commit aadf545643827a440b082f4dcf6afdfd1c2012e2
author Sylvain Desbureaux <sylvain.desbureaux@orange.com> Wed Mar 18 18:13:51 2020 +0100
committer Sylvain Desbureaux <sylvain.desbureaux@orange.com> Tue Mar 31 08:34:31 2020 +0200
tree ba293ac6337478c5ab5371286d8213fb8dec3d31
parent 5af320fc0c9e5f250e595cfa8daa93835016fca1

[SO] Onboard ONAP CA during init phase

Workaround for retrieving ONAP root CA and keeping SO container being
run by no root user.

Issue-ID: SO-2730
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ib1b48c0a6fcca359a780640b8c705e75fd78dc1a

kubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml

diff --git a/kubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml
index ce0bc07..2addd7b 100755
--- a/kubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml
+++ b/kubernetes/so/charts/so-vfc-adapter/templates/deployment.yaml
@@ -34,7 +34,7 @@
         app: {{ include "common.name" . }}
         release: {{ include "common.release" . }}
     spec:
-      initContainers:
+      initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
       - command:
         - /root/job_complete.py
         args:
@@ -93,7 +93,7 @@
         - configMapRef:
             name: {{ include "common.fullname" . }}-configmap
         imagePullPolicy:  {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        volumeMounts:
+        volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
         - name: logs
           mountPath: /app/logs
         - name: config
@@ -113,7 +113,7 @@
         - containerPort: {{ index .Values.containerPort }}
           name: {{ .Values.service.portName }}
           protocol: TCP
-      volumes:
+      volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
       - name: logs
         emptyDir: {}
       - name: config

kubernetes/so/charts/so-vfc-adapter/values.yaml

diff --git a/kubernetes/so/charts/so-vfc-adapter/values.yaml b/kubernetes/so/charts/so-vfc-adapter/values.yaml
index f442860..c907b4e 100755
--- a/kubernetes/so/charts/so-vfc-adapter/values.yaml
+++ b/kubernetes/so/charts/so-vfc-adapter/values.yaml
@@ -39,6 +39,14 @@
     login: '{{ .Values.db.adminName }}'
     password: '{{ .Values.db.adminPassword }}'
     passwordPolicy: required
+  - uid: "so-onap-certs"
+    externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+    type: generic
+    filePaths: '{{ .Values.secretsFilePaths }}'
+
+#secretsFilePaths: |
+#  - 'my file 1'
+#  - '{{ include "templateThatGeneratesFileName" . }}'
 
 #################################################################
 # Application configuration defaults.