diff options
author | Michal Ptacek <m.ptacek@partner.samsung.com> | 2019-01-29 17:17:12 +0000 |
---|---|---|
committer | Michal Ptacek <m.ptacek@partner.samsung.com> | 2019-02-06 08:24:54 +0000 |
commit | 8056725eb5d1b1099797828d074bfea0f646f494 (patch) | |
tree | 6fe3defae2cc23240187ce5a2b9b559594d07e55 | |
parent | 5a269d2e06be837377364111be9c238979260b78 (diff) |
Extract certificate to cloudify-manager
DCAE bootstraping require that bootstrap/cloudify-manager pods has
to trust our certificate. We are mounting path to this certificate
to respective pod.
Change-Id: Ie2ea796851e6def52d4ec556c9d5b19633e8a743
Issue-ID: OOM-1618
Signed-off-by: Michal Ptacek <m.ptacek@partner.samsung.com>
-rw-r--r-- | patches/casablanca_3.0.0.patch | 29 | ||||
-rw-r--r-- | patches/onap-casablanca-patch-role/tasks/main.yml | 10 |
2 files changed, 39 insertions, 0 deletions
diff --git a/patches/casablanca_3.0.0.patch b/patches/casablanca_3.0.0.patch index 9a3bcabb..1426e915 100644 --- a/patches/casablanca_3.0.0.patch +++ b/patches/casablanca_3.0.0.patch @@ -35,3 +35,32 @@ image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: +--- kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml 2019-01-24 09:55:30.000000000 +0100 ++++ kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml 2019-01-29 18:07:59.057804519 +0100 +@@ -70,6 +70,8 @@ + - mountPath: /etc/localtime + name: localtime + readOnly: true ++ - mountPath: /etc/pki/ca-trust/source/anchors ++ name: root-ca + securityContext: + privileged: True + lifecycle: +@@ -82,6 +84,8 @@ + set -ex + mkdir -p /var/run/secrets/kubernetes.io/ + ln -s /secret /var/run/secrets/kubernetes.io/serviceaccount ++ echo -e '\nREQUESTS_CA_BUNDLE="/etc/ssl/certs/ca-bundle.crt"' >> /etc/sysconfig/cloudify-restservice ++ update-ca-trust extract + volumes: + - name: {{ include "common.fullname" . }}-config + configMap: +@@ -95,5 +99,8 @@ + - name: localtime + hostPath: + path: /etc/localtime ++ - name: root-ca ++ hostPath: ++ path: /etc/pki/ca-trust/source/anchors + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/patches/onap-casablanca-patch-role/tasks/main.yml b/patches/onap-casablanca-patch-role/tasks/main.yml index a7064b16..d3b92e5b 100644 --- a/patches/onap-casablanca-patch-role/tasks/main.yml +++ b/patches/onap-casablanca-patch-role/tasks/main.yml @@ -22,3 +22,13 @@ with_items: - common/dgbuilder/templates/deployment.yaml - sdnc/charts/sdnc-portal/templates/deployment.yaml + +- name: Patch OOM - set cert path for cloudify + lineinfile: + path: "{{ app_helm_charts_infra_directory }}/{{ item }}" + regexp: '^(.*)CERT_PATH' + line: '\g<1>/etc/pki/ca-trust/source/anchors' + backrefs: yes + state: present + with_items: + - dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml |