commit bd94a04227a235319b3246e52cadc7c1e96f9c22
author Sylvain Desbureaux <sylvain.desbureaux@orange.com> Mon Apr 19 16:00:49 2021 +0200
committer Sylvain Desbureaux <sylvain.desbureaux@orange.com> Thu May 06 06:29:46 2021 +0000
tree f4f817dd18994012f85d9bceb1685c409e8d1f2f
parent f6465e1e1386cd090ab9a125683304e57f373c19

[COMMON][CERTS] Allow to provide custom certs easily

Instead of mandating to provide custom certificates before creation of
helm packages, let's propose to include certificates from a known
secret or configmap.
The current implementation will first search for secret and if not
provided will look for configmap.

Issue-ID: OOM-2731
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: If2f90adc18efe59c0516db9409964a236bd17a66

kubernetes/common/certInitializer/templates/_certInitializer.yaml

diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
index 414192e..3b165a4 100644
--- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml
+++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
@@ -137,6 +137,8 @@
   volumeMounts:
     - mountPath: /certs
       name: aaf-agent-certs
+    - mountPath: /more_certs
+      name: provided-custom-certs
     - mountPath: /root/import-custom-certs.sh
       name: aaf-agent-certs
       subPath: import-custom-certs.sh
@@ -177,6 +179,21 @@
   configMap:
     name: {{ tpl $subchartDot.Values.certsCMName $subchartDot }}
     defaultMode: 0700
+{{- if $dot.Values.global.importCustomCertsEnabled }}
+- name: provided-custom-certs
+{{-   if $dot.Values.global.customCertsSecret }}
+  secret:
+    secretName: {{ $dot.Values.global.customCertsSecret }}
+{{-   else }}
+{{-     if $dot.Values.global.customCertsConfigMap }}
+  configMap:
+    name: {{ $dot.Values.global.customCertsConfigMap }}
+{{-     else }}
+  emptyDir:
+    medium: Memory
+{{-     end }}
+{{-   end }}
+{{- end }}
 - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }}
   configMap:
     name: {{ include "common.fullname" $subchartDot }}-add-config

kubernetes/common/certInitializer/values.yaml

diff --git a/kubernetes/common/certInitializer/values.yaml b/kubernetes/common/certInitializer/values.yaml
index 52b2765..74a2b37 100644
--- a/kubernetes/common/certInitializer/values.yaml
+++ b/kubernetes/common/certInitializer/values.yaml
@@ -15,6 +15,15 @@
 global:
   aafAgentImage: onap/aaf/aaf_agent:2.1.20
   aafEnabled: true
+  # Give the name of a config map where certInitializer will onboard all certs
+  # given (certs must be in pem format)
+  customCertsConfigMap:
+  # Give the name of a secret where certInitializer will onboard all certs given
+  # (certs must be in pem format)
+  # this one superseedes previous one (so if both are given, only certs from
+  # secret will be onboarded).
+  customCertsSecret:
+
 
 pullPolicy: Always
 
@@ -37,7 +46,6 @@
     - aaf-cm
     - aaf-service
 
-aafDeployFqi: "changeme"
 fqdn: ""
 app_ns: "org.osaaf.aaf"
 fqi: ""