aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/common/certInitializer/templates
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/common/certInitializer/templates')
-rw-r--r--kubernetes/common/certInitializer/templates/_certInitializer.yaml163
-rw-r--r--kubernetes/common/certInitializer/templates/configmap.yaml32
-rw-r--r--kubernetes/common/certInitializer/templates/secret.yaml17
3 files changed, 212 insertions, 0 deletions
diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
new file mode 100644
index 0000000000..17872d7f12
--- /dev/null
+++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
@@ -0,0 +1,163 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+
+
+{{- define "common.certInitializer._aafConfigVolumeName" -}}
+ {{ include "common.fullname" . }}-aaf-config
+{{- end -}}
+
+{{- define "common.certInitializer._aafAddConfigVolumeName" -}}
+ {{ print "aaf-add-config" }}
+{{- end -}}
+
+{{/*
+ common templates to enable cert initialization for applictaions
+
+ In deployments/jobs/stateful include:
+ initContainers:
+ {{ include "common.certInitializer.initContainer" . | nindent XX }}
+
+ containers:
+ volumeMounts:
+ {{- include "common.certInitializer.volumeMount" . | nindent XX }}
+ volumes:
+ {{- include "common.certInitializer.volume" . | nindent XX}}
+*/}}
+{{- define "common.certInitializer._initContainer" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
+{{- $initName := default "certInitializer" -}}
+{{/* Our version of helm doesn't support deepCopy so we need this nasty trick */}}
+{{- $subchartDot := mergeOverwrite (fromJson (toJson $dot)) (dict "Chart" (set (fromJson (toJson .Chart)) "Name" $initRoot.nameOverride) "Values" $initRoot) }}
+- name: {{ include "common.name" $dot }}-aaf-readiness
+ image: "{{ $dot.Values.global.readinessRepository }}/{{ $dot.Values.global.readinessImage }}"
+ imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - aaf-locate
+ - --container-name
+ - aaf-cm
+ - --container-name
+ - aaf-service
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+- name: {{ include "common.name" $dot }}-aaf-config
+ image: {{ (default $dot.Values.repository $dot.Values.global.repository) }}/{{ $dot.Values.global.aafAgentImage }}
+ imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: {{ $initRoot.mountPath }}
+ name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }}
+ - mountPath: /opt/app/aaf_config/cert/truststoreONAPall.jks.b64
+ name: aaf-agent-certs
+ subPath: truststoreONAPall.jks.b64
+ - mountPath: /opt/app/aaf_config/cert/truststoreONAP.p12.b64
+ name: aaf-agent-certs
+ subPath: truststoreONAP.p12.b64
+{{- if $initRoot.aaf_add_config }}
+ - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }}
+ mountPath: /opt/app/aaf_config/bin/aaf-add-config.sh
+ subPath: aaf-add-config.sh
+{{- end }}
+ command:
+ - sh
+ - -c
+ - |
+ #!/usr/bin/env bash
+ /opt/app/aaf_config/bin/agent.sh
+{{- if $initRoot.aaf_add_config }}
+ /opt/app/aaf_config/bin/aaf-add-config.sh
+{{- end }}
+ env:
+ - name: APP_FQI
+ value: "{{ $initRoot.fqi }}"
+ - name: aaf_locate_url
+ value: "https://aaf-locate.{{ $dot.Release.Namespace}}:8095"
+ - name: aaf_locator_container
+ value: "oom"
+ - name: aaf_locator_container_ns
+ value: "{{ $dot.Release.Namespace }}"
+ - name: aaf_locator_fqdn
+ value: "{{ $initRoot.fqdn }}"
+ - name: aaf_locator_app_ns
+ value: "{{ $initRoot.app_ns }}"
+ - name: DEPLOY_FQI
+ {{- include "common.secret.envFromSecretFast" (dict "global" $subchartDot "uid" "deployer-creds" "key" "login") | indent 6 }}
+ - name: DEPLOY_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" $subchartDot "uid" "deployer-creds" "key" "password") | indent 6 }}
+ #Note: want to put this on Nodes, eventually
+ - name: cadi_longitude
+ value: "{{ default "52.3" $initRoot.cadi_longitude }}"
+ - name: cadi_latitude
+ value: "{{ default "13.2" $initRoot.cadi_latitude }}"
+ #Hello specific. Clients don't don't need this, unless Registering with AAF Locator
+ - name: aaf_locator_public_fqdn
+ value: "{{ $initRoot.public_fqdn | default "" }}"
+{{- end -}}
+
+{{- define "common.certInitializer._volumeMount" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
+- mountPath: {{ $initRoot.mountPath }}
+ name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }}
+{{- end -}}
+
+{{- define "common.certInitializer._volumes" -}}
+{{- $dot := default . .dot -}}
+{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
+{{- $subchartDot := mergeOverwrite (fromJson (toJson $dot)) (dict "Chart" (set (fromJson (toJson .Chart)) "Name" $initRoot.nameOverride) "Values" $initRoot) }}
+- name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }}
+ emptyDir:
+ medium: Memory
+- name: aaf-agent-certs
+ configMap:
+ name: {{ include "common.fullname" $subchartDot }}-certs
+ defaultMode: 0700
+
+{{- if $initRoot.aaf_add_config }}
+- name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }}
+ configMap:
+ name: {{ include "common.fullname" $subchartDot }}-add-config
+ defaultMode: 0700
+{{- end -}}
+{{- end -}}
+
+{{- define "common.certInitializer.initContainer" -}}
+{{- $dot := default . .dot -}}
+ {{- if $dot.Values.global.aafEnabled }}
+ {{ include "common.certInitializer._initContainer" . }}
+ {{- end -}}
+{{- end -}}
+
+{{- define "common.certInitializer.volumeMount" -}}
+{{- $dot := default . .dot -}}
+ {{- if $dot.Values.global.aafEnabled }}
+ {{- include "common.certInitializer._volumeMount" . }}
+ {{- end -}}
+{{- end -}}
+
+{{- define "common.certInitializer.volumes" -}}
+{{- $dot := default . .dot -}}
+ {{- if $dot.Values.global.aafEnabled }}
+ {{- include "common.certInitializer._volumes" . }}
+ {{- end -}}
+{{- end -}}
diff --git a/kubernetes/common/certInitializer/templates/configmap.yaml b/kubernetes/common/certInitializer/templates/configmap.yaml
new file mode 100644
index 0000000000..a89a33152b
--- /dev/null
+++ b/kubernetes/common/certInitializer/templates/configmap.yaml
@@ -0,0 +1,32 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ if .Values.aaf_add_config }}
+apiVersion: v1
+kind: ConfigMap
+{{- $suffix := "add-config" }}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
+data:
+ aaf-add-config.sh: |
+ {{ tpl .Values.aaf_add_config . | indent 4 }}
+{{- end }}
+---
+apiVersion: v1
+kind: ConfigMap
+{{- $suffix := "certs" }}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . ) | nindent 2 }}
+data:
+{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/common/certInitializer/templates/secret.yaml b/kubernetes/common/certInitializer/templates/secret.yaml
new file mode 100644
index 0000000000..34932b713d
--- /dev/null
+++ b/kubernetes/common/certInitializer/templates/secret.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}