SDC Certificate location is configurable
Change-Id: I1512c47570a4cd8a739b3ce517ee6bf8c5544b18
Issue-ID: SDC-2195
Signed-off-by: kooper <sergey.sachkov@est.tech>
diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml
index 87556b0..70895d3 100644
--- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml
@@ -88,6 +88,8 @@
- name: SDC_PASSWORD
valueFrom:
secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: sdc_password}
+ - name: SDC_CERT_DIR
+ value: {{ .Values.cert.certDir }}
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
mountPath: /root/chef-solo/environments/
@@ -99,6 +101,8 @@
- name: {{ include "common.fullname" . }}-logback
mountPath: /tmp/logback.xml
subPath: logback.xml
+ - name: {{ include "common.fullname" . }}-cert-storage
+ mountPath: "{{ .Values.cert.certDir }}"
lifecycle:
postStart:
exec:
@@ -133,5 +137,8 @@
defaultMode: 0755
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
+ - name: {{ include "common.fullname" . }}-cert-storage
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}-cert
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/pv.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/templates/pv.yaml
new file mode 100644
index 0000000..b292ff9
--- /dev/null
+++ b/kubernetes/sdc/charts/sdc-onboarding-be/templates/pv.yaml
@@ -0,0 +1,38 @@
+{{/*
+# ================================================================================
+# Copyright (C) 2019, Nordix Foundation. All rights reserved.
+# ================================================================================
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if and .Values.persistence.enabled (not .Values.cert.persistence.existingClaim) -}}
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}-cert
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+ name: {{ include "common.fullname" . }}
+spec:
+ capacity:
+ storage: {{ .Values.cert.persistence.size}}
+ accessModes:
+ - {{ .Values.cert.persistence.accessMode }}
+ persistentVolumeReclaimPolicy: {{ .Values.cert.persistence.volumeReclaimPolicy }}
+ hostPath:
+ path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.cert.persistence.mountSubPath }}
+{{- end -}}
\ No newline at end of file
diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/pvc.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/templates/pvc.yaml
new file mode 100644
index 0000000..eb2c372
--- /dev/null
+++ b/kubernetes/sdc/charts/sdc-onboarding-be/templates/pvc.yaml
@@ -0,0 +1,49 @@
+{{/*
+# ================================================================================
+# Copyright (C) 2019, Nordix Foundation. All rights reserved.
+# ================================================================================
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if and .Values.cert.persistence.enabled (not .Values.cert.persistence.existingClaim) -}}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}-cert
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+{{- if .Values.cert.persistence.annotations }}
+ annotations:
+{{ toYaml .Values.cert.persistence.annotations | indent 4 }}
+{{- end }}
+spec:
+ selector:
+ matchLabels:
+ name: {{ include "common.fullname" . }}
+ accessModes:
+ - {{ .Values.cert.persistence.accessMode }}
+ resources:
+ requests:
+ storage: {{ .Values.cert.persistence.size }}
+{{- if .Values.cert.persistence.storageClass }}
+{{- if (eq "-" .Values.cert.persistence.storageClass) }}
+ storageClassName: ""
+{{- else }}
+ storageClassName: "{{ .Values.cert.persistence.storageClass }}"
+{{- end }}
+{{- end }}
+{{- end -}}
\ No newline at end of file
diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml
index 4b09a11..2b7edd9 100644
--- a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml
+++ b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml
@@ -90,6 +90,18 @@
mountPath: /dockerdata-nfs
mountSubPath: /sdc/sdc-cs/CS
+##Certificate storage persistence
+##This is temporary solution for SDC-1980
+cert:
+ certDir: /var/lib/jetty/cert
+ persistence:
+ enabled: true
+ size: 10Mi
+ accessMode: ReadOnlyMany
+ volumeReclaimPolicy: Retain
+ mountSubPath: /sdc/onbaording/cert
+
+
ingress:
enabled: false