From 1d7647e027a74726e2ce0dea3e0c24933a38a9de Mon Sep 17 00:00:00 2001
From: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Date: Mon, 8 Feb 2021 15:29:05 +0100
Subject: [CDS] Retrieve certificates automatically

Today, CDS UI is using an hardcoded certificate, which is not the right
way to do.
This patch is using certInitializer in order to do it automatically.

Issue-ID: CCSDK-3141
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I5f2e564abd15f685df03be130b3969cad867b0b5
---
 kubernetes/cds/components/cds-ui/templates/deployment.yaml | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

(limited to 'kubernetes/cds/components/cds-ui/templates')

diff --git a/kubernetes/cds/components/cds-ui/templates/deployment.yaml b/kubernetes/cds/components/cds-ui/templates/deployment.yaml
index 1c88f56d99..359c713ed4 100644
--- a/kubernetes/cds/components/cds-ui/templates/deployment.yaml
+++ b/kubernetes/cds/components/cds-ui/templates/deployment.yaml
@@ -37,6 +37,9 @@ spec:
         release: {{ include "common.release" . }}
         name: {{ include "common.fullname" . }}
     spec:
+      {{- if .Values.global.aafEnabled }}
+      initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+      {{- end }}
       containers:
         - name: {{ include "common.name" . }}
           image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
@@ -71,12 +74,18 @@ spec:
               value: "{{ .Values.config.api.processor.grpc.port }}"
             - name: API_BLUEPRINT_PROCESSOR_GRPC_AUTH_TOKEN
               value: {{ .Values.config.api.processor.grpc.authToken }}
+            {{- if .Values.global.aafEnabled }}
+            - name: KEYSTORE
+              value: "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12"
+            - name: PASSPHRASE
+              value: "{{ .Values.certInitializer.credsPath }}/mycreds.prop"
+            {{- end }}
           readinessProbe:
             tcpSocket:
               port: {{ .Values.service.internalPort }}
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
-          volumeMounts:
+          volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 12 }}
             - mountPath: /etc/localtime
               name: localtime
               readOnly: true
@@ -90,7 +99,7 @@ spec:
         affinity:
 {{ toYaml .Values.affinity | indent 10 }}
         {{- end }}
-      volumes:
+      volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
         - name: localtime
           hostPath:
             path: /etc/localtime
-- 
cgit 1.2.3-korg