Versions Compared

Old Version 91

changes.mady.by.user Pawel Baniewski

Saved on

compared with

New Version 92

changes.mady.by.user Pawel Baniewski

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Volume to transfer generated artifacts should be mounted to application container (lines 4657-4961). Within K8s workload, CertService's client as init container should be added conditionally (lines 10-1314 and 49). All needed ENV variables should be passed to CertService's client (lines 1415-3645). CertService's client should mount the same volume as application container (lines 3746-3948). Volume to transfer generated artifacts can be an emptyDir type (lines 5164-5367).

Code Block
linenumberstrue
...                                 # WARNING - work in progress so still can change
kind: Deployment
metadata:
  ...
spec:
...
  template:
  ...
    spec:
      {{- if .Values.global.cmpv2Enabled }}
      initContainers:
        - name: cert-service-client
          image: {{ .Values.global.repository }}/{{ .Values.global.aaf.certServiceClient.image }}
          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
          env:
            - name: REQUEST_URL
              value: {{ .Values.global.aaf.certServiceClient.envVariables.requestURL }}
            - name: REQUEST_TIMEOUT
              value: {{ .Values.global.aaf.certServiceClient.envVariables.requestTimeout}}
            - name: OUTPUT_PATH
              value: {{ .Values.certificate.outputPath }}
            - name: CA_NAME
              value: {{ .Values.global.aaf.certServiceClient.envVariables.caName }}
            - name: COMMON_NAME
              value: {{ .Values.certificate.commonName }}
            - name: ORGANIZATION
              value: {{ .Values.global.aaf.certServiceClient.envVariables.cmpv2Organization }}
            - name: ORGANIZATION_UNIT
              value: {{ .Values.global.aaf.certServiceClient.envVariables.cmpv2OrganizationalUnit }}
            - name: LOCATION
              value: {{ .Values.global.aaf.certServiceClient.envVariables.cmpv2Location }}
            - name: STATE
              value: {{ .Values.global.aaf.certServiceClient.envVariables.cmpv2State }}
            - name: COUNTRY
              value: {{ .Values.global.aaf.certServiceClient.envVariables.cmpv2Country }}
            - name: SANS
              value: {{ .Values.certificate.sans }}
            - name: KEYSTORE_PATH
              value: {{ .Values.global.aaf.certServiceClient.envVariables.keystorePath }}
            - name: KEYSTORE_PASSWORD
              value: {{ .Values.global.aaf.certServiceClient.envVariables.keystorePassword }}
            - name: TRUSTSTORE_PATH
              value: {{ .Values.global.aaf.certServiceClient.envVariables.truststorePath }}
            - name: TRUSTSTORE_PASSWORD
              value: {{ .Values.global.aaf.certServiceClient.envVariables.truststorePassword }}
          volumeMounts:
            - mountPath: {{ .Values.certService.outputPath }}
              name: {{ include "common.fullname" . }}-cmpv2-certs
      {{ end -}}
      containers:
        - name: {{ include "common.name" . }}
          image: "{{ include "common.repository" . }}/{{ .Values.image }}"
          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
          resources:
{{ include "common.resources" . | indent 12 }}
          volumeMounts:
            {{- if .Values.global.cmpv2Enabled }}
            - mountPath: /certificates/external
              name: {{ include "common.fullname" . }}-cmpv2-certs
              readOnly: true
            {{ end -}}
          ...
      volumes:
        {{- if .Values.global.cmpv2Enabled }}
        - name: {{ include "common.fullname" . }}-cmpv2-certs
          emptyDir: {}
        {{ end -}}

...