[CDS] Retrieve certificates automatically
Today, CDS UI is using an hardcoded certificate, which is not the right
way to do.
This patch is using certInitializer in order to do it automatically.
Issue-ID: CCSDK-3141
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I5f2e564abd15f685df03be130b3969cad867b0b5
diff --git a/kubernetes/cds/components/cds-ui/templates/deployment.yaml b/kubernetes/cds/components/cds-ui/templates/deployment.yaml
index 1c88f56..359c713 100644
--- a/kubernetes/cds/components/cds-ui/templates/deployment.yaml
+++ b/kubernetes/cds/components/cds-ui/templates/deployment.yaml
@@ -37,6 +37,9 @@
release: {{ include "common.release" . }}
name: {{ include "common.fullname" . }}
spec:
+ {{- if .Values.global.aafEnabled }}
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
@@ -71,12 +74,18 @@
value: "{{ .Values.config.api.processor.grpc.port }}"
- name: API_BLUEPRINT_PROCESSOR_GRPC_AUTH_TOKEN
value: {{ .Values.config.api.processor.grpc.authToken }}
+ {{- if .Values.global.aafEnabled }}
+ - name: KEYSTORE
+ value: "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12"
+ - name: PASSPHRASE
+ value: "{{ .Values.certInitializer.credsPath }}/mycreds.prop"
+ {{- end }}
readinessProbe:
tcpSocket:
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 12 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -90,7 +99,7 @@
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime