Gitiles
Code Review Sign In
gerrit.nordix.org / onap / oom / d82ed7c1549b5b90597552d62fbf2dd22121aeeb / . / kubernetes / common / cmpv2Certificate / templates / _certServiceClient.tpl
blob: f80b06b4d336da0fc22913b8a503b917125a6231 [file] [log] [blame]
Remigiusz Janeczek42177a12020-12-10 13:10:15 +0100[diff] [blame]1{{/*
2# Copyright © 2021 Nokia
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15*/}}
16
17{{/*
18In order to use certServiceClient it is needed do define certificates array in target component values.yaml. Each
19certificate will be requested from separate init container
20
21Minimum example of array in target component values.yaml:
22certificates:
23 - mountPath: /var/custom-certs
24 commonName: common-name
25
26Full example (other fields are ignored):
27certificates:
28 - mountPath: /var/custom-certs
29 caName: RA
Piotr Marcinkiewiczaf82e2b2021-02-11 11:23:31 +0100[diff] [blame]30 keystore:
31 outputType:
32 - jks
Remigiusz Janeczek42177a12020-12-10 13:10:15 +0100[diff] [blame]33 commonName: common-name
34 dnsNames:
35 - dns-name-1
36 - dns-name-2
37 ipAddresses:
38 - 192.168.0.1
39 - 192.168.0.2
40 emailAddresses:
41 - email-1@onap.org
42 - email-2@onap.org
43 uris:
44 - http://uri-1.onap.org
45 - http://uri-2.onap.org
46 subject:
47 organization: Linux-Foundation
48 country: US
49 locality: San Francisco
50 province: California
51 organizationalUnit: ONAP
52
53There also need to be some includes used in a target component deployment (indent values may need to be adjusted):
54 1. In initContainers section:
55 {{ include "common.certServiceClient.initContainer" . | indent 6 }}
56 2. In volumeMounts section of container using certificates:
57 {{ include "common.certServiceClient.volumeMounts" . | indent 10 }}
58 3. In volumes section:
59 {{ include "common.certServiceClient.volumes" . | indent 8 }}
60
61*/}}
62
63{{- define "common.certServiceClient.initContainer" -}}
64{{- $dot := default . .dot -}}
Piotr Marcinkiewicz32672932021-03-26 13:06:35 +0100[diff] [blame]65{{- $initRoot := default $dot.Values.cmpv2Certificate.cmpv2Config .initRoot -}}
Remigiusz Janeczek42177a12020-12-10 13:10:15 +0100[diff] [blame]66{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
67{{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}}
68{{- range $index, $certificate := $dot.Values.certificates -}}
69{{/*# General certifiacate attributes #*/}}
Piotr Marcinkiewiczaf82e2b2021-02-11 11:23:31 +0100[diff] [blame]70{{- $commonName := (required "'commonName' for Certificate is required." $certificate.commonName) -}}
Remigiusz Janeczek42177a12020-12-10 13:10:15 +0100[diff] [blame]71{{/*# SAN's #*/}}
72{{- $dnsNames := default (list) $certificate.dnsNames -}}
73{{- $ipAddresses := default (list) $certificate.ipAddresses -}}
74{{- $uris := default (list) $certificate.uris -}}
75{{- $emailAddresses := default (list) $certificate.emailAddresses -}}
76{{- $sansList := concat $dnsNames $ipAddresses $uris $emailAddresses -}}
77{{- $sans := join "," $sansList }}
78{{/*# Subject #*/}}
79{{- $organization := $subchartGlobal.certificate.default.subject.organization -}}
80{{- $country := $subchartGlobal.certificate.default.subject.country -}}
81{{- $locality := $subchartGlobal.certificate.default.subject.locality -}}
82{{- $province := $subchartGlobal.certificate.default.subject.province -}}
83{{- $orgUnit := $subchartGlobal.certificate.default.subject.organizationalUnit -}}
84{{- if $certificate.subject -}}
85{{- $organization := $certificate.subject.organization -}}
86{{- $country := $certificate.subject.country -}}
87{{- $locality := $certificate.subject.locality -}}
88{{- $province := $certificate.subject.province -}}
89{{- $orgUnit := $certificate.subject.organizationalUnit -}}
90{{- end -}}
91{{- $caName := default $subchartGlobal.platform.certServiceClient.envVariables.caName $certificate.caName -}}
Piotr Marcinkiewiczaf82e2b2021-02-11 11:23:31 +0100[diff] [blame]92{{- $outputType := $subchartGlobal.platform.certServiceClient.envVariables.outputType -}}
93{{- if $certificate.keystore -}}
94{{- $outputTypeList := (required "'outputType' in 'keystore' section is required." $certificate.keystore.outputType) -}}
95{{- $outputType = mustFirst ($outputTypeList) | upper -}}
96{{- end -}}
Remigiusz Janeczek42177a12020-12-10 13:10:15 +0100[diff] [blame]97{{- $requestUrl := $subchartGlobal.platform.certServiceClient.envVariables.requestURL -}}
98{{- $certPath := $subchartGlobal.platform.certServiceClient.envVariables.certPath -}}
99{{- $requestTimeout := $subchartGlobal.platform.certServiceClient.envVariables.requestTimeout -}}
Piotr Marcinkiewicz32672932021-03-26 13:06:35 +0100[diff] [blame]100{{- $certificatesSecret:= $subchartGlobal.platform.certServiceClient.clientSecretName -}}
101{{- $certificatesSecretMountPath := $subchartGlobal.platform.certServiceClient.certificatesSecretMountPath -}}
102{{- $keystorePath := (printf "%s%s" $subchartGlobal.platform.certServiceClient.certificatesSecretMountPath $subchartGlobal.platform.certificates.keystoreKeyRef ) -}}
103{{- $keystorePasswordSecret := $subchartGlobal.platform.certificates.keystorePasswordSecretName -}}
104{{- $keystorePasswordSecretKey := $subchartGlobal.platform.certificates.keystorePasswordSecretKey -}}
105{{- $truststorePath := (printf "%s%s" $subchartGlobal.platform.certServiceClient.certificatesSecretMountPath $subchartGlobal.platform.certificates.truststoreKeyRef ) -}}
106{{- $truststorePasswordSecret := $subchartGlobal.platform.certificates.truststorePasswordSecretName -}}
107{{- $truststorePasswordSecretKey := $subchartGlobal.platform.certificates.truststorePasswordSecretKey -}}
Remigiusz Janeczek42177a12020-12-10 13:10:15 +0100[diff] [blame]108- name: certs-init-{{ $index }}
109 image: {{ include "repositoryGenerator.image.certserviceclient" $dot }}
110 imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
111 env:
112 - name: REQUEST_URL
113 value: {{ $requestUrl | quote }}
114 - name: REQUEST_TIMEOUT
115 value: {{ $requestTimeout | quote }}
116 - name: OUTPUT_PATH
117 value: {{ $certPath | quote }}
118 - name: OUTPUT_TYPE
119 value: {{ $outputType | quote }}
120 - name: CA_NAME
121 value: {{ $caName | quote }}
122 - name: COMMON_NAME
123 value: {{ $commonName | quote }}
124 - name: SANS
125 value: {{ $sans | quote }}
126 - name: ORGANIZATION
127 value: {{ $organization | quote }}
128 - name: ORGANIZATION_UNIT
129 value: {{ $orgUnit | quote }}
130 - name: LOCATION
131 value: {{ $locality | quote }}
132 - name: STATE
133 value: {{ $province | quote }}
134 - name: COUNTRY
135 value: {{ $country | quote }}
136 - name: KEYSTORE_PATH
137 value: {{ $keystorePath | quote }}
138 - name: KEYSTORE_PASSWORD
Piotr Marcinkiewicz32672932021-03-26 13:06:35 +0100[diff] [blame]139 valueFrom:
140 secretKeyRef:
141 name: {{ $keystorePasswordSecret | quote}}
142 key: {{ $keystorePasswordSecretKey | quote}}
Remigiusz Janeczek42177a12020-12-10 13:10:15 +0100[diff] [blame]143 - name: TRUSTSTORE_PATH
144 value: {{ $truststorePath | quote }}
145 - name: TRUSTSTORE_PASSWORD
Piotr Marcinkiewicz32672932021-03-26 13:06:35 +0100[diff] [blame]146 valueFrom:
147 secretKeyRef:
148 name: {{ $truststorePasswordSecret | quote}}
149 key: {{ $truststorePasswordSecretKey | quote}}
Remigiusz Janeczek42177a12020-12-10 13:10:15 +0100[diff] [blame]150 terminationMessagePath: /dev/termination-log
151 terminationMessagePolicy: File
152 volumeMounts:
153 - mountPath: {{ $certPath }}
154 name: cmpv2-certs-volume-{{ $index }}
155 - mountPath: {{ $certificatesSecretMountPath }}
156 name: certservice-tls-volume
157{{- end -}}
158{{- end -}}
159{{- end -}}
160
161{{- define "common.certServiceClient.volumes" -}}
162{{- $dot := default . .dot -}}
Piotr Marcinkiewicz32672932021-03-26 13:06:35 +0100[diff] [blame]163{{- $initRoot := default $dot.Values.cmpv2Certificate.cmpv2Config .initRoot -}}
Remigiusz Janeczek42177a12020-12-10 13:10:15 +0100[diff] [blame]164{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
165{{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}}
Piotr Marcinkiewicz32672932021-03-26 13:06:35 +0100[diff] [blame]166{{- $certificatesSecretName := $subchartGlobal.platform.certificates.clientSecretName -}}
Remigiusz Janeczek42177a12020-12-10 13:10:15 +0100[diff] [blame]167- name: certservice-tls-volume
168 secret:
169 secretName: {{ $certificatesSecretName }}
170{{ range $index, $certificate := $dot.Values.certificates -}}
171- name: cmpv2-certs-volume-{{ $index }}
172 emptyDir:
173 medium: Memory
174{{- end -}}
175{{- end -}}
176{{- end -}}
177
178{{- define "common.certServiceClient.volumeMounts" -}}
179{{- $dot := default . .dot -}}
Piotr Marcinkiewicz32672932021-03-26 13:06:35 +0100[diff] [blame]180{{- $initRoot := default $dot.Values.cmpv2Certificate.cmpv2Config .initRoot -}}
Remigiusz Janeczek42177a12020-12-10 13:10:15 +0100[diff] [blame]181{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
182{{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}}
183{{- range $index, $certificate := $dot.Values.certificates -}}
184{{- $mountPath := $certificate.mountPath -}}
185- mountPath: {{ $mountPath }}
186 name: cmpv2-certs-volume-{{ $index }}
187{{ end -}}
188{{- end -}}
189{{- end -}}