Gitiles
Code Review Sign In
gerrit.nordix.org / onap / oom / aadf545643827a440b082f4dcf6afdfd1c2012e2^! / . / kubernetes / so / charts / so-vnfm-adapter / templates
commitaadf545643827a440b082f4dcf6afdfd1c2012e2[log] [tgz]
authorSylvain Desbureaux <sylvain.desbureaux@orange.com>Wed Mar 18 18:13:51 2020 +0100
committerSylvain Desbureaux <sylvain.desbureaux@orange.com>Tue Mar 31 08:34:31 2020 +0200
treeba293ac6337478c5ab5371286d8213fb8dec3d31
parent5af320fc0c9e5f250e595cfa8daa93835016fca1 [diff]
[SO] Onboard ONAP CA during init phase

Workaround for retrieving ONAP root CA and keeping SO container being
run by no root user.

Issue-ID: SO-2730
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ib1b48c0a6fcca359a780640b8c705e75fd78dc1a

diff --git a/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml
index c297ac3..00b36a8 100755
--- a/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml
+++ b/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml

@@ -34,13 +34,14 @@
         app: {{ include "common.name" . }}
         release: {{ include "common.release" . }}
     spec:
+      initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
       containers:
       - name: {{ include "common.name" . }}
         image: {{ include "common.repository" . }}/{{ .Values.image }}
         resources:
 {{ include "common.resources" . | indent 12 }}
          {{- if eq .Values.global.security.aaf.enabled true }}
-        env: 
+        env:
         - name: TRUSTSTORE
           value: /app/org.onap.so.trust.jks
         - name: TRUSTSTORE_PASSWORD
@@ -60,7 +61,7 @@
         - configMapRef:
             name: {{ include "common.fullname" . }}-configmap
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        volumeMounts:
+        volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
         - name: logs
           mountPath: /app/logs
         - name: config
@@ -77,7 +78,7 @@
         - containerPort: {{ index .Values.containerPort }}
           name: {{ .Values.service.portName }}
           protocol: TCP
-      volumes:
+      volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
       - name: logs
         emptyDir: {}
       - name: config

diff --git a/kubernetes/so/charts/so-vnfm-adapter/templates/secret.yaml b/kubernetes/so/charts/so-vnfm-adapter/templates/secret.yaml
new file mode 100644
index 0000000..bd7eb8e
--- /dev/null
+++ b/kubernetes/so/charts/so-vnfm-adapter/templates/secret.yaml

@@ -0,0 +1,15 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}