summaryrefslogtreecommitdiffstats
path: root/kubernetes/common/certInitializer/templates/_certInitializer.yaml
AgeCommit message (Collapse)AuthorFilesLines
2022-03-03[DMAAP] Add pod security context to MR and othersrope2521-0/+2
Add security context to pods within DMAAP Change-Id: I86f7bd79e77dec33879f4ee3b599799705d40a24 Issue-ID: OOM-2913 Signed-off-by: rope252 <gareth.roper@est.tech>
2021-12-15Merge "[COMMON] Make our common charts compatible with helm 3.7+"Sylvain Desbureaux1-1/+1
2021-12-14[COMMON] Make our common charts compatible with helm 3.7+Krzysztof Opasiak1-1/+1
Helm 3.7.0 introduced a new .Chart variable named IsRoot. In the same time they refactored the representation of .Chart and it no longer is a dictionary but a structure which confuses mergeOverride. In order to keep our tricks working we need to skip .Chart while doing a deepCopy of our current context. Issue-ID: OOM-1 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I230e2ba460ddf09377d8de6c1366d4fd82f764cd
2021-12-09[COMMON] Make namespace configurablexuegao1-3/+10
Make the namespace parameter configurable for CertInitializer and ReadinessCheck Chart Issue-ID: OOM-2888 Signed-off-by: xuegao <xue.gao@intl.att.com> Change-Id: I5bb4e86be935921af1d852d6d7666fb5c8eaf725
2021-09-05[OOM] Update Linux SSL Truststore /etc/sslAbdelmuhaimen Seaudi1-0/+3
Add update for /etc/ssl/cacerts/ca-certificates.crt Issue-ID: CCSDK-3356 Change-Id: I797aea054bb80db805f4791a288e89b102e1d662 Signed-off-by: Abdelmuhaimen Seaudi <abdelmuhaimen.seaudi@orange.com>
2021-05-06Merge "[COMMON][CERTINIT] Generate cert with certInit"Krzysztof Opasiak1-0/+9
2021-05-06[COMMON][CERTS] Allow to provide custom certs easilySylvain Desbureaux1-0/+17
Instead of mandating to provide custom certificates before creation of helm packages, let's propose to include certificates from a known secret or configmap. The current implementation will first search for secret and if not provided will look for configmap. Issue-ID: OOM-2731 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: If2f90adc18efe59c0516db9409964a236bd17a66
2021-05-06[COMMON][CERTINIT] Generate cert with certInitSylvain Desbureaux1-0/+9
Some components are http based but want to be usable from outside world. Instead of dealing with TLS part on the component itself, let's use certInitializer to generate a secret with the certs which will be usable by Ingress Issue-ID: SO-3078 Issue-ID: SO-3237 Issue-ID: CPS-281 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: If166716d159586b1eb94c111e9d3d82a54c2fd6e
2021-03-03[COMMON] Get rid of a few bashismsGuillaume Lambert1-2/+1
The built-in command source is a bashism. Profiles script must be dotted and not sourced when possible. Issue-ID: OOM-2688 OOM-2158 Signed-off-by: Guillaume Lambert <guillaume.lambert@orange.com> Change-Id: Id7cad0d499129fa3b7ea020e906748243b1b3ace
2021-02-27[COMMON][CERTINIT] Fail if cert retrieval failsSylvain Desbureaux1-3/+4
Current script that retrieve certificates can fail but exit code will be 0. We then add a check in the script in order to avoid such issue Issue-ID: OOM-2688 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ib41c66a4de46db8752f68ef35a2bfb67ca575246
2021-01-19[COMMON][CERTS] Use sh to onboard custom certsSylvain Desbureaux1-1/+1
Today, onboarding custom certificates relies on `bash`. But image used for that doesn't have bash. Therefore, we need to use `sh` in order to onboard the certs. Issue-ID: OOM-2666 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ia8087bd9484a013ac76044681059f634a4e45eb8
2020-12-17[COMMON][CertInit] Uses new tpls for repos / imagesSylvain Desbureaux1-2/+2
This commit makes CertInitializer template to use the new generator for repositories and images. Issue-ID: OOM-2364 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I5efa37225bfe05e2c7be7b8d2420ccaeb10afe62
2020-10-20[COMMON] Make certInitializer share truststore among instancesKrzysztof Opasiak1-1/+1
Truststore is quite heavy. If it is included several times in the component it can easily cross helm chart size limit. To fix this issue let's make sure that the truststore is created only once and then shared among all certInitializer instances. Issue-ID: AAF-1134 Change-Id: I546a88fea3fe869748194682e7dcf3ad566282ab Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-09-12[common] Add application mount path to cert initializerkrishnaa961-1/+1
Add new mount path value in values.yaml to specify app mount path Issue-ID: OPTFRA-803 Signed-off-by: krishnaa96 <krishna.moorthy6@wipro.com> Change-Id: I70771e0ab6ec16f7f4cfadcb8448ecfdfb6e8f4b
2020-08-25[COMMON] Enable importing custom certificates to truststore using ↵Jozsef Csongvai1-2/+72
certInitializer ONAP deployments may require the use of custom certificates. Instead of manually adding certificates to the truststore file, users can now add their .pem certificates under certInitializer/resources and have them imported automatically by an init container. The updated truststore can then be mounted to a component by providing a truststoreMountpath. Issue-ID: OOM-2509 Signed-off-by: Jozsef Csongvai <jozsef.csongvai@bell.ca> Change-Id: I896c729143346738e91fa57f895ba48043b253c1
2020-07-16[COMMON] Use readinessCheck template inside certInitializerKrzysztof Opasiak1-18/+1
Instead of manually creating readiness init container let's use our dedicated template for this. Issue-ID: OOM-2511 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Idb112e864b7899e7a1e76d139c6cc6a94851a090
2020-06-02[common] Make sure that we declare repository in certInitializerKrzysztof Opasiak1-1/+1
Not all components declare repository in the global section which may lead to some error when processing just a single component instead of whole onap. To avoid this let's make sure that cerInitializer sets repository url internally. Issue-ID: OOM-2416 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I4fd2a235b188c7ee09d0173dbaa873141187a077
2020-05-20[COMMON] Templates for readinessSylvain Desbureaux1-2/+1
Create a template in order to have same readiness check everywhere. Issue-ID: OOM-1971 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: If3297184564a8e763110a79ff89eb07dfbc9e630
2020-05-19[COMMON] Fix certInitializer to use proper global valuesKrzysztof Opasiak1-6/+6
One of reasons why certInitializer is a proper chart that you need to put in your requirements.yaml is to avoid copy-pasting the same global values among different charts. As it turned out in tests we've been not "mangling" global values properly while creating $subchartDot. This patch fixes the issue. Issue-ID: AAF-1134 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I630154c4eedd7192ebb1881e5899c8df495d988b
2020-05-14[COMMON] Fix certInitializerKrzysztof Opasiak1-5/+5
By mistage aaf-agent-certs volume was created only if aaf_add_config option was set. This is incorrect as it should be created always. Issue-ID: AAF-1134 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I6172d2cbb781db4a26e09b7c4c324e985978b31e
2020-05-06[COMMON] Override truststore in aaf_agent imageKrzysztof Opasiak1-0/+11
aaf_agent image currently contains hardcoded truststores in order to be able to connect to certman to retrieve certificate for given component. The goal is to remove hardcoded truststore from aaf_agent immage but first we need to be sure that all its users are able to provide the truststore to the pod as a configmap. Issue-ID: AAF-1134 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ibe9de6ad7264c05aeca2af858918fc2b4d3a772b
2020-05-06[COMMON] Add new template for obtaining certificateKrzysztof Opasiak1-0/+152
Add new template that can be used to obtain certificate by component. Make also a PoC with NBI. Strongly based on aaf-config template. Issue-ID: AAF-1134 Change-Id: I10cb2a7b36a8dc436be337518cc15431aabbbc5d Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>