From cc3141d86b6b9c18948b067d59387f7a3acaa39a Mon Sep 17 00:00:00 2001 From: Sylvain Desbureaux Date: Mon, 8 Feb 2021 15:59:33 +0100 Subject: [VID] Automatically retrieve certificates Use certInitializer in order to retrieve the certificates instead of hardcoding them. Issue-ID: VID-959 Signed-off-by: Sylvain Desbureaux Change-Id: I72eb09cd2719995ee05141034936f8e0589c7ad1 --- kubernetes/vid/templates/deployment.yaml | 29 +++++++++++++++++++---------- kubernetes/vid/templates/secrets.yaml | 15 +-------------- 2 files changed, 20 insertions(+), 24 deletions(-) (limited to 'kubernetes/vid/templates') diff --git a/kubernetes/vid/templates/deployment.yaml b/kubernetes/vid/templates/deployment.yaml index 2e74daa730..8872863e42 100644 --- a/kubernetes/vid/templates/deployment.yaml +++ b/kubernetes/vid/templates/deployment.yaml @@ -1,6 +1,7 @@ {{/* # Copyright © 2017 Amdocs, Bell Canada # Copyright © 2020 Samsung Electronics +# Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -36,7 +37,7 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - command: - /app/ready.py args: @@ -55,6 +56,15 @@ spec: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - -c + - | + export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) + /tmp/vid/localize.sh + {{- end }} ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -100,8 +110,6 @@ spec: value: "{{ .Values.config.roleaccesscentralized }}" - name: VID_CONTACT_US_LINK value: "{{ .Values.config.vidcontactuslink }}" - - name: VID_KEYSTORE_PASSWORD - value: {{ .Values.config.vidkeystorepassword | quote }} - name: VID_UEB_URL_LIST value: message-router.{{ include "common.namespace" . }} - name: VID_MYSQL_HOST @@ -116,9 +124,13 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "vid-db-user-secret" "key" "password") | indent 14 }} - name: VID_MYSQL_MAXCONNECTIONS value: "{{ .Values.config.vidmysqlmaxconnections }}" - volumeMounts: - - mountPath: /opt/app/vid/etc - name: vid-certs + {{- if .Values.global.aafEnabled }} + - name: VID_KEYSTORE_FILENAME + value: "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.jks" + - name: VID_TRUSTSTORE_FILENAME + value: "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks" + {{- end }} + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -149,10 +161,7 @@ spec: name: vid-logs - mountPath: /usr/share/filebeat/data name: vid-data-filebeat - volumes: - - name: vid-certs - secret: - secretName: {{ include "common.fullname" . }}-certs + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/vid/templates/secrets.yaml b/kubernetes/vid/templates/secrets.yaml index 72934fffd8..670838c6cf 100644 --- a/kubernetes/vid/templates/secrets.yaml +++ b/kubernetes/vid/templates/secrets.yaml @@ -1,6 +1,7 @@ {{/* # Copyright © 2017 Amdocs, Bell Canada # Copyright © 2020 Samsung Electronics +# Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,17 +17,3 @@ */}} {{ include "common.secretFast" . }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-certs - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: -{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }} -- cgit 1.2.3-korg