} -{{ tpl (.Files.Glob "resources/retrieval/tls_certs_configure.sh").AsConfig . | indent 2 }} -{{- end }} -{{ if .Values.aaf_add_config }} - aaf-add-config.sh: | - {{ tpl .Values.aaf_add_config . | indent 4 | trim }} -{{- end }} -{{- if hasKey .Values "ingressTlsSecret" }} ---- -apiVersion: v1 -kind: ConfigMap -{{- $suffix := "ingress" }} -metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }} -data: -{{ tpl (.Files.Glob "resources/ingress/onboard.sh").AsConfig . | indent 2 }} -{{- end }} diff --git a/kubernetes/common/certInitializer/templates/job.yaml b/kubernetes/common/certInitializer/templates/job.yaml deleted file mode 100644 index 84a3e87098..0000000000 --- a/kubernetes/common/certInitializer/templates/job.yaml +++ /dev/null @@ -1,48 +0,0 @@ -{{/* -# Copyright © 2021 Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if hasKey .Values "ingressTlsSecret" }} -apiVersion: batch/v1 -kind: Job -{{- $suffix := "set-tls-secret" }} -metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }} -spec: - backoffLimit: 20 - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - spec: - initContainers: {{ include "common.certInitializer.initContainer" (dict "dot" . "initRoot" .Values) | nindent 6 }} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" - containers: - - name: create-tls-secret - command: - - /ingress/onboard.sh - image: {{ include "repositoryGenerator.image.kubectl" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "common.certInitializer.volumeMount" (dict "dot" . "initRoot" .Values) | nindent 8 }} - - name: ingress-scripts - mountPath: /ingress - volumes: {{ include "common.certInitializer.volumes" (dict "dot" . "initRoot" .Values) | nindent 6 }} - - name: localtime - hostPath: - path: /etc/localtime - - name: ingress-scripts - configMap: - name: {{ include "common.fullname" . }}-ingress - defaultMode: 0777 - restartPolicy: Never -{{- end}} diff --git a/kubernetes/common/certInitializer/templates/secret.yaml b/kubernetes/common/certInitializer/templates/secret.yaml deleted file mode 100644 index 34932b713d..0000000000 --- a/kubernetes/common/certInitializer/templates/secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.secretFast" . }} |