From aadf545643827a440b082f4dcf6afdfd1c2012e2 Mon Sep 17 00:00:00 2001 From: Sylvain Desbureaux Date: Wed, 18 Mar 2020 18:13:51 +0100 Subject: [SO] Onboard ONAP CA during init phase Workaround for retrieving ONAP root CA and keeping SO container being run by no root user. Issue-ID: SO-2730 Signed-off-by: Sylvain Desbureaux Change-Id: Ib1b48c0a6fcca359a780640b8c705e75fd78dc1a --- kubernetes/so/charts/so-monitoring/templates/deployment.yaml | 6 +++--- kubernetes/so/charts/so-monitoring/values.yaml | 8 ++++++++ 2 files changed, 11 insertions(+), 3 deletions(-) (limited to 'kubernetes/so/charts/so-monitoring') diff --git a/kubernetes/so/charts/so-monitoring/templates/deployment.yaml b/kubernetes/so/charts/so-monitoring/templates/deployment.yaml index 93b0efb801..aebd249c29 100644 --- a/kubernetes/so/charts/so-monitoring/templates/deployment.yaml +++ b/kubernetes/so/charts/so-monitoring/templates/deployment.yaml @@ -39,7 +39,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} - name: so-chown image: alpine:3.6 volumeMounts: @@ -76,7 +76,7 @@ spec: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: + volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} - name: logs mountPath: /app/logs - name: config @@ -99,7 +99,7 @@ spec: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP - volumes: + volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - name: logs emptyDir: {} - name: config diff --git a/kubernetes/so/charts/so-monitoring/values.yaml b/kubernetes/so/charts/so-monitoring/values.yaml index 357c61cc45..f096d99637 100644 --- a/kubernetes/so/charts/so-monitoring/values.yaml +++ b/kubernetes/so/charts/so-monitoring/values.yaml @@ -44,6 +44,14 @@ secrets: login: '{{ .Values.db.adminName }}' password: '{{ .Values.db.adminPassword }}' passwordPolicy: required + - uid: "so-onap-certs" + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' + +#secretsFilePaths: | +# - 'my file 1' +# - '{{ include "templateThatGeneratesFileName" . }}' ################################################################# # Application configuration defaults. -- cgit 1.2.3-korg