Browse Source

Use cert-manager for portieris secret creation

Also add portieris-certs helm chart to create the portieris-certs
secret.  This chart is applied before portieris chart as part of
stx-portieris armada app application.

Also update to latest version of portieris to pull in required changes
for allowing cert-manager certificate handling.

Story: 2007348
Task: 40352
Change-Id: If033fafe8e6a5be50243a45174285f82567dde69
Signed-off-by: Joseph Richard <joseph.richard@windriver.com>
changes/56/741056/2
Joseph Richard 10 months ago
parent
commit
16627d5707
14 changed files with 91 additions and 85 deletions
  1. +1
    -1
      centos_tarball-dl.lst
  2. +1
    -1
      portieris-helm/centos/build_srpm.data
  3. +1
    -10
      portieris-helm/centos/portieris-helm.spec
  4. +0
    -19
      portieris-helm/files/caCert.pem
  5. +0
    -1
      portieris-helm/files/caCert.srl
  6. +0
    -18
      portieris-helm/files/serverCert.pem
  7. +0
    -27
      portieris-helm/files/serverKey.pem
  8. +7
    -1
      stx-portieris-helm/centos/stx-portieris-helm.spec
  9. +5
    -0
      stx-portieris-helm/stx-portieris-helm/helm-charts/portieris-certs/Chart.yaml
  10. +11
    -0
      stx-portieris-helm/stx-portieris-helm/helm-charts/portieris-certs/templates/certificate.yaml
  11. +7
    -0
      stx-portieris-helm/stx-portieris-helm/helm-charts/portieris-certs/templates/issuer.yaml
  12. +10
    -0
      stx-portieris-helm/stx-portieris-helm/helm-charts/portieris-certs/templates/secret.yaml
  13. +11
    -0
      stx-portieris-helm/stx-portieris-helm/helm-charts/portieris-certs/values.yaml
  14. +37
    -7
      stx-portieris-helm/stx-portieris-helm/manifests/manifest.yaml

+ 1
- 1
centos_tarball-dl.lst View File

@ -1 +1 @@
portieris-0.6.0.tgz#portieris#https://github.com/IBM/portieris/archive/0.6.0.tar.gz#http##
portieris-0.7.0.tgz#portieris#https://github.com/IBM/portieris/archive/0.7.0.tar.gz#http##

+ 1
- 1
portieris-helm/centos/build_srpm.data View File

@ -1,5 +1,5 @@
TAR_NAME=portieris
VERSION=0.6.0
VERSION=0.7.0
TAR="$TAR_NAME-$VERSION.tgz"
COPY_LIST="${CGCS_BASE}/downloads/$TAR $PKG_BASE/files/* "


+ 1
- 10
portieris-helm/centos/portieris-helm.spec View File

@ -13,7 +13,7 @@
Summary: StarlingX portieris Helm charts
Name: portieris-helm
Version: 0.6.0
Version: 0.7.0
Release: %{tis_patch_ver}%{?_tis_dist}
License: Apache-2.0
Group: base
@ -23,10 +23,6 @@ URL: unknown
Source0: portieris-%{version}.tgz
Source1: repositories.yaml
Source2: index.yaml
Source3: caCert.pem
Source4: caCert.srl
Source5: serverCert.pem
Source6: serverKey.pem
BuildArch: noarch
@ -54,11 +50,6 @@ helm repo add local http://localhost:8879/charts
make helm.package
cd %{_builddir}/portieris
tar -xvf %{app_tarball}
mkdir $PWD/portieris/certs
cp %{SOURCE3} $PWD/portieris/certs
cp %{SOURCE4} $PWD/portieris/certs
cp %{SOURCE5} $PWD/portieris/certs
cp %{SOURCE6} $PWD/portieris/certs
tar -zcf %{app_tarball} portieris
cd -


+ 0
- 19
portieris-helm/files/caCert.pem View File

@ -1,19 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDAzCCAeugAwIBAgIJAPM3ehKOEOZWMA0GCSqGSIb3DQEBCwUAMBcxFTATBgNV
BAMMDHBvcnRpZXJpc19jYTAgFw0yMDA0MzAwMTE4MDBaGA8yMjk0MDIxMzAxMTgw
MFowFzEVMBMGA1UEAwwMcG9ydGllcmlzX2NhMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAwC+YN0JGTFq2fpqi4AGq6P5uzjJDON/LYHzh93McA44MZAzj
I5LnDKmnPpQsXkvzwnUAldNjOgH9dUo4URw5lq5br9cTP7hVUzrdoUxOr7nsk/N8
gviO1mEIDZXSYoJBMd6wizOBy7mO+Upf5luaxty2AC5/GKI7BemlCC2FH6+ioYC/
lOYNHEWrF2HExHWnEhu9L3lWPqL4ulmMUOJ3PH4UQHkT6mhnODgPP1kddCOjvUrn
YRbovU5T65PoQd8/ImSOgKV2vpNO5a8oRmPwoXyqESbMDLGhEsGvMk99DYYtID+x
HRPcl2vnZnX4IpTr29SEyc7z/gjQoUYEgZ0RJwIDAQABo1AwTjAdBgNVHQ4EFgQU
/+5P9my7zIYeyyc9afQjVNhEudwwHwYDVR0jBBgwFoAU/+5P9my7zIYeyyc9afQj
VNhEudwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAEhzqqz2c2CKD
cAuhijmW6f+bOQZBLMz6GS+N20MhTgWBPXeoeFBwK+P2ukTOJXbOUu9VSmH8NdsW
7cLQgyjKDOVQUTtgtuOgZyng3H9Fp1SzRDmj3SX/lS+bfX7B6CSJ28NKhhIvAQC/
adsIHZv7ef8dsE4v9sojyJIpSQVnrhtMwlOL2/lOMHbYtwBg0e/Fgipqhzb2O4GJ
1aNayHIZTAsKdNxBmQ1oXdioSnj+zTP5Mhiwa9oup+w9gfHPc//FKUCqIPQINky8
naXwE+J8yjWG+HVWbFN33cO3uPS2IbX1BJaY+kfCaLv0X5KoTRlXcx4Y6WbfDuth
P1gM9y9/NA==
-----END CERTIFICATE-----

+ 0
- 1
portieris-helm/files/caCert.srl View File

@ -1 +0,0 @@
9EB4619C5A555553

+ 0
- 18
portieris-helm/files/serverCert.pem View File

@ -1,18 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIC+TCCAeGgAwIBAgIJAJ60YZxaVVVTMA0GCSqGSIb3DQEBCwUAMBcxFTATBgNV
BAMMDHBvcnRpZXJpc19jYTAgFw0yMDA0MzAwMTE4MDBaGA8yMjk0MDIxMzAxMTgw
MFowJDEiMCAGA1UEAwwZcG9ydGllcmlzLmt1YmUtc3lzdGVtLnN2YzCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAOAYd9q1crnDfYI0/zO06dtaN7inMf2v
CN+uI9q7w7VJBGVLs+18E70s1iGM+XK/OSEKnyAGhlKduJxRcOymHOybiPVKHXgb
hQI0vWNKVEMdPg4dCZf5A3LbLVFFPy65j/zCN644xH0IewW6ZivQxDPEqdB0nqZH
KkmVtJSOdjzMM/7gQqkWiVPlZQWw+qoV4v4rAR/9lE9Z7qI6QUw4eWotzjL/YxfJ
vHIG5KKWaN0CPVwiSkqem8gyQde/XWgvOgnRIgQt//wv1puKU8Ea9lvjwnuyeI49
qBbPpfQ76sadmvE4y4dPyVxhT4jR1WHW+Vaa+8aZwlwM6T/aqk10BMUCAwEAAaM5
MDcwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIG
CCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQBfuznLGkzdfAWOrDO71RyMOWCV
JR5pMUuN5B3Kdv8+MFsINsjG6lIuV6TY82079BTEFqVoCaQjpIT+VJMAmkCRs2os
fekR3At7cXomJ4r4YykzIWsDIAzHRT2msDFdx/ZrAZc+iGgiGVYTmDD3Z2yD6JYM
MVcDOxV31AeQp4Y9ypHAbpt7qBkHyA4k/D+6mkEzKmbghZAZWVJA5SFI6hGZqIar
L3FV/0rbyCFV39DRD/l8xKRI3eFM7EnykbbGnb3hlNTPv6aixQEtFvnzyZROtNDk
zZGoZRUaBRspgOS8SDPqoi9mz9MZAhBBbQv/E9RiBsIKmDf9sVxEkrSwmnnA
-----END CERTIFICATE-----

+ 0
- 27
portieris-helm/files/serverKey.pem View File

@ -1,27 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA4Bh32rVyucN9gjT/M7Tp21o3uKcx/a8I364j2rvDtUkEZUuz
7XwTvSzWIYz5cr85IQqfIAaGUp24nFFw7KYc7JuI9UodeBuFAjS9Y0pUQx0+Dh0J
l/kDctstUUU/LrmP/MI3rjjEfQh7BbpmK9DEM8Sp0HSepkcqSZW0lI52PMwz/uBC
qRaJU+VlBbD6qhXi/isBH/2UT1nuojpBTDh5ai3OMv9jF8m8cgbkopZo3QI9XCJK
Sp6byDJB179daC86CdEiBC3//C/Wm4pTwRr2W+PCe7J4jj2oFs+l9Dvqxp2a8TjL
h0/JXGFPiNHVYdb5Vpr7xpnCXAzpP9qqTXQExQIDAQABAoIBAEiJAvqC8uCYG17z
AovdCjkbCaA2ViMT7d5hAnABiMZ8HPUgvNuo5sa75Y+0juWKadZ9FqaKFh5VuPS4
E8I1vnUDnyAuXj2LQtFE+uxRmdajd3ugAIP1cR1TPmbo8BuSqr2Yq+czrr396bwf
6oRSLb/H72Nu7A9MR67Ly0iumCzzHOfHHzL2MMqXmT+RnJ8fX4IkZMcVp6SKM4Be
GiYVYtRXBhDySHr5Vh7jFPbxY9sVZbgo5CT6XQDMNaaDVRr4EBR9qY+smNZ9ie3O
kpxdOuGnsT3PB4v9aACaCshsbWvgovrKxuLzYF4q8Nc+1R0twfqAHKY/T2WMcpsw
WfYaK30CgYEA9CYeeXFPKAgrE4RT5Z6IQxGMcixNIpLj5J1khsoWG3yRn2C9joJK
pmLXQ5brcZBFN5iTsu7QLNUv1VSoAnuSFtmbtHj6x2Uh7r4r+tUU8s+sAFnXvOHg
/IvLayUSKFidHH2vMq6s0klrzmr0UfkGLDWyoGairi/Yd4qfhLhJaTcCgYEA6vko
z7i4sjoXdjCzyfwkcZ/9AQy8wcsdFbrpILXpcV+FuzvTDWvmZlhy6Q4ypldnSxaX
DBtSD2FYZDNVY8EkgSGujfRb/i32BJg5eW8iCG/KYvtFABAUvpYbRmzXjbyf7U2u
0aE6mLs7gtoq11e9qNAGvhZcyvUXg9/wweUaj+MCgYEA2cIqCh0zAbyPVx/+iF3m
oRNE1gyHW9/x3VU4dTRHlYp8g8+QIkw5cr/TydgQ9UA9TEIM8looWORofni8RUKb
4T+Drer9mdys8Di0F0v4HD135vQ7BJ/ewMGa1FzDHjMzJlc/bQ/42rJbskcY1Qgs
JkBaqtAAJyZLhwugDYslBu8CgYB7gEYRF9gL5TibqHF3Ao3tItgKCzXS7fz1hO4v
gS2Xp0tU49bEQSgyNt7+27WHdH0YHGF7vYheCR46XDjPW57iOF/UwNDxQhsCwzfC
OcU7hfZsHAFiTRF6Ms9XLrIFD1VHlwMBr6pqyE45Mo497SIEboJ8uqg/DJ81cyjJ
4K8bXQKBgB+bNhkscllp0wbkB554sY8M2UatPkmZ8iic7zpw+q+enxPDwXiCQADl
EruzbZxHClimju+lnpdamY0Ox6hPyv1H9uENL275kO8zXRljVOqSayRUH1XHwnW5
0mxxe0uFxosui/6mogq3wOsLwVsHj39vWqKE7/frwfb/PZHuvHCe
-----END RSA PRIVATE KEY-----

+ 7
- 1
stx-portieris-helm/centos/stx-portieris-helm.spec View File

@ -38,6 +38,12 @@ chartmuseum --debug --port=8879 --context-path='/charts' --storage="local" --sto
sleep 2
helm repo add local http://localhost:8879/charts
# Make the charts. These produce a tgz file
cd helm-charts
helm lint portieris-certs
helm package portieris-certs
cd -
# terminate helm server (the last backgrounded task)
kill %1
@ -50,7 +56,7 @@ mkdir -p %{app_staging}
cp files/metadata.yaml %{app_staging}
cp manifests/*.yaml %{app_staging}
mkdir -p %{app_staging}/charts
#cp helm-charts/*.tgz %{app_staging}/charts
cp helm-charts/*.tgz %{app_staging}/charts
cp %{helm_folder}/portieris*.tgz %{app_staging}/charts
cd %{app_staging}


+ 5
- 0
stx-portieris-helm/stx-portieris-helm/helm-charts/portieris-certs/Chart.yaml View File

@ -0,0 +1,5 @@
apiVersion: v1
appVersion: "1.0"
description: StarlingX-Helm portieris-certs
name: portieris-certs
version: 0.1.0

+ 11
- 0
stx-portieris-helm/stx-portieris-helm/helm-charts/portieris-certs/templates/certificate.yaml View File

@ -0,0 +1,11 @@
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: portieris-certs
namespace: portieris
spec:
dnsNames:
- portieris.portieris.svc
secretName: portieris-certs
issuerRef:
name: stx-portieris

+ 7
- 0
stx-portieris-helm/stx-portieris-helm/helm-charts/portieris-certs/templates/issuer.yaml View File

@ -0,0 +1,7 @@
apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
name: stx-portieris
namespace: portieris
spec:
selfSigned: {}

+ 10
- 0
stx-portieris-helm/stx-portieris-helm/helm-charts/portieris-certs/templates/secret.yaml View File

@ -0,0 +1,10 @@
apiVersion: v1
data:
ca.pem: {{ .Values.caCert }}
tls.crt: ""
tls.key: ""
kind: Secret
metadata:
name: portieris-certs
namespace: portieris
type: kubernetes.io/tls

+ 11
- 0
stx-portieris-helm/stx-portieris-helm/helm-charts/portieris-certs/values.yaml View File

@ -0,0 +1,11 @@
#
# Copyright (c) 2018 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
# Default values for nova-api-proxy.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
caCert: ""

+ 37
- 7
stx-portieris-helm/stx-portieris-helm/manifests/manifest.yaml View File

@ -1,12 +1,38 @@
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: portieris-certs
data:
chart_name: portieris-certs
release: portieris-certs
namespace: portieris
wait:
timeout: 30
native:
enabled: true
resources: []
install:
no_hooks: false
upgrade:
no_hooks: false
source:
type: tar
location: http://172.17.0.1/helm_charts/starlingx/portieris-certs-0.1.0.tgz
subpath: portieris-certs
reference: master
dependencies: []
values:
caCert: ""
---
schema: armada/Chart/v1
metadata:
schema: metadata/Document/v1
name: portieris
data:
chart_name: portieris
release: portieris
namespace: default
namespace: portieris
wait:
timeout: 300
labels:
@ -17,29 +43,33 @@ data:
no_hooks: false
source:
type: tar
location: http://172.17.0.1/helm_charts/starlingx/portieris-0.6.0.tgz
location: http://172.17.0.1/helm_charts/starlingx/portieris-0.7.0.tgz
subpath: portieris
reference: master
dependencies: []
values:
namespace: default
replicaCount: 1
namespace: portieris
images:
tags:
portieris: docker.io/ibmcom/portieris:0.6.0
portieris: docker.io/ibmcom/portieris:0.7.0
image:
host: docker.io/ibmcom
image: portieris
tags: 0.6.0
tags: 0.7.0
IBMContainerService: false
SkipSecretCreation: true
UseCertManager: true
---
schema: armada/ChartGroup/v1
metadata:
schema: metadata/Document/v1
name: portieris
name: portieris-charts
data:
description: "StarlingX Portieris"
sequenced: true
chart_group:
- portieris-certs
- portieris
---
schema: armada/Manifest/v1
@ -49,4 +79,4 @@ metadata:
data:
release_prefix: 'stx'
chart_groups:
- portieris
- portieris-charts

Loading…
Cancel
Save