From 11eafc54cb946d13c663d55449dcd033db387d89 Mon Sep 17 00:00:00 2001 From: Adam Wudzinski Date: Wed, 28 Oct 2020 11:45:20 +0100 Subject: [PLATFORM] Add new fake deployment to fix offline certificates generation Add new fake deployment to CertService, controlled by new global flag global.offlineDeployment, which is disabled as default. Change Makefile to use java image from ONAP Nexus for certificate generation. Signed-off-by: Adam Wudzinski Issue-ID: OOM-2588 Change-Id: I2f9fe4b626604c5bfd8512449d893015bdc6ca98 --- kubernetes/onap/values.yaml | 5 ++++ .../platform/components/oom-cert-service/Makefile | 11 +++++--- .../templates/fake_deployment.yaml | 31 ++++++++++++++++++++++ .../components/oom-cert-service/values.yaml | 5 ++++ 4 files changed, 49 insertions(+), 3 deletions(-) create mode 100644 kubernetes/platform/components/oom-cert-service/templates/fake_deployment.yaml (limited to 'kubernetes') diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 5e5e249f71..3c8b1e9d90 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -185,6 +185,11 @@ global: truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks" truststorePassword: "secret" + # Indicates offline deployment build + # Set to true if you are rendering helm charts for offline deployment + # Otherwise keep it disabled + offlineDeploymentBuild: false + # TLS # Set to false if you want to disable TLS for NodePorts. Be aware that this # will loosen your security. diff --git a/kubernetes/platform/components/oom-cert-service/Makefile b/kubernetes/platform/components/oom-cert-service/Makefile index c4723dfdd1..c15fdc7a51 100644 --- a/kubernetes/platform/components/oom-cert-service/Makefile +++ b/kubernetes/platform/components/oom-cert-service/Makefile @@ -27,7 +27,12 @@ all: start_docker \ # Starts docker container for generating certificates - deletes first, if already running start_docker: @make stop_docker - docker run -d --rm --name ${DOCKER_CONTAINER} --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/certs -w /certs docker.io/openjdk:11-jre-slim tail -f /dev/null + $(eval REPOSITORY := $(shell cat ./values.yaml | grep -i "^[ \t]*repository" -m1 | xargs | cut -d ' ' -f2)) + $(eval JAVA_IMAGE := $(shell cat ./values.yaml | grep -i "^[ \t]*certificateGenerationImage" -m1 | xargs | cut -d ' ' -f2)) + $(eval FULL_JAVA_IMAGE := $(REPOSITORY)/$(JAVA_IMAGE)) + $(eval USER :=$(shell id -u)) + $(eval GROUP :=$(shell id -g)) + docker run --rm --name ${DOCKER_CONTAINER} --user "$(USER):$(GROUP)" --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/app -w /app --entrypoint "sh" -td $(FULL_JAVA_IMAGE) # Stops docker container for generating certificates. 'true' is used to return 0 status code, if container is already deleted stop_docker: @@ -89,7 +94,7 @@ client_sign_certificate_by_root: #Import root certificate into client client_import_root_certificate: @echo "Import root certificate into intermediate" - ${DOCKER_EXEC} bash -c "cat root.crt >> certServiceClientByRoot.crt" + ${DOCKER_EXEC} sh -c "cat root.crt >> certServiceClientByRoot.crt" @echo "####done####" #Import signed certificate into certService's client @@ -124,7 +129,7 @@ server_sign_certificate_by_root: #Import root certificate into server server_import_root_certificate: @echo "Import root certificate into intermediate(server)" - ${DOCKER_EXEC} bash -c "cat root.crt >> certServiceServerByRoot.crt" + ${DOCKER_EXEC} sh -c "cat root.crt >> certServiceServerByRoot.crt" @echo "####done####" #Import signed certificate into certService diff --git a/kubernetes/platform/components/oom-cert-service/templates/fake_deployment.yaml b/kubernetes/platform/components/oom-cert-service/templates/fake_deployment.yaml new file mode 100644 index 0000000000..1d1224afa4 --- /dev/null +++ b/kubernetes/platform/components/oom-cert-service/templates/fake_deployment.yaml @@ -0,0 +1,31 @@ +{{/* + # Copyright © 2020, Nokia + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. +*/}} + +{{- if .Values.global.offlineDeploymentBuild }} +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: {{- include "common.selectors" . | nindent 4 }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + containers: + - name: {{ include "common.name" . }} + image: {{ include "common.repository" . }}/{{ .Values.certifcateGenerationImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} +{{ end -}} diff --git a/kubernetes/platform/components/oom-cert-service/values.yaml b/kubernetes/platform/components/oom-cert-service/values.yaml index d4586a1d4b..ee51ec7a7d 100644 --- a/kubernetes/platform/components/oom-cert-service/values.yaml +++ b/kubernetes/platform/components/oom-cert-service/values.yaml @@ -21,6 +21,8 @@ global: enabled: true # Standard OOM pullPolicy: "Always" + repository: "nexus3.onap.org:10001" + offlineDeploymentBuild: false # Service configuration @@ -31,8 +33,11 @@ service: port: 8443 port_protocol: http +# Certificates generation configuration +certificateGenerationImage: onap/integration-java11:7.1.0 # Deployment configuration +repository: "nexus3.onap.org:10001" image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.1.0 pullPolicy: Always replicaCount: 1 -- cgit 1.2.3-korg