From aadf545643827a440b082f4dcf6afdfd1c2012e2 Mon Sep 17 00:00:00 2001
From: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Date: Wed, 18 Mar 2020 18:13:51 +0100
Subject: [SO] Onboard ONAP CA during init phase

Workaround for retrieving ONAP root CA and keeping SO container being
run by no root user.

Issue-ID: SO-2730
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ib1b48c0a6fcca359a780640b8c705e75fd78dc1a
---
 kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml')

diff --git a/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml
index c297ac3ce8..00b36a838e 100755
--- a/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml
+++ b/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml
@@ -34,13 +34,14 @@ spec:
         app: {{ include "common.name" . }}
         release: {{ include "common.release" . }}
     spec:
+      initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
       containers:
       - name: {{ include "common.name" . }}
         image: {{ include "common.repository" . }}/{{ .Values.image }}
         resources:
 {{ include "common.resources" . | indent 12 }}
          {{- if eq .Values.global.security.aaf.enabled true }}
-        env: 
+        env:
         - name: TRUSTSTORE
           value: /app/org.onap.so.trust.jks
         - name: TRUSTSTORE_PASSWORD
@@ -60,7 +61,7 @@ spec:
         - configMapRef:
             name: {{ include "common.fullname" . }}-configmap
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        volumeMounts:
+        volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
         - name: logs
           mountPath: /app/logs
         - name: config
@@ -77,7 +78,7 @@ spec:
         - containerPort: {{ index .Values.containerPort }}
           name: {{ .Values.service.portName }}
           protocol: TCP
-      volumes:
+      volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
       - name: logs
         emptyDir: {}
       - name: config
-- 
cgit 1.2.3-korg