From aadf545643827a440b082f4dcf6afdfd1c2012e2 Mon Sep 17 00:00:00 2001 From: Sylvain Desbureaux Date: Wed, 18 Mar 2020 18:13:51 +0100 Subject: [SO] Onboard ONAP CA during init phase Workaround for retrieving ONAP root CA and keeping SO container being run by no root user. Issue-ID: SO-2730 Signed-off-by: Sylvain Desbureaux Change-Id: Ib1b48c0a6fcca359a780640b8c705e75fd78dc1a --- kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml | 6 +++--- kubernetes/so/charts/so-sdc-controller/values.yaml | 8 ++++++++ 2 files changed, 11 insertions(+), 3 deletions(-) (limited to 'kubernetes/so/charts/so-sdc-controller') diff --git a/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml b/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml index ca6be72273..e1c2069a44 100755 --- a/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml +++ b/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml @@ -34,7 +34,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} - command: - /root/job_complete.py args: @@ -93,7 +93,7 @@ spec: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: + volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} - name: logs mountPath: /app/logs - name: config @@ -120,7 +120,7 @@ spec: mountPath: /var/log/onap/so - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap - volumes: + volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - name: logs emptyDir: {} - name: config diff --git a/kubernetes/so/charts/so-sdc-controller/values.yaml b/kubernetes/so/charts/so-sdc-controller/values.yaml index 6d8adf7338..1f978dec03 100755 --- a/kubernetes/so/charts/so-sdc-controller/values.yaml +++ b/kubernetes/so/charts/so-sdc-controller/values.yaml @@ -39,6 +39,14 @@ secrets: login: '{{ .Values.db.adminName }}' password: '{{ .Values.db.adminPassword }}' passwordPolicy: required + - uid: "so-onap-certs" + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' + +#secretsFilePaths: | +# - 'my file 1' +# - '{{ include "templateThatGeneratesFileName" . }}' ################################################################# # Application configuration defaults. -- cgit 1.2.3-korg