From 9b00b56b7787992a15df2a11006828ca5a8f7046 Mon Sep 17 00:00:00 2001 From: Remigiusz Janeczek Date: Mon, 26 Apr 2021 14:37:57 +0200 Subject: [DCAEGEN2] Add CMPv2 support to dcaegen2-services Add support for CMPv2 certificates in dcaegen2-services-common template Add CMPv2 certificates to HV-VES and VES charts Issue-ID: DCAEGEN2-2688 Signed-off-by: Remigiusz Janeczek Change-Id: I6ade2c24f240872e78df92ca31b30c779f86e38b --- .../templates/_certificate.tpl | 49 +++++++++++++++++++++- 1 file changed, 48 insertions(+), 1 deletion(-) (limited to 'kubernetes/common') diff --git a/kubernetes/common/certManagerCertificate/templates/_certificate.tpl b/kubernetes/common/certManagerCertificate/templates/_certificate.tpl index 108873b31d..6fc667429e 100644 --- a/kubernetes/common/certManagerCertificate/templates/_certificate.tpl +++ b/kubernetes/common/certManagerCertificate/templates/_certificate.tpl @@ -189,6 +189,8 @@ spec: {{ end }} {{- end -}} +{{/*Using templates below allows read and write access to volume mounted at $mountPath*/}} + {{- define "common.certManager.volumeMounts" -}} {{- $dot := default . .dot -}} {{- $initRoot := default $dot.Values.certManagerCertificate .initRoot -}} @@ -248,4 +250,49 @@ spec: {{- $certsLinkCommand = (printf "ln -s %s %s; %s" $sourcePath $destnationPath $certsLinkCommand) -}} {{- end -}} {{ $certsLinkCommand }} -{{- end -}} \ No newline at end of file +{{- end -}} + +{{/*Using templates below allows only read access to volume mounted at $mountPath*/}} + +{{- define "common.certManager.volumeMountsReadOnly" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.certManagerCertificate .initRoot -}} +{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}} + {{- range $i, $certificate := $dot.Values.certificates -}} + {{- $mountPath := $certificate.mountPath -}} +- mountPath: {{ $mountPath }} + name: certmanager-certs-volume-{{ $i }} + {{- end -}} +{{- end -}} + +{{- define "common.certManager.volumesReadOnly" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.certManagerCertificate .initRoot -}} +{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}} +{{- $certificates := $dot.Values.certificates -}} + {{- range $i, $certificate := $certificates -}} + {{- $name := include "common.fullname" $dot -}} + {{- $certificatesSecretName := default (printf "%s-secret-%d" $name $i) $certificate.secretName -}} +- name: certmanager-certs-volume-{{ $i }} + projected: + sources: + - secret: + name: {{ $certificatesSecretName }} + {{- if $certificate.keystore }} + items: + {{- range $outputType := $certificate.keystore.outputType }} + - key: keystore.{{ $outputType }} + path: keystore.{{ $outputType }} + - key: truststore.{{ $outputType }} + path: truststore.{{ $outputType }} + {{- end }} + - secret: + name: {{ $certificate.keystore.passwordSecretRef.name }} + items: + - key: {{ $certificate.keystore.passwordSecretRef.key }} + path: keystore.pass + - key: {{ $certificate.keystore.passwordSecretRef.key }} + path: truststore.pass + {{- end }} + {{- end -}} +{{- end -}} -- cgit 1.2.3-korg