summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichal Ptacek <m.ptacek@partner.samsung.com>2019-01-29 17:17:12 +0000
committerMichal Ptacek <m.ptacek@partner.samsung.com>2019-02-06 08:24:54 +0000
commit8056725eb5d1b1099797828d074bfea0f646f494 (patch)
tree6fe3defae2cc23240187ce5a2b9b559594d07e55
parent5a269d2e06be837377364111be9c238979260b78 (diff)
Extract certificate to cloudify-manager
DCAE bootstraping require that bootstrap/cloudify-manager pods has to trust our certificate. We are mounting path to this certificate to respective pod. Change-Id: Ie2ea796851e6def52d4ec556c9d5b19633e8a743 Issue-ID: OOM-1618 Signed-off-by: Michal Ptacek <m.ptacek@partner.samsung.com>
-rw-r--r--patches/casablanca_3.0.0.patch29
-rw-r--r--patches/onap-casablanca-patch-role/tasks/main.yml10
2 files changed, 39 insertions, 0 deletions
diff --git a/patches/casablanca_3.0.0.patch b/patches/casablanca_3.0.0.patch
index 9a3bcabb..1426e915 100644
--- a/patches/casablanca_3.0.0.patch
+++ b/patches/casablanca_3.0.0.patch
@@ -35,3 +35,32 @@
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
+--- kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml 2019-01-24 09:55:30.000000000 +0100
++++ kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml 2019-01-29 18:07:59.057804519 +0100
+@@ -70,6 +70,8 @@
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
++ - mountPath: /etc/pki/ca-trust/source/anchors
++ name: root-ca
+ securityContext:
+ privileged: True
+ lifecycle:
+@@ -82,6 +84,8 @@
+ set -ex
+ mkdir -p /var/run/secrets/kubernetes.io/
+ ln -s /secret /var/run/secrets/kubernetes.io/serviceaccount
++ echo -e '\nREQUESTS_CA_BUNDLE="/etc/ssl/certs/ca-bundle.crt"' >> /etc/sysconfig/cloudify-restservice
++ update-ca-trust extract
+ volumes:
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+@@ -95,5 +99,8 @@
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
++ - name: root-ca
++ hostPath:
++ path: /etc/pki/ca-trust/source/anchors
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/patches/onap-casablanca-patch-role/tasks/main.yml b/patches/onap-casablanca-patch-role/tasks/main.yml
index a7064b16..d3b92e5b 100644
--- a/patches/onap-casablanca-patch-role/tasks/main.yml
+++ b/patches/onap-casablanca-patch-role/tasks/main.yml
@@ -22,3 +22,13 @@
with_items:
- common/dgbuilder/templates/deployment.yaml
- sdnc/charts/sdnc-portal/templates/deployment.yaml
+
+- name: Patch OOM - set cert path for cloudify
+ lineinfile:
+ path: "{{ app_helm_charts_infra_directory }}/{{ item }}"
+ regexp: '^(.*)CERT_PATH'
+ line: '\g<1>/etc/pki/ca-trust/source/anchors'
+ backrefs: yes
+ state: present
+ with_items:
+ - dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml