summaryrefslogtreecommitdiffstats
path: root/kubernetes/common/certInitializer/templates
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/common/certInitializer/templates')
-rw-r--r--kubernetes/common/certInitializer/templates/_certInitializer.yaml253
-rw-r--r--kubernetes/common/certInitializer/templates/configmap.yaml39
-rw-r--r--kubernetes/common/certInitializer/templates/job.yaml48
-rw-r--r--kubernetes/common/certInitializer/templates/secret.yaml17
4 files changed, 0 insertions, 357 deletions
diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
deleted file mode 100644
index 1312d98009..0000000000
--- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml
+++ /dev/null
@@ -1,253 +0,0 @@
-{{/*
-# Copyright © 2020 Bell Canada, Samsung Electronics
-# Copyright © 2021 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-
-
-{{- define "common.certInitializer._aafConfigVolumeName" -}}
- {{ include "common.fullname" . }}-aaf-config
-{{- end -}}
-
-{{- define "common.certInitializer._aafAddConfigVolumeName" -}}
- {{ print "aaf-add-config" }}
-{{- end -}}
-
-{{/*
- common templates to enable cert initialization for applictaions
-
- In deployments/jobs/stateful include:
- initContainers:
- {{ include "common.certInitializer.initContainer" . | nindent XX }}
-
- containers:
- volumeMounts:
- {{- include "common.certInitializer.volumeMount" . | nindent XX }}
- volumes:
- {{- include "common.certInitializer.volume" . | nindent XX}}
-*/}}
-{{- define "common.certInitializer._initContainer" -}}
-{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
-{{- $initName := default "certInitializer" -}}
-{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
-{{ include "common.readinessCheck.waitFor" $subchartDot }}
-- name: {{ include "common.name" $dot }}-aaf-config
- image: {{ include "repositoryGenerator.repository" $subchartDot }}/{{ $subchartDot.Values.global.aafAgentImage }}
- imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }}
- securityContext:
- runAsUser: 0
- volumeMounts:
- - mountPath: {{ $initRoot.mountPath }}
- name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }}
- - mountPath: /opt/app/aaf_config/cert/truststoreONAPall.jks.b64
- name: aaf-agent-certs
- subPath: truststoreONAPall.jks.b64
- - mountPath: /opt/app/aaf_config/cert/truststoreONAP.p12.b64
- name: aaf-agent-certs
- subPath: truststoreONAP.p12.b64
- - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }}
- mountPath: /opt/app/aaf_config/bin/retrieval_check.sh
- subPath: retrieval_check.sh
-{{- if hasKey $initRoot "ingressTlsSecret" }}
- - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }}
- mountPath: /opt/app/aaf_config/bin/tls_certs_configure.sh
- subPath: tls_certs_configure.sh
-{{- end }}
-{{- if $initRoot.aaf_add_config }}
- - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }}
- mountPath: /opt/app/aaf_config/bin/aaf-add-config.sh
- subPath: aaf-add-config.sh
-{{- end }}
- command:
- - sh
- - -c
- - |
- /opt/app/aaf_config/bin/agent.sh
- . /opt/app/aaf_config/bin/retrieval_check.sh
-{{- if hasKey $initRoot "ingressTlsSecret" }}
- /opt/app/aaf_config/bin/tls_certs_configure.sh
-{{- end -}}
-{{- if $initRoot.aaf_add_config }}
- /opt/app/aaf_config/bin/aaf-add-config.sh
-{{- end }}
- env:
- - name: APP_FQI
- value: "{{ $initRoot.fqi }}"
- {{- if $initRoot.aaf_namespace }}
- - name: aaf_locate_url
- value: "https://aaf-locate.{{ $initRoot.aaf_namespace }}:8095"
- - name: aaf_locator_container_ns
- value: "{{ $initRoot.aaf_namespace }}"
- {{- else }}
- - name: aaf_locate_url
- value: "https://aaf-locate.{{ $dot.Release.Namespace }}:8095"
- - name: aaf_locator_container_ns
- value: "{{ $dot.Release.Namespace }}"
- {{- end }}
- - name: aaf_locator_container
- value: "oom"
- - name: aaf_locator_fqdn
- value: "{{ $initRoot.fqdn }}"
- - name: aaf_locator_app_ns
- value: "{{ $initRoot.app_ns }}"
- - name: DEPLOY_FQI
- {{- include "common.secret.envFromSecretFast" (dict "global" $subchartDot "uid" "deployer-creds" "key" "login") | indent 6 }}
- - name: DEPLOY_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" $subchartDot "uid" "deployer-creds" "key" "password") | indent 6 }}
- #Note: want to put this on Nodes, eventually
- - name: cadi_longitude
- value: "{{ default "52.3" $initRoot.cadi_longitude }}"
- - name: cadi_latitude
- value: "{{ default "13.2" $initRoot.cadi_latitude }}"
- #Hello specific. Clients don't don't need this, unless Registering with AAF Locator
- - name: aaf_locator_public_fqdn
- value: "{{ $initRoot.public_fqdn | default "" }}"
-{{- end -}}
-
-{{/*
- This init container will import custom .pem certificates to truststoreONAPall.jks
- Custom certificates must be placed in common/certInitializer/resources directory.
-
- The feature is enabled by setting Values.global.importCustomCertsEnabled = true
- It can be used independently of aafEnabled, however it requires the same includes
- as describe above for _initContainer.
-
- When AAF is enabled the truststoreONAPAll.jks (which contains AAF CA) will be used
- to import custom certificates, otherwise the default java keystore will be used.
-
- The updated truststore file will be placed in /updatedTruststore and can be mounted per component
- to a specific path by defining Values.certInitializer.truststoreMountpath (see _trustStoreVolumeMount)
- The truststore file will be available to mount even if no custom certificates were imported.
-*/}}
-{{- define "common.certInitializer._initImportCustomCertsContainer" -}}
-{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
-{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
-- name: {{ include "common.name" $dot }}-import-custom-certs
- image: {{ include "repositoryGenerator.image.jre" $subchartDot }}
- imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }}
- securityContext:
- runAsUser: 0
- command:
- - /bin/sh
- - -c
- - /root/import-custom-certs.sh
- env:
- - name: AAF_ENABLED
- value: "{{ $subchartDot.Values.global.aafEnabled }}"
- - name: TRUSTSTORE_OUTPUT_FILENAME
- value: "{{ $initRoot.truststoreOutputFileName }}"
- - name: TRUSTSTORE_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" $subchartDot "uid" "truststore-creds" "key" "password") | indent 6 }}
- volumeMounts:
- - mountPath: /certs
- name: aaf-agent-certs
- - mountPath: /more_certs
- name: provided-custom-certs
- - mountPath: /root/import-custom-certs.sh
- name: aaf-agent-certs
- subPath: import-custom-certs.sh
- - mountPath: /updatedTruststore
- name: updated-truststore
-{{- end -}}
-
-{{- define "common.certInitializer._volumeMount" -}}
-{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
-- mountPath: {{ $initRoot.appMountPath }}
- name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }}
-{{- end -}}
-
-{{/*
- This is used together with _initImportCustomCertsContainer
- It mounts the updated truststore (with imported custom certificates) to the
- truststoreMountpath defined in the values file for the component.
-*/}}
-{{- define "common.certInitializer._trustStoreVolumeMount" -}}
-{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
-{{- if gt (len $initRoot.truststoreMountpath) 0 }}
-- mountPath: {{ $initRoot.truststoreMountpath }}/{{ $initRoot.truststoreOutputFileName }}
- name: updated-truststore
- subPath: {{ $initRoot.truststoreOutputFileName }}
-- mountPath: /etc/ssl/certs/ca-certificates.crt
- name: updated-truststore
- subPath: ca-certificates.crt
-{{- end -}}
-{{- end -}}
-
-{{- define "common.certInitializer._volumes" -}}
-{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
-{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot))}}
-- name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }}
- emptyDir:
- medium: Memory
-- name: aaf-agent-certs
- configMap:
- name: {{ tpl $subchartDot.Values.certsCMName $subchartDot }}
- defaultMode: 0700
-{{- if $dot.Values.global.importCustomCertsEnabled }}
-- name: provided-custom-certs
-{{- if $dot.Values.global.customCertsSecret }}
- secret:
- secretName: {{ $dot.Values.global.customCertsSecret }}
-{{- else }}
-{{- if $dot.Values.global.customCertsConfigMap }}
- configMap:
- name: {{ $dot.Values.global.customCertsConfigMap }}
-{{- else }}
- emptyDir:
- medium: Memory
-{{- end }}
-{{- end }}
-{{- end }}
-- name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }}
- configMap:
- name: {{ include "common.fullname" $subchartDot }}-add-config
- defaultMode: 0700
-{{- if $dot.Values.global.importCustomCertsEnabled }}
-- name: updated-truststore
- emptyDir: {}
-{{- end -}}
-{{- end -}}
-
-{{- define "common.certInitializer.initContainer" -}}
-{{- $dot := default . .dot -}}
- {{- if $dot.Values.global.importCustomCertsEnabled }}
- {{ include "common.certInitializer._initImportCustomCertsContainer" . }}
- {{- end -}}
- {{- if $dot.Values.global.aafEnabled }}
- {{ include "common.certInitializer._initContainer" . }}
- {{- end -}}
-{{- end -}}
-
-{{- define "common.certInitializer.volumeMount" -}}
-{{- $dot := default . .dot -}}
- {{- if $dot.Values.global.aafEnabled }}
- {{- include "common.certInitializer._volumeMount" . }}
- {{- end -}}
- {{- if $dot.Values.global.importCustomCertsEnabled }}
- {{- include "common.certInitializer._trustStoreVolumeMount" . }}
- {{- end -}}
-{{- end -}}
-
-{{- define "common.certInitializer.volumes" -}}
-{{- $dot := default . .dot -}}
- {{- if or ($dot.Values.global.aafEnabled ) ($dot.Values.global.importCustomCertsEnabled) }}
- {{- include "common.certInitializer._volumes" . }}
- {{- end -}}
-{{- end -}}
diff --git a/kubernetes/common/certInitializer/templates/configmap.yaml b/kubernetes/common/certInitializer/templates/configmap.yaml
deleted file mode 100644
index abd1575774..0000000000
--- a/kubernetes/common/certInitializer/templates/configmap.yaml
+++ /dev/null
@@ -1,39 +0,0 @@
-{{/*
-# Copyright © 2020 Samsung Electronics
-# Copyright © 2021 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-{{- $suffix := "add-config" }}
-metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
-data:
-{{ tpl (.Files.Glob "resources/retrieval/retrieval_check.sh").AsConfig . | indent 2 }}
-{{- if hasKey .Values "ingressTlsSecret" }}
-{{ tpl (.Files.Glob "resources/retrieval/tls_certs_configure.sh").AsConfig . | indent 2 }}
-{{- end }}
-{{ if .Values.aaf_add_config }}
- aaf-add-config.sh: |
- {{ tpl .Values.aaf_add_config . | indent 4 | trim }}
-{{- end }}
-{{- if hasKey .Values "ingressTlsSecret" }}
----
-apiVersion: v1
-kind: ConfigMap
-{{- $suffix := "ingress" }}
-metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
-data:
-{{ tpl (.Files.Glob "resources/ingress/onboard.sh").AsConfig . | indent 2 }}
-{{- end }}
diff --git a/kubernetes/common/certInitializer/templates/job.yaml b/kubernetes/common/certInitializer/templates/job.yaml
deleted file mode 100644
index 84a3e87098..0000000000
--- a/kubernetes/common/certInitializer/templates/job.yaml
+++ /dev/null
@@ -1,48 +0,0 @@
-{{/*
-# Copyright © 2021 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if hasKey .Values "ingressTlsSecret" }}
-apiVersion: batch/v1
-kind: Job
-{{- $suffix := "set-tls-secret" }}
-metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
-spec:
- backoffLimit: 20
- template:
- metadata: {{- include "common.templateMetadata" . | nindent 6 }}
- spec:
- initContainers: {{ include "common.certInitializer.initContainer" (dict "dot" . "initRoot" .Values) | nindent 6 }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- containers:
- - name: create-tls-secret
- command:
- - /ingress/onboard.sh
- image: {{ include "repositoryGenerator.image.kubectl" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" (dict "dot" . "initRoot" .Values) | nindent 8 }}
- - name: ingress-scripts
- mountPath: /ingress
- volumes: {{ include "common.certInitializer.volumes" (dict "dot" . "initRoot" .Values) | nindent 6 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: ingress-scripts
- configMap:
- name: {{ include "common.fullname" . }}-ingress
- defaultMode: 0777
- restartPolicy: Never
-{{- end}}
diff --git a/kubernetes/common/certInitializer/templates/secret.yaml b/kubernetes/common/certInitializer/templates/secret.yaml
deleted file mode 100644
index 34932b713d..0000000000
--- a/kubernetes/common/certInitializer/templates/secret.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-{{/*
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.secretFast" . }}