Versions Compared

Old Version 90

changes.mady.by.user Pawel Baniewski

Saved on

compared with

New Version 91

changes.mady.by.user Pawel Baniewski

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
linenumberstrue
...                                 # WARNING - work in progress so still can change
kind: Deployment
metadata:
  ...
spec:
...
  template:
  ...
    spec:
      {{- if .Values.global.cmpv2Enabled }}
      initContainers:
        - name: cert-service-client
          image: {{ .Values.global.csClientRepositoryrepository }}/{{ .Values.global.aaf.certServiceClient.csClientImageimage }}
          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
          env:
            - name: REQUEST_URL
              value: {{ .Values.certService.urlglobal.aaf.certServiceClient.envVariables.requestURL }}
            - name: REQUEST_TIMEOUT
              value: {{ .Values.certService.timeout .global.aaf.certServiceClient.envVariables.requestTimeout}}
            - name: OUTPUT_PATH
              value: {{ .Values.certServicecertificate.outputPath }}
            - name: CA_NAME
              value: {{ .Values.global.aaf.certServicecertServiceClient.envVariables.caName }}
            - name: COMMON_NAME
              value: {{ .Values.certServicecertificate.commonName }}
            - name: ORGANIZATION
              value: {{ .Values.global.aaf.certServiceClient.certServiceenvVariables.organizationcmpv2Organization }}
            - name: ORGANIZATION_UNIT
              value: {{ .Values.global.certService.organizationUnitaaf.certServiceClient.envVariables.cmpv2OrganizationalUnit }}
            - name: LOCATION
              value: {{ .Values.global.aaf.certServiceClient.certServiceenvVariables.locationcmpv2Location }}
            - name: STATE
              value: {{ .Values.global.certService.stateaaf.certServiceClient.envVariables.cmpv2State }}
            - name: COUNTRY
              value: {{ .Values.global.certService.countryaaf.certServiceClient.envVariables.cmpv2Country }}
            - name: SANS
              value: {{ .Values.certServicecertificate.sans }}
          volumeMounts:  - name: KEYSTORE_PATH
            -  mountPathvalue: {{ .Values.certService.outputPathglobal.aaf.certServiceClient.envVariables.keystorePath }}
             - name: {{ include "common.fullname" . }}-cmpv2-certsKEYSTORE_PASSWORD
              value: {{ .Values.global.aaf.certServiceClient.envVariables.keystorePassword }}
            - name: TRUSTSTORE_PATH
              value: {{ .Values.global.aaf.certServiceClient.envVariables.truststorePath }}
            - name: TRUSTSTORE_PASSWORD
              value: {{ .Values.global.aaf.certServiceClient.envVariables.truststorePassword }}
          volumeMounts:
            - mountPath: {{ .Values.certService.outputPath }}
              name: {{ include "common.fullname" . }}-cmpv2-certs
      {{ end -}}
      containers:
        - name: {{ include "common.name" . }}
          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
          resources:
{{ include "common.resources" . | indent 12 }}
          volumeMounts:
            {{- if .Values.global.cmpv2Enabled }}
volumeMounts:             - mountPath: /certificates/external
              name: {{ include "common.fullname" . }}-cmpv2-certs
              readOnly: true
            {{ end -}}
          ...
      volumes:
        {{- if .Values.global.cmpv2Enabled }}
        - name: {{ include "common.fullname" . }}-cmpv2-certs
          emptyDir: {}
        {{ end -}}


CMPv2 server

For testing purpose EJBCA is set up. It is configured with 1 layer CA hierarchy (root CA only).

...