From 997057f24ed6681094d4a96cb2738a0bcf307ee0 Mon Sep 17 00:00:00 2001
From: Michal Ptacek <m.ptacek@partner.samsung.com>
Date: Fri, 1 Feb 2019 08:37:05 +0000
Subject: Inserting our root certificate into policy pods

This commits introduced another bunch of patches for OOM charts
we need in Casablanca to be able to get our certificate trusted
by policy pods which are collecting maven artifacts from our
nexus during runtime.

Change-Id: I8289b155970e57059bccb5dfe09231e28bf27a32
Issue-ID: OOM-1609
Signed-off-by: Michal Ptacek <m.ptacek@partner.samsung.com>
---
 ansible/roles/application-install/tasks/install.yml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'ansible/roles')

diff --git a/ansible/roles/application-install/tasks/install.yml b/ansible/roles/application-install/tasks/install.yml
index eaa40ce2..ab17aba4 100644
--- a/ansible/roles/application-install/tasks/install.yml
+++ b/ansible/roles/application-install/tasks/install.yml
@@ -38,6 +38,21 @@
   environment:
     PATH: "{{ helm_bin_dir }}:{{ ansible_env.PATH }}"
 
+- name: Register root certificate
+  slurp:
+    src: '/certs/rootCA.crt'
+  register: root_cert
+  delegate_to: localhost
+
+# WA: this is required because deploy plugin dont process params properly
+- name: Create override file with global.cacert
+  copy:
+    dest: "{{ app_data_path}}/override.yaml"
+    content: |
+      global:
+        cacert:
+          {{ root_cert['content'] | b64decode | indent( width=4, indentfirst=False) }}
+
 - name: Check for deploy plugin presence
   stat:
     path: '~/.helm/plugins/deploy/deploy.sh'
@@ -50,3 +65,4 @@
           {{ app_helm_release_name }}
           {{ helm_repository_name }}/{{ app_helm_chart_name }}
           --namespace {{ app_kubernetes_namespace }}
+          -f {{ app_data_path }}/override.yaml
-- 
cgit 1.2.3-korg