blob: 57e6c69b1f36b1c0860ccf271e1a095da202edae [file] [log] [blame]
Remigiusz Janeczek42177a12020-12-10 13:10:15 +01001{{/*
2# Copyright © 2021 Nokia
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15*/}}
16
17{{/*
18In order to use certServiceClient it is needed do define certificates array in target component values.yaml. Each
19certificate will be requested from separate init container
20
21Minimum example of array in target component values.yaml:
22certificates:
23 - mountPath: /var/custom-certs
24 commonName: common-name
25
26Full example (other fields are ignored):
27certificates:
28 - mountPath: /var/custom-certs
29 caName: RA
30 outputType: JKS
31 commonName: common-name
32 dnsNames:
33 - dns-name-1
34 - dns-name-2
35 ipAddresses:
36 - 192.168.0.1
37 - 192.168.0.2
38 emailAddresses:
39 - email-1@onap.org
40 - email-2@onap.org
41 uris:
42 - http://uri-1.onap.org
43 - http://uri-2.onap.org
44 subject:
45 organization: Linux-Foundation
46 country: US
47 locality: San Francisco
48 province: California
49 organizationalUnit: ONAP
50
51There also need to be some includes used in a target component deployment (indent values may need to be adjusted):
52 1. In initContainers section:
53 {{ include "common.certServiceClient.initContainer" . | indent 6 }}
54 2. In volumeMounts section of container using certificates:
55 {{ include "common.certServiceClient.volumeMounts" . | indent 10 }}
56 3. In volumes section:
57 {{ include "common.certServiceClient.volumes" . | indent 8 }}
58
59*/}}
60
61{{- define "common.certServiceClient.initContainer" -}}
62{{- $dot := default . .dot -}}
63{{- $initRoot := default $dot.Values.cmpv2Certificate .initRoot -}}
64{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
65{{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}}
66{{- range $index, $certificate := $dot.Values.certificates -}}
67{{/*# General certifiacate attributes #*/}}
68{{- $commonName := $certificate.commonName -}}
69{{/*# SAN's #*/}}
70{{- $dnsNames := default (list) $certificate.dnsNames -}}
71{{- $ipAddresses := default (list) $certificate.ipAddresses -}}
72{{- $uris := default (list) $certificate.uris -}}
73{{- $emailAddresses := default (list) $certificate.emailAddresses -}}
74{{- $sansList := concat $dnsNames $ipAddresses $uris $emailAddresses -}}
75{{- $sans := join "," $sansList }}
76{{/*# Subject #*/}}
77{{- $organization := $subchartGlobal.certificate.default.subject.organization -}}
78{{- $country := $subchartGlobal.certificate.default.subject.country -}}
79{{- $locality := $subchartGlobal.certificate.default.subject.locality -}}
80{{- $province := $subchartGlobal.certificate.default.subject.province -}}
81{{- $orgUnit := $subchartGlobal.certificate.default.subject.organizationalUnit -}}
82{{- if $certificate.subject -}}
83{{- $organization := $certificate.subject.organization -}}
84{{- $country := $certificate.subject.country -}}
85{{- $locality := $certificate.subject.locality -}}
86{{- $province := $certificate.subject.province -}}
87{{- $orgUnit := $certificate.subject.organizationalUnit -}}
88{{- end -}}
89{{- $caName := default $subchartGlobal.platform.certServiceClient.envVariables.caName $certificate.caName -}}
90{{- $outputType := default $subchartGlobal.platform.certServiceClient.envVariables.outputType $certificate.outputType -}}
91{{- $requestUrl := $subchartGlobal.platform.certServiceClient.envVariables.requestURL -}}
92{{- $certPath := $subchartGlobal.platform.certServiceClient.envVariables.certPath -}}
93{{- $requestTimeout := $subchartGlobal.platform.certServiceClient.envVariables.requestTimeout -}}
94{{- $certificatesSecretMountPath := $subchartGlobal.platform.certServiceClient.secret.mountPath -}}
95{{- $keystorePath := $subchartGlobal.platform.certServiceClient.envVariables.keystorePath -}}
96{{- $keystorePassword := $subchartGlobal.platform.certServiceClient.envVariables.keystorePassword -}}
97{{- $truststorePath := $subchartGlobal.platform.certServiceClient.envVariables.truststorePath -}}
98{{- $truststorePassword := $subchartGlobal.platform.certServiceClient.envVariables.truststorePassword -}}
99- name: certs-init-{{ $index }}
100 image: {{ include "repositoryGenerator.image.certserviceclient" $dot }}
101 imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
102 env:
103 - name: REQUEST_URL
104 value: {{ $requestUrl | quote }}
105 - name: REQUEST_TIMEOUT
106 value: {{ $requestTimeout | quote }}
107 - name: OUTPUT_PATH
108 value: {{ $certPath | quote }}
109 - name: OUTPUT_TYPE
110 value: {{ $outputType | quote }}
111 - name: CA_NAME
112 value: {{ $caName | quote }}
113 - name: COMMON_NAME
114 value: {{ $commonName | quote }}
115 - name: SANS
116 value: {{ $sans | quote }}
117 - name: ORGANIZATION
118 value: {{ $organization | quote }}
119 - name: ORGANIZATION_UNIT
120 value: {{ $orgUnit | quote }}
121 - name: LOCATION
122 value: {{ $locality | quote }}
123 - name: STATE
124 value: {{ $province | quote }}
125 - name: COUNTRY
126 value: {{ $country | quote }}
127 - name: KEYSTORE_PATH
128 value: {{ $keystorePath | quote }}
129 - name: KEYSTORE_PASSWORD
130 value: {{ $keystorePassword | quote }}
131 - name: TRUSTSTORE_PATH
132 value: {{ $truststorePath | quote }}
133 - name: TRUSTSTORE_PASSWORD
134 value: {{ $truststorePassword | quote }}
135 terminationMessagePath: /dev/termination-log
136 terminationMessagePolicy: File
137 volumeMounts:
138 - mountPath: {{ $certPath }}
139 name: cmpv2-certs-volume-{{ $index }}
140 - mountPath: {{ $certificatesSecretMountPath }}
141 name: certservice-tls-volume
142{{- end -}}
143{{- end -}}
144{{- end -}}
145
146{{- define "common.certServiceClient.volumes" -}}
147{{- $dot := default . .dot -}}
148{{- $initRoot := default $dot.Values.cmpv2Certificate .initRoot -}}
149{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
150{{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}}
151{{- $certificatesSecretName := $subchartGlobal.platform.certServiceClient.secret.name -}}
152- name: certservice-tls-volume
153 secret:
154 secretName: {{ $certificatesSecretName }}
155{{ range $index, $certificate := $dot.Values.certificates -}}
156- name: cmpv2-certs-volume-{{ $index }}
157 emptyDir:
158 medium: Memory
159{{- end -}}
160{{- end -}}
161{{- end -}}
162
163{{- define "common.certServiceClient.volumeMounts" -}}
164{{- $dot := default . .dot -}}
165{{- $initRoot := default $dot.Values.cmpv2Certificate .initRoot -}}
166{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
167{{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}}
168{{- range $index, $certificate := $dot.Values.certificates -}}
169{{- $mountPath := $certificate.mountPath -}}
170- mountPath: {{ $mountPath }}
171 name: cmpv2-certs-volume-{{ $index }}
172{{ end -}}
173{{- end -}}
174{{- end -}}