From aadf545643827a440b082f4dcf6afdfd1c2012e2 Mon Sep 17 00:00:00 2001 From: Sylvain Desbureaux Date: Wed, 18 Mar 2020 18:13:51 +0100 Subject: [SO] Onboard ONAP CA during init phase Workaround for retrieving ONAP root CA and keeping SO container being run by no root user. Issue-ID: SO-2730 Signed-off-by: Sylvain Desbureaux Change-Id: Ib1b48c0a6fcca359a780640b8c705e75fd78dc1a --- .../charts/so-bpmn-infra/templates/deployment.yaml | 6 +++--- kubernetes/so/charts/so-bpmn-infra/values.yaml | 7 +++++++ .../so-catalog-db-adapter/templates/deployment.yaml | 6 +++--- .../so/charts/so-catalog-db-adapter/values.yaml | 8 ++++++++ .../charts/so-monitoring/templates/deployment.yaml | 6 +++--- kubernetes/so/charts/so-monitoring/values.yaml | 8 ++++++++ .../so-openstack-adapter/templates/deployment.yaml | 6 +++--- .../so/charts/so-openstack-adapter/values.yaml | 8 ++++++++ .../so-request-db-adapter/templates/deployment.yaml | 6 +++--- .../so/charts/so-request-db-adapter/values.yaml | 8 ++++++++ .../so-sdc-controller/templates/deployment.yaml | 6 +++--- kubernetes/so/charts/so-sdc-controller/values.yaml | 8 ++++++++ .../so-sdnc-adapter/templates/deployment.yaml | 5 +++-- kubernetes/so/charts/so-sdnc-adapter/values.yaml | 8 ++++++++ .../so-ve-vnfm-adapter/templates/deployment.yaml | 6 +++--- .../charts/so-ve-vnfm-adapter/templates/secret.yaml | 15 +++++++++++++++ kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml | 21 ++++++++++++++++++++- .../charts/so-vfc-adapter/templates/deployment.yaml | 6 +++--- kubernetes/so/charts/so-vfc-adapter/values.yaml | 8 ++++++++ .../so-vnfm-adapter/templates/deployment.yaml | 7 ++++--- .../so/charts/so-vnfm-adapter/templates/secret.yaml | 15 +++++++++++++++ kubernetes/so/charts/so-vnfm-adapter/values.yaml | 16 +++++++++++++++- 22 files changed, 159 insertions(+), 31 deletions(-) create mode 100644 kubernetes/so/charts/so-ve-vnfm-adapter/templates/secret.yaml create mode 100644 kubernetes/so/charts/so-vnfm-adapter/templates/secret.yaml (limited to 'kubernetes/so/charts') diff --git a/kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml b/kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml index 6a74c0bd24..dcb80c65b3 100755 --- a/kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml +++ b/kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml @@ -34,7 +34,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} - command: - /root/job_complete.py args: @@ -93,7 +93,7 @@ spec: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: + volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} - name: logs mountPath: /app/logs - name: config @@ -120,7 +120,7 @@ spec: mountPath: /var/log/onap/so - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap - volumes: + volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - name: logs emptyDir: {} - name: config diff --git a/kubernetes/so/charts/so-bpmn-infra/values.yaml b/kubernetes/so/charts/so-bpmn-infra/values.yaml index 4c64caf304..f1e35fe13a 100755 --- a/kubernetes/so/charts/so-bpmn-infra/values.yaml +++ b/kubernetes/so/charts/so-bpmn-infra/values.yaml @@ -41,7 +41,14 @@ secrets: login: '{{ .Values.db.adminName }}' password: '{{ .Values.db.adminPassword }}' passwordPolicy: required + - uid: "so-onap-certs" + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' +#secretsFilePaths: | +# - 'my file 1' +# - '{{ include "templateThatGeneratesFileName" . }}' ################################################################# # Application configuration defaults. diff --git a/kubernetes/so/charts/so-catalog-db-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-catalog-db-adapter/templates/deployment.yaml index d8b50adf7c..7edd53cf94 100755 --- a/kubernetes/so/charts/so-catalog-db-adapter/templates/deployment.yaml +++ b/kubernetes/so/charts/so-catalog-db-adapter/templates/deployment.yaml @@ -34,7 +34,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} - command: - /root/job_complete.py args: @@ -93,7 +93,7 @@ spec: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: + volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} - name: logs mountPath: /app/logs - name: config @@ -104,7 +104,7 @@ spec: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP - volumes: + volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - name: logs emptyDir: {} - name: config diff --git a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml b/kubernetes/so/charts/so-catalog-db-adapter/values.yaml index c276649a02..a3d5e2f363 100755 --- a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml +++ b/kubernetes/so/charts/so-catalog-db-adapter/values.yaml @@ -41,6 +41,14 @@ secrets: login: '{{ .Values.db.adminName }}' password: '{{ .Values.db.adminPassword }}' passwordPolicy: required + - uid: "so-onap-certs" + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' + +#secretsFilePaths: | +# - 'my file 1' +# - '{{ include "templateThatGeneratesFileName" . }}' ################################################################# # Application configuration defaults. diff --git a/kubernetes/so/charts/so-monitoring/templates/deployment.yaml b/kubernetes/so/charts/so-monitoring/templates/deployment.yaml index 93b0efb801..aebd249c29 100644 --- a/kubernetes/so/charts/so-monitoring/templates/deployment.yaml +++ b/kubernetes/so/charts/so-monitoring/templates/deployment.yaml @@ -39,7 +39,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} - name: so-chown image: alpine:3.6 volumeMounts: @@ -76,7 +76,7 @@ spec: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: + volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} - name: logs mountPath: /app/logs - name: config @@ -99,7 +99,7 @@ spec: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP - volumes: + volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - name: logs emptyDir: {} - name: config diff --git a/kubernetes/so/charts/so-monitoring/values.yaml b/kubernetes/so/charts/so-monitoring/values.yaml index 357c61cc45..f096d99637 100644 --- a/kubernetes/so/charts/so-monitoring/values.yaml +++ b/kubernetes/so/charts/so-monitoring/values.yaml @@ -44,6 +44,14 @@ secrets: login: '{{ .Values.db.adminName }}' password: '{{ .Values.db.adminPassword }}' passwordPolicy: required + - uid: "so-onap-certs" + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' + +#secretsFilePaths: | +# - 'my file 1' +# - '{{ include "templateThatGeneratesFileName" . }}' ################################################################# # Application configuration defaults. diff --git a/kubernetes/so/charts/so-openstack-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-openstack-adapter/templates/deployment.yaml index ca6be72273..e1c2069a44 100755 --- a/kubernetes/so/charts/so-openstack-adapter/templates/deployment.yaml +++ b/kubernetes/so/charts/so-openstack-adapter/templates/deployment.yaml @@ -34,7 +34,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} - command: - /root/job_complete.py args: @@ -93,7 +93,7 @@ spec: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: + volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} - name: logs mountPath: /app/logs - name: config @@ -120,7 +120,7 @@ spec: mountPath: /var/log/onap/so - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap - volumes: + volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - name: logs emptyDir: {} - name: config diff --git a/kubernetes/so/charts/so-openstack-adapter/values.yaml b/kubernetes/so/charts/so-openstack-adapter/values.yaml index 6a0b04b4d1..1ab46561d6 100755 --- a/kubernetes/so/charts/so-openstack-adapter/values.yaml +++ b/kubernetes/so/charts/so-openstack-adapter/values.yaml @@ -39,6 +39,14 @@ secrets: login: '{{ .Values.db.adminName }}' password: '{{ .Values.db.adminPassword }}' passwordPolicy: required + - uid: "so-onap-certs" + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' + +#secretsFilePaths: | +# - 'my file 1' +# - '{{ include "templateThatGeneratesFileName" . }}' ################################################################# # Application configuration defaults. diff --git a/kubernetes/so/charts/so-request-db-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-request-db-adapter/templates/deployment.yaml index d8b50adf7c..7edd53cf94 100755 --- a/kubernetes/so/charts/so-request-db-adapter/templates/deployment.yaml +++ b/kubernetes/so/charts/so-request-db-adapter/templates/deployment.yaml @@ -34,7 +34,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} - command: - /root/job_complete.py args: @@ -93,7 +93,7 @@ spec: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: + volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} - name: logs mountPath: /app/logs - name: config @@ -104,7 +104,7 @@ spec: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP - volumes: + volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - name: logs emptyDir: {} - name: config diff --git a/kubernetes/so/charts/so-request-db-adapter/values.yaml b/kubernetes/so/charts/so-request-db-adapter/values.yaml index 6324cab35a..7215ddcee9 100755 --- a/kubernetes/so/charts/so-request-db-adapter/values.yaml +++ b/kubernetes/so/charts/so-request-db-adapter/values.yaml @@ -39,6 +39,14 @@ secrets: login: '{{ .Values.db.adminName }}' password: '{{ .Values.db.adminPassword }}' passwordPolicy: required + - uid: "so-onap-certs" + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' + +#secretsFilePaths: | +# - 'my file 1' +# - '{{ include "templateThatGeneratesFileName" . }}' ################################################################# # Application configuration defaults. diff --git a/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml b/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml index ca6be72273..e1c2069a44 100755 --- a/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml +++ b/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml @@ -34,7 +34,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} - command: - /root/job_complete.py args: @@ -93,7 +93,7 @@ spec: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: + volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} - name: logs mountPath: /app/logs - name: config @@ -120,7 +120,7 @@ spec: mountPath: /var/log/onap/so - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap - volumes: + volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - name: logs emptyDir: {} - name: config diff --git a/kubernetes/so/charts/so-sdc-controller/values.yaml b/kubernetes/so/charts/so-sdc-controller/values.yaml index 6d8adf7338..1f978dec03 100755 --- a/kubernetes/so/charts/so-sdc-controller/values.yaml +++ b/kubernetes/so/charts/so-sdc-controller/values.yaml @@ -39,6 +39,14 @@ secrets: login: '{{ .Values.db.adminName }}' password: '{{ .Values.db.adminPassword }}' passwordPolicy: required + - uid: "so-onap-certs" + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' + +#secretsFilePaths: | +# - 'my file 1' +# - '{{ include "templateThatGeneratesFileName" . }}' ################################################################# # Application configuration defaults. diff --git a/kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml index c5336cff3f..401e803cc0 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml +++ b/kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml @@ -34,6 +34,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: + initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} containers: - name: {{ include "common.name" . }} image: {{ include "common.repository" . }}/{{ .Values.image }} @@ -78,7 +79,7 @@ spec: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: + volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} - name: logs mountPath: /app/logs - name: config @@ -105,7 +106,7 @@ spec: mountPath: /var/log/onap/so - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap - volumes: + volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - name: logs emptyDir: {} - name: config diff --git a/kubernetes/so/charts/so-sdnc-adapter/values.yaml b/kubernetes/so/charts/so-sdnc-adapter/values.yaml index b736253f56..1d82321238 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/values.yaml +++ b/kubernetes/so/charts/so-sdnc-adapter/values.yaml @@ -39,6 +39,14 @@ secrets: login: '{{ .Values.db.adminName }}' password: '{{ .Values.db.adminPassword }}' passwordPolicy: required + - uid: "so-onap-certs" + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' + +#secretsFilePaths: | +# - 'my file 1' +# - '{{ include "templateThatGeneratesFileName" . }}' ################################################################# # Application configuration defaults. diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-ve-vnfm-adapter/templates/deployment.yaml index 03b3441c93..380b52fda0 100755 --- a/kubernetes/so/charts/so-ve-vnfm-adapter/templates/deployment.yaml +++ b/kubernetes/so/charts/so-ve-vnfm-adapter/templates/deployment.yaml @@ -22,7 +22,7 @@ spec: metadata: labels: {{- include "common.labels" . | nindent 8 }} spec: - initContainers: + initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }} - name: {{ include "common.name" . }}-readiness command: - /root/ready.py @@ -47,7 +47,7 @@ spec: image: {{ include "common.repository" . }}/{{ .Values.image }} resources: {{ include "common.resources" . | nindent 12 }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: + volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 12 }} - name: logs mountPath: /app/logs - name: config @@ -61,7 +61,7 @@ spec: successThreshold: {{ index .Values.livenessProbe.successThreshold}} failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} ports: {{- include "common.containerPorts" . | nindent 10 }} - volumes: + volumes: {{ include "so.certificate.volumes" . | nindent 8 }} - name: logs emptyDir: {} - name: config diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/templates/secret.yaml b/kubernetes/so/charts/so-ve-vnfm-adapter/templates/secret.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/so/charts/so-ve-vnfm-adapter/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml b/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml index 53106004a9..1d9854c191 100755 --- a/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml +++ b/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml @@ -11,13 +11,32 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +################################################################# +# Global configuration defaults. +################################################################# global: repository: nexus3.onap.org:10001 readinessRepository: oomk8s readinessImage: readiness-check:2.0.2 persistence: mountPath: /dockerdata-nfs + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: "so-onap-certs" + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' + +#secretsFilePaths: | +# - 'my file 1' +# - '{{ include "templateThatGeneratesFileName" . }}' + +################################################################# +# Application configuration defaults. +################################################################# image: onap/so/ve-vnfm-adapter:1.6.0 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml index ce0bc0704a..2addd7b184 100755 --- a/kubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml +++ b/kubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml @@ -34,7 +34,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} - command: - /root/job_complete.py args: @@ -93,7 +93,7 @@ spec: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: + volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} - name: logs mountPath: /app/logs - name: config @@ -113,7 +113,7 @@ spec: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP - volumes: + volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - name: logs emptyDir: {} - name: config diff --git a/kubernetes/so/charts/so-vfc-adapter/values.yaml b/kubernetes/so/charts/so-vfc-adapter/values.yaml index f442860ab3..c907b4e1d0 100755 --- a/kubernetes/so/charts/so-vfc-adapter/values.yaml +++ b/kubernetes/so/charts/so-vfc-adapter/values.yaml @@ -39,6 +39,14 @@ secrets: login: '{{ .Values.db.adminName }}' password: '{{ .Values.db.adminPassword }}' passwordPolicy: required + - uid: "so-onap-certs" + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' + +#secretsFilePaths: | +# - 'my file 1' +# - '{{ include "templateThatGeneratesFileName" . }}' ################################################################# # Application configuration defaults. diff --git a/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml index c297ac3ce8..00b36a838e 100755 --- a/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml +++ b/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml @@ -34,13 +34,14 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: + initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} containers: - name: {{ include "common.name" . }} image: {{ include "common.repository" . }}/{{ .Values.image }} resources: {{ include "common.resources" . | indent 12 }} {{- if eq .Values.global.security.aaf.enabled true }} - env: + env: - name: TRUSTSTORE value: /app/org.onap.so.trust.jks - name: TRUSTSTORE_PASSWORD @@ -60,7 +61,7 @@ spec: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: + volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} - name: logs mountPath: /app/logs - name: config @@ -77,7 +78,7 @@ spec: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP - volumes: + volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - name: logs emptyDir: {} - name: config diff --git a/kubernetes/so/charts/so-vnfm-adapter/templates/secret.yaml b/kubernetes/so/charts/so-vnfm-adapter/templates/secret.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/so/charts/so-vnfm-adapter/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/charts/so-vnfm-adapter/values.yaml b/kubernetes/so/charts/so-vnfm-adapter/values.yaml index 78333767f6..1e4ecbc33a 100755 --- a/kubernetes/so/charts/so-vnfm-adapter/values.yaml +++ b/kubernetes/so/charts/so-vnfm-adapter/values.yaml @@ -22,6 +22,20 @@ global: persistence: mountPath: /dockerdata-nfs +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: "so-onap-certs" + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' + +#secretsFilePaths: | +# - 'my file 1' +# - '{{ include "templateThatGeneratesFileName" . }}' + + ################################################################# # Application configuration defaults. ################################################################# @@ -80,4 +94,4 @@ ingress: ssl: "redirect" nodeSelector: {} tolerations: [] -affinity: {} \ No newline at end of file +affinity: {} -- cgit 1.2.3-korg