From b02ece8cc20c610c82fbb09dd0e54e58ce22c93e Mon Sep 17 00:00:00 2001 From: Andreas Geissler Date: Wed, 17 May 2023 16:55:06 +0200 Subject: [COMMON] Remove not supported components Remove the following component charts: - AAF - CONSUL - CONTRIB - PORTAL - LOG - SNIRO-EMULATOR correct the helm deploy plugin Issue-ID: OOM-3074 Signed-off-by: Andreas Geissler Change-Id: I93cd32d9a9dabbc4cdeda63d8c7b669a79cdea8a --- kubernetes/contrib/components/ejbca/Chart.yaml | 42 - .../certprofile_CUSTOM_ENDUSER-1834889499.xml | 595 ----------- .../components/ejbca/resources/ejbca-config.sh | 58 - .../entityprofile_Custom_EndEntity-1356531849.xml | 1107 -------------------- .../components/ejbca/templates/configmap.yaml | 30 - .../components/ejbca/templates/deployment.yaml | 120 --- .../contrib/components/ejbca/templates/secret.yaml | 17 - .../components/ejbca/templates/service.yaml | 17 - kubernetes/contrib/components/ejbca/values.yaml | 135 --- 9 files changed, 2121 deletions(-) delete mode 100644 kubernetes/contrib/components/ejbca/Chart.yaml delete mode 100644 kubernetes/contrib/components/ejbca/resources/certprofile_CUSTOM_ENDUSER-1834889499.xml delete mode 100755 kubernetes/contrib/components/ejbca/resources/ejbca-config.sh delete mode 100644 kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml delete mode 100644 kubernetes/contrib/components/ejbca/templates/configmap.yaml delete mode 100644 kubernetes/contrib/components/ejbca/templates/deployment.yaml delete mode 100644 kubernetes/contrib/components/ejbca/templates/secret.yaml delete mode 100644 kubernetes/contrib/components/ejbca/templates/service.yaml delete mode 100644 kubernetes/contrib/components/ejbca/values.yaml (limited to 'kubernetes/contrib/components/ejbca') diff --git a/kubernetes/contrib/components/ejbca/Chart.yaml b/kubernetes/contrib/components/ejbca/Chart.yaml deleted file mode 100644 index 5c7ec253ed..0000000000 --- a/kubernetes/contrib/components/ejbca/Chart.yaml +++ /dev/null @@ -1,42 +0,0 @@ -# Copyright © 2020 Nokia -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v2 -description: ONAP EJBCA test server -name: ejbca -version: 12.0.0 - -dependencies: - - name: common - version: ~12.x-0 - repository: '@local' - - name: mariadb-galera - version: ~12.x-0 - repository: '@local' - condition: global.mariadbGalera.localCluster - - name: mariadb-init - version: ~12.x-0 - repository: '@local' - condition: global.mariadbGalera.globalCluster - - name: repositoryGenerator - version: ~12.x-0 - repository: '@local' - - name: cmpv2Config - version: ~12.x-0 - repository: '@local' - - name: serviceAccount - version: ~12.x-0 - repository: '@local' \ No newline at end of file diff --git a/kubernetes/contrib/components/ejbca/resources/certprofile_CUSTOM_ENDUSER-1834889499.xml b/kubernetes/contrib/components/ejbca/resources/certprofile_CUSTOM_ENDUSER-1834889499.xml deleted file mode 100644 index e163aed82a..0000000000 --- a/kubernetes/contrib/components/ejbca/resources/certprofile_CUSTOM_ENDUSER-1834889499.xml +++ /dev/null @@ -1,595 +0,0 @@ - - - - - version - 46.0 - - - type - 1 - - - certversion - X509v3 - - - encodedvalidity - 2y - - - usecertificatevalidityoffset - false - - - certificatevalidityoffset - -10m - - - useexpirationrestrictionforweekdays - false - - - expirationrestrictionforweekdaysbefore - true - - - expirationrestrictionweekdays - - - true - - - true - - - false - - - false - - - false - - - true - - - true - - - - - allowvalidityoverride - false - - - allowextensionoverride - false - - - allowdnoverride - false - - - allowdnoverridebyeei - false - - - allowbackdatedrevokation - false - - - usecertificatestorage - true - - - storecertificatedata - true - - - storesubjectaltname - true - - - usebasicconstrants - true - - - basicconstraintscritical - true - - - usesubjectkeyidentifier - true - - - subjectkeyidentifiercritical - false - - - useauthoritykeyidentifier - true - - - authoritykeyidentifiercritical - false - - - usesubjectalternativename - true - - - subjectalternativenamecritical - false - - - useissueralternativename - true - - - issueralternativenamecritical - false - - - usecrldistributionpoint - false - - - usedefaultcrldistributionpoint - false - - - crldistributionpointcritical - false - - - crldistributionpointuri - - - - usefreshestcrl - false - - - usecadefinedfreshestcrl - false - - - freshestcrluri - - - - crlissuer - - - - usecertificatepolicies - false - - - certificatepoliciescritical - false - - - certificatepolicies - - - - availablekeyalgorithms - - - DSA - - - ECDSA - - - RSA - - - - - availableeccurves - - - ANY_EC_CURVE - - - - - availablebitlengths - - - 0 - - - 192 - - - 224 - - - 239 - - - 256 - - - 384 - - - 512 - - - 521 - - - 1024 - - - 1536 - - - 2048 - - - 3072 - - - 4096 - - - 6144 - - - 8192 - - - - - minimumavailablebitlength - 0 - - - maximumavailablebitlength - 8192 - - - signaturealgorithm - - - - usekeyusage - true - - - keyusage - - - true - - - true - - - true - - - false - - - false - - - false - - - false - - - false - - - false - - - - - allowkeyusageoverride - false - - - keyusagecritical - true - - - useextendedkeyusage - true - - - extendedkeyusage - - - 1.3.6.1.5.5.7.3.2 - - - 1.3.6.1.5.5.7.3.4 - - - 1.3.6.1.5.5.7.3.1 - - - - - extendedkeyusagecritical - false - - - usedocumenttypelist - false - - - documenttypelistcritical - false - - - documenttypelist - - - - availablecas - - - -1 - - - - - usedpublishers - - - - useocspnocheck - false - - - useldapdnorder - true - - - usecustomdnorder - false - - - usemicrosofttemplate - false - - - microsofttemplate - - - - usecardnumber - false - - - usecnpostfix - false - - - cnpostfix - - - - usesubjectdnsubset - false - - - subjectdnsubset - - - - usesubjectaltnamesubset - false - - - subjectaltnamesubset - - - - usepathlengthconstraint - false - - - pathlengthconstraint - 0 - - - useqcstatement - false - - - usepkixqcsyntaxv2 - false - - - useqcstatementcritical - false - - - useqcstatementraname - - - - useqcsematicsid - - - - useqcetsiqccompliance - false - - - useqcetsisignaturedevice - false - - - useqcetsivaluelimit - false - - - qcetsivaluelimit - 0 - - - qcetsivaluelimitexp - 0 - - - qcetsivaluelimitcurrency - - - - useqcetsiretentionperiod - false - - - qcetsiretentionperiod - 0 - - - useqccustomstring - false - - - qccustomstringoid - - - - qccustomstringtext - - - - qcetsipds - - - - qcetsitype - - - - usecertificatetransparencyincerts - false - - - usecertificatetransparencyinocsp - false - - - usecertificatetransparencyinpublisher - false - - - usesubjectdirattributes - false - - - usenameconstraints - false - - - useauthorityinformationaccess - false - - - caissuers - - - - usedefaultcaissuer - false - - - usedefaultocspservicelocator - false - - - ocspservicelocatoruri - - - - cvcaccessrights - 3 - - - usedcertificateextensions - - - - approvals - - - - org.cesecore.certificates.ca.ApprovalRequestType - REVOCATION - - -1 - - - - org.cesecore.certificates.ca.ApprovalRequestType - KEYRECOVER - - -1 - - - - org.cesecore.certificates.ca.ApprovalRequestType - ADDEDITENDENTITY - - -1 - - - - - useprivkeyusageperiodnotbefore - false - - - useprivkeyusageperiod - false - - - useprivkeyusageperiodnotafter - false - - - privkeyusageperiodstartoffset - 0 - - - privkeyusageperiodlength - 63072000 - - - usesingleactivecertificateconstraint - false - - - overridableextensionoids - - - - nonoverridableextensionoids - - - - allowcertsnoverride - false - - - usecustomdnorderldap - false - - - diff --git a/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh b/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh deleted file mode 100755 index a538238151..0000000000 --- a/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh +++ /dev/null @@ -1,58 +0,0 @@ -#!/bin/sh - -waitForEjbcaToStart() { - until $(curl -kI https://localhost:8443/ejbca/publicweb/healthcheck/ejbcahealth --output /dev/null --silent --head --fail) - do - sleep 5 - done -} - -configureEjbca() { - ejbca.sh ca init \ - --caname ManagementCA \ - --dn "O=EJBCA Container Quickstart,CN=ManagementCA,UID=12345" \ - --tokenType soft \ - --keyspec 3072 \ - --keytype RSA \ - -v 3652 \ - --policy null \ - -s SHA256WithRSA \ - -type "x509" - ejbca.sh config cmp addalias --alias cmpRA - ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra - ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value ${RA_IAK} - ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value signature - ejbca.sh config cmp updatealias --alias cmpRA --key authenticationmodule --value 'HMAC;EndEntityCertificate' - ejbca.sh config cmp updatealias --alias cmpRA --key authenticationparameters --value '-;ManagementCA' - ejbca.sh config cmp updatealias --alias cmpRA --key allowautomatickeyupdate --value true - #Custom EJBCA cert profile and endentity are imported to allow issuing certificates with correct extended usage (containing serverAuth) - ejbca.sh ca importprofiles -d /opt/primekey/custom_profiles - #Profile name taken from certprofile filename (certprofile_-.xml) - ejbca.sh config cmp updatealias --alias cmpRA --key ra.certificateprofile --value CUSTOM_ENDUSER - #ID taken from entityprofile filename (entityprofile_-.xml) - ejbca.sh config cmp updatealias --alias cmpRA --key ra.endentityprofileid --value 1356531849 - caSubject=$(ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout | grep 'Subject' | sed -e "s/^Subject: //" | sed -n '1p') - ejbca.sh config cmp updatealias --alias cmpRA --key defaultca --value "$caSubject" - ejbca.sh config cmp dumpalias --alias cmpRA - ejbca.sh config cmp addalias --alias cmp - ejbca.sh config cmp updatealias --alias cmp --key allowautomatickeyupdate --value true - ejbca.sh config cmp updatealias --alias cmp --key responseprotection --value pbe - ejbca.sh ra addendentity --username Node123 --dn "CN=Node123" --caname ManagementCA --password ${CLIENT_IAK} --type 1 --token USERGENERATED - ejbca.sh ra setclearpwd --username Node123 --password ${CLIENT_IAK} - ejbca.sh config cmp updatealias --alias cmp --key extractusernamecomponent --value CN - ejbca.sh config cmp dumpalias --alias cmp - ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout > cacert.pem - #Add "Certificate Update Admin" role to allow performing KUR/CR for certs within specific organization (e.g. Linux-Foundation) - ejbca.sh roles addrole "Certificate Update Admin" - ejbca.sh roles changerule "Certificate Update Admin" /ca/ManagementCA/ ACCEPT - ejbca.sh roles changerule "Certificate Update Admin" /ca_functionality/create_certificate/ ACCEPT - ejbca.sh roles changerule "Certificate Update Admin" /endentityprofilesrules/Custom_EndEntity/ ACCEPT - ejbca.sh roles changerule "Certificate Update Admin" /ra_functionality/edit_end_entity/ ACCEPT - ejbca.sh roles addrolemember "Certificate Update Admin" ManagementCA WITH_ORGANIZATION --value "{{ .Values.cmpv2Config.global.certificate.default.subject.organization }}" - # workarround to exit successfully, as a reexecution of "addrolemember" returns an error - exit 0 -} - - -waitForEjbcaToStart -configureEjbca diff --git a/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml b/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml deleted file mode 100644 index ec51a80d5e..0000000000 --- a/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml +++ /dev/null @@ -1,1107 +0,0 @@ - - - - - version - 14.0 - - - NUMBERARRAY - - - 1 - - - 1 - - - 0 - - - 0 - - - 0 - - - 1 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 1 - - - 1 - - - 1 - - - 1 - - - 0 - - - 1 - - - 3 - - - 3 - - - 3 - - - 0 - - - 3 - - - 0 - - - 0 - - - 0 - - - 0 - - - 1 - - - 0 - - - 0 - - - 1 - - - 1 - - - 1 - - - 1 - - - 1 - - - 1 - - - 0 - - - 0 - - - 1 - - - 1 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 0 - - - 1 - - - 1 - - - 0 - - - 1 - - - 0 - - - 1 - - - 1 - - - 1 - - - 1 - - - 1 - - - 1 - - - 1 - - - 0 - - - 0 - - - 0 - - - - - SUBJECTDNFIELDORDER - - - 500 - - - 1100 - - - 1200 - - - 1300 - - - 1400 - - - 1600 - - - - - SUBJECTALTNAMEFIELDORDER - - - 1800 - - - 1801 - - - 1802 - - - 1700 - - - 1701 - - - 1702 - - - 1900 - - - 1901 - - - 1902 - - - 2100 - - - 2101 - - - 2102 - - - - - SUBJECTDIRATTRFIELDORDER - - - - 0 - - - - 20000 - true - - - 10000 - true - - - 30000 - true - - - 1 - - - - 20001 - true - - - 10001 - true - - - 30001 - true - - - 95 - - - - 20095 - false - - - 10095 - true - - - 30095 - true - - - 96 - - - - 20096 - false - - - 10096 - true - - - 30096 - true - - - 5 - - - - 20005 - true - - - 10005 - true - - - 30005 - true - - - 26 - - - - 20026 - false - - - 10026 - true - - - 30026 - true - - - 29 - 1834889499 - - - 20029 - true - - - 10029 - true - - - 30029 - true - - - 30 - 1834889499 - - - 20030 - true - - - 10030 - true - - - 30030 - true - - - 31 - 1 - - - 20031 - true - - - 10031 - true - - - 30031 - true - - - 32 - 1;2;3;4 - - - 20032 - true - - - 10032 - true - - - 30032 - true - - - 33 - - - - 20033 - true - - - 10033 - true - - - 30033 - true - - - 34 - - - - 20034 - true - - - 10034 - false - - - 30034 - true - - - 38 - 1 - - - 20038 - true - - - 10038 - true - - - 30038 - true - - - 37 - -29939301 - - - 20037 - true - - - 10037 - true - - - 30037 - true - - - 98 - - - - 20098 - false - - - 10098 - false - - - 30098 - true - - - 99 - - - - 20099 - false - - - 10099 - false - - - 30099 - true - - - 97 - - - - 20097 - false - - - 10097 - false - - - 30097 - true - - - 91 - false - - - 20091 - false - - - 10091 - false - - - 30091 - true - - - 94 - -1 - - - 20094 - true - - - 10094 - false - - - 30094 - false - - - 93 - -1 - - - 20093 - false - - - 10093 - false - - - 30093 - false - - - 89 - - - - 20089 - false - - - 10089 - false - - - 30089 - true - - - 88 - - - - 20088 - false - - - 10088 - false - - - 30088 - true - - - ALLOW_MERGEDN_WEBSERVICES - false - - - 2 - - - - 20002 - false - - - 10002 - false - - - 10090 - true - - - 90 - 0 - - - REVERSEFFIELDCHECKS - false - - - 28 - false - - - 20028 - false - - - 10028 - false - - - REUSECERTIFICATE - false - - - 35 - false - - - 20035 - false - - - 10035 - false - - - 10092 - false - - - USEEXTENSIONDATA - false - - - PRINTINGUSE - false - - - PRINTINGDEFAULT - false - - - PRINTINGREQUIRED - false - - - PRINTINGCOPIES - 1 - - - PRINTINGPRINTERNAME - - - - PRINTINGSVGDATA - - - - PRINTINGSVGFILENAME - - - - 11 - - - - 20011 - false - - - 10011 - true - - - 30011 - true - - - 12 - - - - 20012 - true - - - 10012 - true - - - 30012 - true - - - 13 - - - - 20013 - false - - - 10013 - true - - - 30013 - true - - - 14 - - - - 20014 - true - - - 10014 - true - - - 30014 - true - - - 16 - - - - 20016 - true - - - 10016 - true - - - 30016 - true - - - 18 - - - - 20018 - false - - - 10018 - true - - - 30018 - true - - - 118 - - - - 20118 - false - - - 10118 - true - - - 30118 - true - - - 218 - - - - 20218 - false - - - 10218 - true - - - 30218 - true - - - 17 - - - - 20017 - false - - - 10017 - false - - - 30017 - true - - - 117 - - - - 20117 - false - - - 10117 - false - - - 30117 - true - - - 217 - - - - 20217 - false - - - 10217 - false - - - 30217 - true - - - 19 - - - - 20019 - false - - - 10019 - true - - - 30019 - true - - - 119 - - - - 20119 - false - - - 10119 - true - - - 30119 - true - - - 219 - - - - 20219 - false - - - 10219 - true - - - 30219 - true - - - 21 - - - - 20021 - false - - - 10021 - true - - - 30021 - true - - - 121 - - - - 20121 - false - - - 10121 - true - - - 30121 - true - - - 221 - - - - 20221 - false - - - 10221 - true - - - 30221 - true - - - diff --git a/kubernetes/contrib/components/ejbca/templates/configmap.yaml b/kubernetes/contrib/components/ejbca/templates/configmap.yaml deleted file mode 100644 index 093657dfe0..0000000000 --- a/kubernetes/contrib/components/ejbca/templates/configmap.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{/* -# Copyright © 2020, Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ include "common.fullname" . }}-config-script" -data: -{{ tpl (.Files.Glob "resources/ejbca-config.sh").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: "{{ include "common.fullname" . }}-profiles" -data: -{{ tpl (.Files.Glob "resources/certprofile_CUSTOM_ENDUSER-1834889499.xml").AsConfig . | indent 2 }} -{{ tpl (.Files.Glob "resources/entityprofile_Custom_EndEntity-1356531849.xml").AsConfig . | indent 2 }} diff --git a/kubernetes/contrib/components/ejbca/templates/deployment.yaml b/kubernetes/contrib/components/ejbca/templates/deployment.yaml deleted file mode 100644 index a36dcacb23..0000000000 --- a/kubernetes/contrib/components/ejbca/templates/deployment.yaml +++ /dev/null @@ -1,120 +0,0 @@ -{{/* -# Copyright © 2020, Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -spec: - replicas: {{ .Values.replicaCount }} - selector: {{- include "common.selectors" . | nindent 4 }} - template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} - {{- if (include "common.onServiceMesh" . ) }} - annotations: - {{- if eq ( .Values.global.serviceMesh.engine ) "linkerd" }} - linkerd.io/inject: disabled - {{- end }} - {{- if eq ( .Values.global.serviceMesh.engine ) "istio" }} - sidecar.istio.io/rewriteAppHTTPProbers: "false" - proxy.istio.io/config: '{ "holdApplicationUntilProxyStarts": true }' - {{- end }} - {{- end }} - spec: - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" - initContainers: - - name: {{ include "common.name" . }}-db-readiness - command: - - /app/ready.py - args: - - --container-name - {{- if .Values.global.mariadbGalera.localCluster }} - - ejbca-galera - {{- else }} - - ejbca-config - {{- end }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - containers: - - name: {{ include "common.name" . }}-ejbca - image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.ejbca.image }} - imagePullPolicy: {{ .Values.pullPolicy }} - lifecycle: - postStart: - exec: - command: - - sh - - -c - - | - sleep 60; /opt/primekey/scripts/ejbca-config.sh - volumeMounts: - - name: "{{ include "common.fullname" . }}-volume" - mountPath: /opt/primekey/scripts/ - - name: "{{ include "common.fullname" . }}-profiles-volume" - mountPath: /opt/primekey/custom_profiles/ - ports: {{ include "common.containerPorts" . | nindent 10 }} - env: - - name: INITIAL_ADMIN - value: ";PublicAccessAuthenticationToken:TRANSPORT_ANY;" - - name: NO_CREATE_CA - value: "true" - - name: DATABASE_JDBC_URL - value: jdbc:mariadb://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ .Values.mysqlDatabase }} - - name: DATABASE_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-db-secret" "key" "login") | indent 10 }} - - name: DATABASE_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-db-secret" "key" "password") | indent 10 }} - - name: RA_IAK - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-ra-iak" "key" "password") | indent 10 }} - - name: CLIENT_IAK - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-client-iak" "key" "password") | indent 10 }} - livenessProbe: - httpGet: - port: {{ .Values.liveness.port }} - path: {{ .Values.liveness.path }} - scheme: HTTPS - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - readinessProbe: - httpGet: - port: {{ .Values.readiness.port }} - path: {{ .Values.readiness.path }} - scheme: HTTPS - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - {{- if .Values.nodeSelector }} - nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: {{ toYaml .Values.affinity | nindent 10 }} - {{- end }} - resources: {{ include "common.resources" . | nindent 10 }} - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: - - configMap: - name: "{{ include "common.fullname" . }}-config-script" - defaultMode: 0755 - name: "{{ include "common.fullname" . }}-volume" - - configMap: - name: "{{ include "common.fullname" . }}-profiles" - defaultMode: 0755 - name: "{{ include "common.fullname" . }}-profiles-volume" diff --git a/kubernetes/contrib/components/ejbca/templates/secret.yaml b/kubernetes/contrib/components/ejbca/templates/secret.yaml deleted file mode 100644 index 837da0959b..0000000000 --- a/kubernetes/contrib/components/ejbca/templates/secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright © 2020, Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.secretFast" . }} diff --git a/kubernetes/contrib/components/ejbca/templates/service.yaml b/kubernetes/contrib/components/ejbca/templates/service.yaml deleted file mode 100644 index 46eed4264c..0000000000 --- a/kubernetes/contrib/components/ejbca/templates/service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright © 2020, Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.service" . }} diff --git a/kubernetes/contrib/components/ejbca/values.yaml b/kubernetes/contrib/components/ejbca/values.yaml deleted file mode 100644 index c223f41f79..0000000000 --- a/kubernetes/contrib/components/ejbca/values.yaml +++ /dev/null @@ -1,135 +0,0 @@ -# Copyright © 2020, Nordix Foundation, Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -global: - mariadbGalera: &mariadbGalera - #This flag allows SO to instantiate its own mariadb-galera cluster - #When changing it to "true", also set "globalCluster: false" - #as the dependency check will not work otherwise (Chart.yaml) - localCluster: false - globalCluster: true - service: mariadb-galera - internalPort: 3306 - nameOverride: mariadb-galera - -secrets: - - uid: ejbca-db-secret - name: &ejbca-db-secret '{{ include "common.release" . }}-ejbca-db-secret' - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' - login: '{{ .Values.config.db.userName }}' - password: '{{ .Values.config.db.userPassword }}' - - uid: ejbca-server-ra-iak - name: '{{ include "common.release" . }}-ejbca-ra-iak' - type: password - password: '{{ .Values.config.ejbca.raIak }}' - - uid: ejbca-server-client-iak - name: '{{ include "common.release" . }}-ejbca-client-iak' - type: password - password: '{{ .Values.config.ejbca.clientIak }}' - -# application configuration -config: - db: - userName: ejbca - # userPassword: password - # userCredentialsExternalSecret: some-secret - ejbca: {} - # raIak: mypassword - # clientIak: mypassword - -mysqlDatabase: &dbName ejbca - -################################################################# -# Application configuration defaults. -################################################################# -# application configuration -replicaCount: 1 - -ejbca: - image: primekey/ejbca-ce:7.4.3.2 -pullPolicy: Always - -mariadb-galera: - db: - externalSecret: *ejbca-db-secret - name: *dbName - nameOverride: &ejbca-galera ejbca-galera - service: - name: ejbca-galera - portName: ejbca-galera - internalPort: 3306 - replicaCount: 1 - persistence: - enabled: true - mountSubPath: ejbca/maria/data - serviceAccount: - nameOverride: *ejbca-galera - -mariadb-init: - config: - userCredentialsExternalSecret: *ejbca-db-secret - mysqlDatabase: *dbName - nameOverride: ejbca-config - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - path: /ejbca/publicweb/healthcheck/ejbcahealth - port: 8443 - initialDelaySeconds: 180 - periodSeconds: 30 - -readiness: - path: /ejbca/publicweb/healthcheck/ejbcahealth - port: 8443 - initialDelaySeconds: 180 - periodSeconds: 30 - -service: - type: ClusterIP - both_tls_and_plain: true - ports: - - name: api - port: 8443 - plain_port: 8080 - port_protocol: http - -# Resource Limit flavor -By Default using small -flavor: unlimited -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: 1500m - memory: 1536Mi - requests: - cpu: 10m - memory: 750Mi - large: - limits: - cpu: 2 - memory: 2Gi - requests: - cpu: 20m - memory: 1Gi - unlimited: {} - -#Pods Service Account -serviceAccount: - nameOverride: ejbca - roles: - - read -- cgit 1.2.3-korg