Extract certificate to cloudify-manager
DCAE bootstraping require that bootstrap/cloudify-manager pods has
to trust our certificate. We are mounting path to this certificate
to respective pod.
Change-Id: Ie2ea796851e6def52d4ec556c9d5b19633e8a743
Issue-ID: OOM-1618
Signed-off-by: Michal Ptacek <m.ptacek@partner.samsung.com>
diff --git a/patches/casablanca_3.0.0.patch b/patches/casablanca_3.0.0.patch
index 9a3bcab..1426e91 100644
--- a/patches/casablanca_3.0.0.patch
+++ b/patches/casablanca_3.0.0.patch
@@ -35,3 +35,32 @@
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
+--- kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml 2019-01-24 09:55:30.000000000 +0100
++++ kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml 2019-01-29 18:07:59.057804519 +0100
+@@ -70,6 +70,8 @@
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
++ - mountPath: /etc/pki/ca-trust/source/anchors
++ name: root-ca
+ securityContext:
+ privileged: True
+ lifecycle:
+@@ -82,6 +84,8 @@
+ set -ex
+ mkdir -p /var/run/secrets/kubernetes.io/
+ ln -s /secret /var/run/secrets/kubernetes.io/serviceaccount
++ echo -e '\nREQUESTS_CA_BUNDLE="/etc/ssl/certs/ca-bundle.crt"' >> /etc/sysconfig/cloudify-restservice
++ update-ca-trust extract
+ volumes:
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+@@ -95,5 +99,8 @@
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
++ - name: root-ca
++ hostPath:
++ path: /etc/pki/ca-trust/source/anchors
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"