Age | Commit message (Collapse) | Author | Files | Lines |
|
Today, onboarding custom certificates relies on `bash`. But image used
for that doesn't have bash.
Therefore, we need to use `sh` in order to onboard the certs.
Issue-ID: OOM-2666
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ia8087bd9484a013ac76044681059f634a4e45eb8
|
|
Truststore is quite heavy. If it is included several times in the
component it can easily cross helm chart size limit.
To fix this issue let's make sure that the truststore is created only
once and then shared among all certInitializer instances.
Issue-ID: AAF-1134
Change-Id: I546a88fea3fe869748194682e7dcf3ad566282ab
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|
|
Add new mount path value in values.yaml to
specify app mount path
Issue-ID: OPTFRA-803
Signed-off-by: krishnaa96 <krishna.moorthy6@wipro.com>
Change-Id: I70771e0ab6ec16f7f4cfadcb8448ecfdfb6e8f4b
|
|
certInitializer
ONAP deployments may require the use of custom certificates. Instead of
manually adding certificates to the truststore file, users can now add
their .pem certificates under certInitializer/resources and have them
imported automatically by an init container. The updated truststore can
then be mounted to a component by providing a truststoreMountpath.
Issue-ID: OOM-2509
Signed-off-by: Jozsef Csongvai <jozsef.csongvai@bell.ca>
Change-Id: I896c729143346738e91fa57f895ba48043b253c1
|
|
Instead of manually creating readiness init container let's use our
dedicated template for this.
Issue-ID: OOM-2511
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Idb112e864b7899e7a1e76d139c6cc6a94851a090
|
|
Not all components declare repository in the global section which may
lead to some error when processing just a single component instead of
whole onap. To avoid this let's make sure that cerInitializer sets
repository url internally.
Issue-ID: OOM-2416
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I4fd2a235b188c7ee09d0173dbaa873141187a077
|
|
Create a template in order to have same readiness check everywhere.
Issue-ID: OOM-1971
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: If3297184564a8e763110a79ff89eb07dfbc9e630
|
|
One of reasons why certInitializer is a proper chart that you need to
put in your requirements.yaml is to avoid copy-pasting the same global
values among different charts. As it turned out in tests we've been
not "mangling" global values properly while creating
$subchartDot. This patch fixes the issue.
Issue-ID: AAF-1134
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I630154c4eedd7192ebb1881e5899c8df495d988b
|
|
By mistage aaf-agent-certs volume was created only if aaf_add_config
option was set. This is incorrect as it should be created always.
Issue-ID: AAF-1134
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I6172d2cbb781db4a26e09b7c4c324e985978b31e
|
|
aaf_agent image currently contains hardcoded truststores in order to
be able to connect to certman to retrieve certificate for given
component.
The goal is to remove hardcoded truststore from aaf_agent immage but
first we need to be sure that all its users are able to provide the
truststore to the pod as a configmap.
Issue-ID: AAF-1134
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ibe9de6ad7264c05aeca2af858918fc2b4d3a772b
|
|
Add new template that can be used to obtain certificate by
component. Make also a PoC with NBI.
Strongly based on aaf-config template.
Issue-ID: AAF-1134
Change-Id: I10cb2a7b36a8dc436be337518cc15431aabbbc5d
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
|