[DMAAP][MR] Retrieve certs automatically
Instead of hardcoding certificates inside the container, use cert
initializer in order to retrieve them automatically at start.
Issue-ID: DMAAP-1547
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I7fcb8831539d8d9d5d25bcaae44a3c66672f7b1a
diff --git a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml
index e936ed2..706fe29 100644
--- a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml
@@ -42,6 +42,24 @@
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ {{ include "common.certInitializer.initContainer" . | indent 6 | trim }}
+ {{- if .Values.global.aafEnabled }}
+ - name: {{ include "common.name" . }}-update-config
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0);
+ cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+ - mountPath: /config
+ name: jetty
+ - mountPath: /config-input
+ name: etc
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- end }}
containers:
{{- if .Values.prometheus.jmx.enabled }}
- name: prometheus-jmx-exporter
@@ -67,6 +85,16 @@
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ cp /jetty-config/ajsc-jetty.xml /appl/dmaapMR1/etc/
+ cp /jetty-config/cadi.properties {{ .Values.certInitializer.appMountPath }}/local/cadi.properties
+ /bin/sh /appl/startup.sh
+ {{- end }}
ports: {{ include "common.containerPorts" . | nindent 10 }}
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
@@ -85,7 +113,7 @@
env:
- name: enableCadi
value: "{{ .Values.global.aafEnabled }}"
- volumeMounts:
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -95,26 +123,31 @@
- mountPath: /appl/dmaapMR1/bundleconfig/etc/logback.xml
subPath: logback.xml
name: logback
- - mountPath: /appl/dmaapMR1/etc/cadi.properties
- subPath: cadi.properties
- name: cadi
- mountPath: /appl/dmaapMR1/etc/keyfile
subPath: mykey
name: mykey
+ - mountPath: /appl/dmaapMR1/etc/runner-web.xml
+ subPath: runner-web.xml
+ name: etc
+ - mountPath: /appl/dmaapMR1/bundleconfig/etc/sysprops/sys-props.properties
+ subPath: sys-props.properties
+ name: sys-props
+ - mountPath: /jetty-config
+ name: jetty
resources: {{ include "common.resources" . | nindent 12 }}
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
- name: appprops
configMap:
name: {{ include "common.fullname" . }}-msgrtrapi-prop-configmap
+ - name: etc
+ configMap:
+ name: {{ include "common.fullname" . }}-etc
- name: logback
configMap:
name: {{ include "common.fullname" . }}-logback-xml-configmap
- - name: cadi
- configMap:
- name: {{ include "common.fullname" . }}-cadi-prop-configmap
{{- if .Values.prometheus.jmx.enabled }}
- name: jmx-config
configMap:
@@ -123,5 +156,10 @@
- name: mykey
secret:
secretName: {{ include "common.fullname" . }}-secret
+ - name: sys-props
+ configMap:
+ name: {{ include "common.fullname" . }}-sys-props
+ - name: jetty
+ emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"