[PLATFORM] Add new fake deployment to fix offline certificates generation
Add new fake deployment to CertService, controlled by new global flag global.offlineDeployment, which is disabled as default. Change Makefile to use java image from ONAP Nexus for certificate generation.
Signed-off-by: Adam Wudzinski <adam.wudzinski@nokia.com>
Issue-ID: OOM-2588
Change-Id: I2f9fe4b626604c5bfd8512449d893015bdc6ca98
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 5e5e249..3c8b1e9 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -185,6 +185,11 @@
truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks"
truststorePassword: "secret"
+ # Indicates offline deployment build
+ # Set to true if you are rendering helm charts for offline deployment
+ # Otherwise keep it disabled
+ offlineDeploymentBuild: false
+
# TLS
# Set to false if you want to disable TLS for NodePorts. Be aware that this
# will loosen your security.
diff --git a/kubernetes/platform/components/oom-cert-service/Makefile b/kubernetes/platform/components/oom-cert-service/Makefile
index c4723df..c15fdc7 100644
--- a/kubernetes/platform/components/oom-cert-service/Makefile
+++ b/kubernetes/platform/components/oom-cert-service/Makefile
@@ -27,7 +27,12 @@
# Starts docker container for generating certificates - deletes first, if already running
start_docker:
@make stop_docker
- docker run -d --rm --name ${DOCKER_CONTAINER} --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/certs -w /certs docker.io/openjdk:11-jre-slim tail -f /dev/null
+ $(eval REPOSITORY := $(shell cat ./values.yaml | grep -i "^[ \t]*repository" -m1 | xargs | cut -d ' ' -f2))
+ $(eval JAVA_IMAGE := $(shell cat ./values.yaml | grep -i "^[ \t]*certificateGenerationImage" -m1 | xargs | cut -d ' ' -f2))
+ $(eval FULL_JAVA_IMAGE := $(REPOSITORY)/$(JAVA_IMAGE))
+ $(eval USER :=$(shell id -u))
+ $(eval GROUP :=$(shell id -g))
+ docker run --rm --name ${DOCKER_CONTAINER} --user "$(USER):$(GROUP)" --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/app -w /app --entrypoint "sh" -td $(FULL_JAVA_IMAGE)
# Stops docker container for generating certificates. 'true' is used to return 0 status code, if container is already deleted
stop_docker:
@@ -89,7 +94,7 @@
#Import root certificate into client
client_import_root_certificate:
@echo "Import root certificate into intermediate"
- ${DOCKER_EXEC} bash -c "cat root.crt >> certServiceClientByRoot.crt"
+ ${DOCKER_EXEC} sh -c "cat root.crt >> certServiceClientByRoot.crt"
@echo "####done####"
#Import signed certificate into certService's client
@@ -124,7 +129,7 @@
#Import root certificate into server
server_import_root_certificate:
@echo "Import root certificate into intermediate(server)"
- ${DOCKER_EXEC} bash -c "cat root.crt >> certServiceServerByRoot.crt"
+ ${DOCKER_EXEC} sh -c "cat root.crt >> certServiceServerByRoot.crt"
@echo "####done####"
#Import signed certificate into certService
diff --git a/kubernetes/platform/components/oom-cert-service/templates/fake_deployment.yaml b/kubernetes/platform/components/oom-cert-service/templates/fake_deployment.yaml
new file mode 100644
index 0000000..1d1224a
--- /dev/null
+++ b/kubernetes/platform/components/oom-cert-service/templates/fake_deployment.yaml
@@ -0,0 +1,31 @@
+{{/*
+ # Copyright © 2020, Nokia
+ #
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+*/}}
+
+{{- if .Values.global.offlineDeploymentBuild }}
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "common.repository" . }}/{{ .Values.certifcateGenerationImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{ end -}}
diff --git a/kubernetes/platform/components/oom-cert-service/values.yaml b/kubernetes/platform/components/oom-cert-service/values.yaml
index d4586a1..ee51ec7 100644
--- a/kubernetes/platform/components/oom-cert-service/values.yaml
+++ b/kubernetes/platform/components/oom-cert-service/values.yaml
@@ -21,6 +21,8 @@
enabled: true
# Standard OOM
pullPolicy: "Always"
+ repository: "nexus3.onap.org:10001"
+ offlineDeploymentBuild: false
# Service configuration
@@ -31,8 +33,11 @@
port: 8443
port_protocol: http
+# Certificates generation configuration
+certificateGenerationImage: onap/integration-java11:7.1.0
# Deployment configuration
+repository: "nexus3.onap.org:10001"
image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.1.0
pullPolicy: Always
replicaCount: 1