From d1ca1ee8e3816ca94621f4f9c619ee7c9d52b353 Mon Sep 17 00:00:00 2001 From: Sylvain Desbureaux Date: Tue, 7 Apr 2020 14:52:20 +0200 Subject: [Contrib] Add EJBCA Server EJBCA Server is used to test that CMPv2 Certificate handling is well done in ONAP. Issue-ID: AAF-1083 Signed-off-by: Sylvain Desbureaux Change-Id: I5e2d25b68b5cd80d3c7bf282ce871dd81e711ff6 --- .../components/ejbca/templates/configmap.yaml | 20 +++++ .../components/ejbca/templates/deployment.yaml | 92 ++++++++++++++++++++++ .../contrib/components/ejbca/templates/secret.yaml | 15 ++++ .../components/ejbca/templates/service.yaml | 15 ++++ 4 files changed, 142 insertions(+) create mode 100644 kubernetes/contrib/components/ejbca/templates/configmap.yaml create mode 100644 kubernetes/contrib/components/ejbca/templates/deployment.yaml create mode 100644 kubernetes/contrib/components/ejbca/templates/secret.yaml create mode 100644 kubernetes/contrib/components/ejbca/templates/service.yaml (limited to 'kubernetes/contrib/components/ejbca/templates') diff --git a/kubernetes/contrib/components/ejbca/templates/configmap.yaml b/kubernetes/contrib/components/ejbca/templates/configmap.yaml new file mode 100644 index 0000000000..d336bc9a94 --- /dev/null +++ b/kubernetes/contrib/components/ejbca/templates/configmap.yaml @@ -0,0 +1,20 @@ +# Copyright © 2020, Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: "{{ include "common.fullname" . }}-config-script" +data: +{{ tpl (.Files.Glob "resources/ejbca-config.sh").AsConfig . | indent 2 }} diff --git a/kubernetes/contrib/components/ejbca/templates/deployment.yaml b/kubernetes/contrib/components/ejbca/templates/deployment.yaml new file mode 100644 index 0000000000..c6981e5fc4 --- /dev/null +++ b/kubernetes/contrib/components/ejbca/templates/deployment.yaml @@ -0,0 +1,92 @@ +# Copyright © 2020, Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: {{- include "common.selectors" . | nindent 4 }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: + - name: {{ include "common.name" . }}-db-readiness + command: + - /root/ready.py + args: + - --container-name + {{- if .Values.global.mariadbGalera.localCluster }} + - ejbca-galera + {{- else }} + - ejbca-config + {{- end }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + containers: + - name: {{ include "common.name" . }}-ejbca + image: {{ .Values.ejbca.image }} + imagePullPolicy: {{ .Values.pullPolicy }} + lifecycle: + postStart: + exec: + command: ["/bin/sh", "-c", "/opt/primekey/scripts/ejbca-config.sh"] + volumeMounts: + - name: "{{ include "common.fullname" . }}-volume" + mountPath: /opt/primekey/scripts/ + ports: {{ include "common.containerPorts" . | nindent 10 }} + env: + - name: INITIAL_ADMIN + value: ";PublicAccessAuthenticationToken:TRANSPORT_ANY;" + - name: DATABASE_JDBC_URL + value: jdbc:mariadb://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ .Values.mysqlDatabase }} + - name: DATABASE_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-db-secret" "key" "login") | indent 10 }} + - name: DATABASE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-db-secret" "key" "password") | indent 10 }} + - name: RA_IAK + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-ra-iak" "key" "password") | indent 10 }} + - name: CLIENT_IAK + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-client-iak" "key" "password") | indent 10 }} + livenessProbe: + httpGet: + port: {{ .Values.liveness.port }} + path: {{ .Values.liveness.path }} + scheme: HTTPS + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + readinessProbe: + httpGet: + port: {{ .Values.readiness.port }} + path: {{ .Values.readiness.path }} + scheme: HTTPS + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + {{- if .Values.nodeSelector }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: {{ toYaml .Values.affinity | nindent 10 }} + {{- end }} + volumes: + - configMap: + name: "{{ include "common.fullname" . }}-config-script" + defaultMode: 0755 + name: "{{ include "common.fullname" . }}-volume" diff --git a/kubernetes/contrib/components/ejbca/templates/secret.yaml b/kubernetes/contrib/components/ejbca/templates/secret.yaml new file mode 100644 index 0000000000..ecb51ae4d3 --- /dev/null +++ b/kubernetes/contrib/components/ejbca/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020, Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/contrib/components/ejbca/templates/service.yaml b/kubernetes/contrib/components/ejbca/templates/service.yaml new file mode 100644 index 0000000000..01680ee78e --- /dev/null +++ b/kubernetes/contrib/components/ejbca/templates/service.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020, Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.service" . }} -- cgit 1.2.3-korg