From 24a7ef35b6fb3ba85f79e1a6a0bf2fd50e872332 Mon Sep 17 00:00:00 2001 From: krishnaa96 Date: Fri, 9 Oct 2020 12:01:05 +0530 Subject: [OOF] Bump versions - Upgrade OSDF and HAS to new image version - Intermediate and root ca certs should be added to domain cert for nginx to serve https requests - Remove redundant certs and load it as a secret Issue-ID: OPTFRA-857 Signed-off-by: krishnaa96 Change-Id: I51d5f9bf53561acbe5e1df6691e02899de41eed0 --- kubernetes/oof/templates/configmap.yaml | 2 +- kubernetes/oof/templates/deployment.yaml | 16 +++++++++++++--- kubernetes/oof/templates/secret.yaml | 15 +++++++++++++++ 3 files changed, 29 insertions(+), 4 deletions(-) create mode 100644 kubernetes/oof/templates/secret.yaml (limited to 'kubernetes/oof/templates') diff --git a/kubernetes/oof/templates/configmap.yaml b/kubernetes/oof/templates/configmap.yaml index 75f7e42277..7176f138c9 100644 --- a/kubernetes/oof/templates/configmap.yaml +++ b/kubernetes/oof/templates/configmap.yaml @@ -24,4 +24,4 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/conf/*").AsConfig . | indent 2 }} diff --git a/kubernetes/oof/templates/deployment.yaml b/kubernetes/oof/templates/deployment.yaml index 76d1a62604..cbf4156d23 100644 --- a/kubernetes/oof/templates/deployment.yaml +++ b/kubernetes/oof/templates/deployment.yaml @@ -73,6 +73,14 @@ spec: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/sh + args: + - "-c" + - | + grep -v '^$' /opt/osdf/osaaf/local/org.onap.oof.crt > /tmp/oof.crt + cat /tmp/oof.crt /opt/app/ssl_cert/intermediate_root_ca.pem /opt/app/ssl_cert/aaf_root_ca.cer >> /opt/osdf/org.onap.oof.crt + ./osdfapp.sh -x osdfapp.py ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -99,8 +107,11 @@ spec: name: {{ include "common.fullname" . }}-config subPath: osdf_config.yaml - mountPath: /opt/app/ssl_cert/aaf_root_ca.cer - name: {{ include "common.fullname" . }}-config + name: {{ include "common.fullname" . }}-onap-certs subPath: aaf_root_ca.cer + - mountPath: /opt/app/ssl_cert/intermediate_root_ca.pem + name: {{ include "common.fullname" . }}-onap-certs + subPath: intermediate_root_ca.pem - mountPath: /opt/osdf/config/common_config.yaml name: {{ include "common.fullname" . }}-config subPath: common_config.yaml @@ -129,11 +140,10 @@ spec: items: - key: osdf_config.yaml path: osdf_config.yaml - - key: aaf_root_ca.cer - path: aaf_root_ca.cer - key: common_config.yaml path: common_config.yaml - key: log.yml path: log.yml +{{ include "oof.certificate.volume" . | indent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/templates/secret.yaml b/kubernetes/oof/templates/secret.yaml new file mode 100644 index 0000000000..c5fe2be5da --- /dev/null +++ b/kubernetes/oof/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} -- cgit 1.2.3-korg