summaryrefslogtreecommitdiffstats
path: root/kubernetes/common/certInitializer/templates
AgeCommit message (Collapse)AuthorFilesLines
2021-05-06Merge "[COMMON][CERTINIT] Generate cert with certInit"Krzysztof Opasiak3-1/+67
2021-05-06[COMMON][CERTS] Allow to provide custom certs easilySylvain Desbureaux1-0/+17
Instead of mandating to provide custom certificates before creation of helm packages, let's propose to include certificates from a known secret or configmap. The current implementation will first search for secret and if not provided will look for configmap. Issue-ID: OOM-2731 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: If2f90adc18efe59c0516db9409964a236bd17a66
2021-05-06[COMMON][CERTINIT] Generate cert with certInitSylvain Desbureaux3-1/+67
Some components are http based but want to be usable from outside world. Instead of dealing with TLS part on the component itself, let's use certInitializer to generate a secret with the certs which will be usable by Ingress Issue-ID: SO-3078 Issue-ID: SO-3237 Issue-ID: CPS-281 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: If166716d159586b1eb94c111e9d3d82a54c2fd6e
2021-03-03[COMMON] Get rid of a few bashismsGuillaume Lambert1-2/+1
The built-in command source is a bashism. Profiles script must be dotted and not sourced when possible. Issue-ID: OOM-2688 OOM-2158 Signed-off-by: Guillaume Lambert <guillaume.lambert@orange.com> Change-Id: Id7cad0d499129fa3b7ea020e906748243b1b3ace
2021-02-27[COMMON][CERTINIT] Fail if cert retrieval failsSylvain Desbureaux2-4/+6
Current script that retrieve certificates can fail but exit code will be 0. We then add a check in the script in order to avoid such issue Issue-ID: OOM-2688 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ib41c66a4de46db8752f68ef35a2bfb67ca575246
2021-01-19[COMMON][CERTS] Use sh to onboard custom certsSylvain Desbureaux1-1/+1
Today, onboarding custom certificates relies on `bash`. But image used for that doesn't have bash. Therefore, we need to use `sh` in order to onboard the certs. Issue-ID: OOM-2666 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ia8087bd9484a013ac76044681059f634a4e45eb8
2020-12-17[COMMON][CertInit] Uses new tpls for repos / imagesSylvain Desbureaux1-2/+2
This commit makes CertInitializer template to use the new generator for repositories and images. Issue-ID: OOM-2364 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I5efa37225bfe05e2c7be7b8d2420ccaeb10afe62
2020-10-26[COMMON] allow multiline config for aaf add configSylvain Desbureaux1-1/+1
Use trim function in order to remove the 4 first spaces that breaks configuration when aaf add config is a multiline (a.k.a uses `|`) YAML entry. Issue-ID: OOM-2611 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Ib53a8a87f896a66ba613d542cfca833804ef1d7a
2020-10-20[COMMON] Move onap truststore to cert-wrapperKrzysztof Opasiak1-9/+0
certInitializer is included multiple times in number of different projects. If it contains the truststore then under if it is not used it increases the size of the chart itself so that it our final ONAP chart does not fit into default 20 Mb chartmuseum limit. Let's resolve this by moving the configmap and its content to the cert-wrapper which is included only once per onap instance. Issue-ID: AAF-1134 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I654d9158e7b776c012653dbef2c8091a393635f0
2020-10-20[COMMON] Make certInitializer share truststore among instancesKrzysztof Opasiak2-1/+3
Truststore is quite heavy. If it is included several times in the component it can easily cross helm chart size limit. To fix this issue let's make sure that the truststore is created only once and then shared among all certInitializer instances. Issue-ID: AAF-1134 Change-Id: I546a88fea3fe869748194682e7dcf3ad566282ab Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-09-12[common] Add application mount path to cert initializerkrishnaa961-1/+1
Add new mount path value in values.yaml to specify app mount path Issue-ID: OPTFRA-803 Signed-off-by: krishnaa96 <krishna.moorthy6@wipro.com> Change-Id: I70771e0ab6ec16f7f4cfadcb8448ecfdfb6e8f4b
2020-08-25[COMMON] Enable importing custom certificates to truststore using ↵Jozsef Csongvai1-2/+72
certInitializer ONAP deployments may require the use of custom certificates. Instead of manually adding certificates to the truststore file, users can now add their .pem certificates under certInitializer/resources and have them imported automatically by an init container. The updated truststore can then be mounted to a component by providing a truststoreMountpath. Issue-ID: OOM-2509 Signed-off-by: Jozsef Csongvai <jozsef.csongvai@bell.ca> Change-Id: I896c729143346738e91fa57f895ba48043b253c1
2020-07-16[COMMON] Use readinessCheck template inside certInitializerKrzysztof Opasiak1-18/+1
Instead of manually creating readiness init container let's use our dedicated template for this. Issue-ID: OOM-2511 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Idb112e864b7899e7a1e76d139c6cc6a94851a090
2020-06-02[common] Make sure that we declare repository in certInitializerKrzysztof Opasiak1-1/+1
Not all components declare repository in the global section which may lead to some error when processing just a single component instead of whole onap. To avoid this let's make sure that cerInitializer sets repository url internally. Issue-ID: OOM-2416 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I4fd2a235b188c7ee09d0173dbaa873141187a077
2020-05-20[COMMON] Templates for readinessSylvain Desbureaux1-2/+1
Create a template in order to have same readiness check everywhere. Issue-ID: OOM-1971 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: If3297184564a8e763110a79ff89eb07dfbc9e630
2020-05-19[COMMON] Fix certInitializer to use proper global valuesKrzysztof Opasiak1-6/+6
One of reasons why certInitializer is a proper chart that you need to put in your requirements.yaml is to avoid copy-pasting the same global values among different charts. As it turned out in tests we've been not "mangling" global values properly while creating $subchartDot. This patch fixes the issue. Issue-ID: AAF-1134 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I630154c4eedd7192ebb1881e5899c8df495d988b
2020-05-14[COMMON] Fix certInitializerKrzysztof Opasiak1-5/+5
By mistage aaf-agent-certs volume was created only if aaf_add_config option was set. This is incorrect as it should be created always. Issue-ID: AAF-1134 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: I6172d2cbb781db4a26e09b7c4c324e985978b31e
2020-05-06[COMMON] Override truststore in aaf_agent imageKrzysztof Opasiak2-1/+19
aaf_agent image currently contains hardcoded truststores in order to be able to connect to certman to retrieve certificate for given component. The goal is to remove hardcoded truststore from aaf_agent immage but first we need to be sure that all its users are able to provide the truststore to the pod as a configmap. Issue-ID: AAF-1134 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ibe9de6ad7264c05aeca2af858918fc2b4d3a772b
2020-05-06[COMMON] Add new template for obtaining certificateKrzysztof Opasiak3-0/+194
Add new template that can be used to obtain certificate by component. Make also a PoC with NBI. Strongly based on aaf-config template. Issue-ID: AAF-1134 Change-Id: I10cb2a7b36a8dc436be337518cc15431aabbbc5d Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>