Use cert-manager for portieris secret creation

Also add portieris-certs helm chart to create the portieris-certs
secret.  This chart is applied before portieris chart as part of
stx-portieris armada app application.

Also update to latest version of portieris to pull in required changes
for allowing cert-manager certificate handling.

Story: 2007348
Task: 40352
Change-Id: If033fafe8e6a5be50243a45174285f82567dde69
Signed-off-by: Joseph Richard <joseph.richard@windriver.com>

centos_tarball-dl.lst

@@ -1 +1 @@
-portieris-0.6.0.tgz#portieris#https://github.com/IBM/portieris/archive/0.6.0.tar.gz#http##
+portieris-0.7.0.tgz#portieris#https://github.com/IBM/portieris/archive/0.7.0.tar.gz#http##

portieris-helm/centos/build_srpm.data

@@ -1,5 +1,5 @@
 TAR_NAME=portieris
-VERSION=0.6.0
+VERSION=0.7.0
 TAR="$TAR_NAME-$VERSION.tgz"
 
 COPY_LIST="${CGCS_BASE}/downloads/$TAR $PKG_BASE/files/* "

portieris-helm/centos/portieris-helm.spec

@@ -13,7 +13,7 @@
 
 Summary: StarlingX portieris Helm charts
 Name: portieris-helm
-Version: 0.6.0
+Version: 0.7.0
 Release: %{tis_patch_ver}%{?_tis_dist}
 License: Apache-2.0
 Group: base
@@ -23,10 +23,6 @@ URL: unknown
 Source0: portieris-%{version}.tgz
 Source1: repositories.yaml
 Source2: index.yaml
-Source3: caCert.pem
-Source4: caCert.srl
-Source5: serverCert.pem
-Source6: serverKey.pem
 
 BuildArch: noarch
 
@@ -54,11 +50,6 @@ helm repo add local http://localhost:8879/charts
 make helm.package
 cd %{_builddir}/portieris
 tar -xvf %{app_tarball}
-mkdir $PWD/portieris/certs
-cp %{SOURCE3} $PWD/portieris/certs
-cp %{SOURCE4} $PWD/portieris/certs
-cp %{SOURCE5} $PWD/portieris/certs
-cp %{SOURCE6} $PWD/portieris/certs
 tar -zcf %{app_tarball} portieris
 cd -
 

portieris-helm/files/caCert.pem

@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDAzCCAeugAwIBAgIJAPM3ehKOEOZWMA0GCSqGSIb3DQEBCwUAMBcxFTATBgNV
-BAMMDHBvcnRpZXJpc19jYTAgFw0yMDA0MzAwMTE4MDBaGA8yMjk0MDIxMzAxMTgw
-MFowFzEVMBMGA1UEAwwMcG9ydGllcmlzX2NhMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEAwC+YN0JGTFq2fpqi4AGq6P5uzjJDON/LYHzh93McA44MZAzj
-I5LnDKmnPpQsXkvzwnUAldNjOgH9dUo4URw5lq5br9cTP7hVUzrdoUxOr7nsk/N8
-gviO1mEIDZXSYoJBMd6wizOBy7mO+Upf5luaxty2AC5/GKI7BemlCC2FH6+ioYC/
-lOYNHEWrF2HExHWnEhu9L3lWPqL4ulmMUOJ3PH4UQHkT6mhnODgPP1kddCOjvUrn
-YRbovU5T65PoQd8/ImSOgKV2vpNO5a8oRmPwoXyqESbMDLGhEsGvMk99DYYtID+x
-HRPcl2vnZnX4IpTr29SEyc7z/gjQoUYEgZ0RJwIDAQABo1AwTjAdBgNVHQ4EFgQU
-/+5P9my7zIYeyyc9afQjVNhEudwwHwYDVR0jBBgwFoAU/+5P9my7zIYeyyc9afQj
-VNhEudwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAEhzqqz2c2CKD
-cAuhijmW6f+bOQZBLMz6GS+N20MhTgWBPXeoeFBwK+P2ukTOJXbOUu9VSmH8NdsW
-7cLQgyjKDOVQUTtgtuOgZyng3H9Fp1SzRDmj3SX/lS+bfX7B6CSJ28NKhhIvAQC/
-adsIHZv7ef8dsE4v9sojyJIpSQVnrhtMwlOL2/lOMHbYtwBg0e/Fgipqhzb2O4GJ
-1aNayHIZTAsKdNxBmQ1oXdioSnj+zTP5Mhiwa9oup+w9gfHPc//FKUCqIPQINky8
-naXwE+J8yjWG+HVWbFN33cO3uPS2IbX1BJaY+kfCaLv0X5KoTRlXcx4Y6WbfDuth
-P1gM9y9/NA==
------END CERTIFICATE-----

portieris-helm/files/caCert.srl

@@ -1 +0,0 @@
-9EB4619C5A555553

portieris-helm/files/serverCert.pem

@@ -1,18 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIC+TCCAeGgAwIBAgIJAJ60YZxaVVVTMA0GCSqGSIb3DQEBCwUAMBcxFTATBgNV
-BAMMDHBvcnRpZXJpc19jYTAgFw0yMDA0MzAwMTE4MDBaGA8yMjk0MDIxMzAxMTgw
-MFowJDEiMCAGA1UEAwwZcG9ydGllcmlzLmt1YmUtc3lzdGVtLnN2YzCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBAOAYd9q1crnDfYI0/zO06dtaN7inMf2v
-CN+uI9q7w7VJBGVLs+18E70s1iGM+XK/OSEKnyAGhlKduJxRcOymHOybiPVKHXgb
-hQI0vWNKVEMdPg4dCZf5A3LbLVFFPy65j/zCN644xH0IewW6ZivQxDPEqdB0nqZH
-KkmVtJSOdjzMM/7gQqkWiVPlZQWw+qoV4v4rAR/9lE9Z7qI6QUw4eWotzjL/YxfJ
-vHIG5KKWaN0CPVwiSkqem8gyQde/XWgvOgnRIgQt//wv1puKU8Ea9lvjwnuyeI49
-qBbPpfQ76sadmvE4y4dPyVxhT4jR1WHW+Vaa+8aZwlwM6T/aqk10BMUCAwEAAaM5
-MDcwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIG
-CCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQBfuznLGkzdfAWOrDO71RyMOWCV
-JR5pMUuN5B3Kdv8+MFsINsjG6lIuV6TY82079BTEFqVoCaQjpIT+VJMAmkCRs2os
-fekR3At7cXomJ4r4YykzIWsDIAzHRT2msDFdx/ZrAZc+iGgiGVYTmDD3Z2yD6JYM
-MVcDOxV31AeQp4Y9ypHAbpt7qBkHyA4k/D+6mkEzKmbghZAZWVJA5SFI6hGZqIar
-L3FV/0rbyCFV39DRD/l8xKRI3eFM7EnykbbGnb3hlNTPv6aixQEtFvnzyZROtNDk
-zZGoZRUaBRspgOS8SDPqoi9mz9MZAhBBbQv/E9RiBsIKmDf9sVxEkrSwmnnA
------END CERTIFICATE-----

portieris-helm/files/serverKey.pem

@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEA4Bh32rVyucN9gjT/M7Tp21o3uKcx/a8I364j2rvDtUkEZUuz
-7XwTvSzWIYz5cr85IQqfIAaGUp24nFFw7KYc7JuI9UodeBuFAjS9Y0pUQx0+Dh0J
-l/kDctstUUU/LrmP/MI3rjjEfQh7BbpmK9DEM8Sp0HSepkcqSZW0lI52PMwz/uBC
-qRaJU+VlBbD6qhXi/isBH/2UT1nuojpBTDh5ai3OMv9jF8m8cgbkopZo3QI9XCJK
-Sp6byDJB179daC86CdEiBC3//C/Wm4pTwRr2W+PCe7J4jj2oFs+l9Dvqxp2a8TjL
-h0/JXGFPiNHVYdb5Vpr7xpnCXAzpP9qqTXQExQIDAQABAoIBAEiJAvqC8uCYG17z
-AovdCjkbCaA2ViMT7d5hAnABiMZ8HPUgvNuo5sa75Y+0juWKadZ9FqaKFh5VuPS4
-E8I1vnUDnyAuXj2LQtFE+uxRmdajd3ugAIP1cR1TPmbo8BuSqr2Yq+czrr396bwf
-6oRSLb/H72Nu7A9MR67Ly0iumCzzHOfHHzL2MMqXmT+RnJ8fX4IkZMcVp6SKM4Be
-GiYVYtRXBhDySHr5Vh7jFPbxY9sVZbgo5CT6XQDMNaaDVRr4EBR9qY+smNZ9ie3O
-kpxdOuGnsT3PB4v9aACaCshsbWvgovrKxuLzYF4q8Nc+1R0twfqAHKY/T2WMcpsw
-WfYaK30CgYEA9CYeeXFPKAgrE4RT5Z6IQxGMcixNIpLj5J1khsoWG3yRn2C9joJK
-pmLXQ5brcZBFN5iTsu7QLNUv1VSoAnuSFtmbtHj6x2Uh7r4r+tUU8s+sAFnXvOHg
-/IvLayUSKFidHH2vMq6s0klrzmr0UfkGLDWyoGairi/Yd4qfhLhJaTcCgYEA6vko
-z7i4sjoXdjCzyfwkcZ/9AQy8wcsdFbrpILXpcV+FuzvTDWvmZlhy6Q4ypldnSxaX
-DBtSD2FYZDNVY8EkgSGujfRb/i32BJg5eW8iCG/KYvtFABAUvpYbRmzXjbyf7U2u
-0aE6mLs7gtoq11e9qNAGvhZcyvUXg9/wweUaj+MCgYEA2cIqCh0zAbyPVx/+iF3m
-oRNE1gyHW9/x3VU4dTRHlYp8g8+QIkw5cr/TydgQ9UA9TEIM8looWORofni8RUKb
-4T+Drer9mdys8Di0F0v4HD135vQ7BJ/ewMGa1FzDHjMzJlc/bQ/42rJbskcY1Qgs
-JkBaqtAAJyZLhwugDYslBu8CgYB7gEYRF9gL5TibqHF3Ao3tItgKCzXS7fz1hO4v
-gS2Xp0tU49bEQSgyNt7+27WHdH0YHGF7vYheCR46XDjPW57iOF/UwNDxQhsCwzfC
-OcU7hfZsHAFiTRF6Ms9XLrIFD1VHlwMBr6pqyE45Mo497SIEboJ8uqg/DJ81cyjJ
-4K8bXQKBgB+bNhkscllp0wbkB554sY8M2UatPkmZ8iic7zpw+q+enxPDwXiCQADl
-EruzbZxHClimju+lnpdamY0Ox6hPyv1H9uENL275kO8zXRljVOqSayRUH1XHwnW5
-0mxxe0uFxosui/6mogq3wOsLwVsHj39vWqKE7/frwfb/PZHuvHCe
------END RSA PRIVATE KEY-----

stx-portieris-helm/centos/stx-portieris-helm.spec

@@ -38,6 +38,12 @@ chartmuseum --debug --port=8879 --context-path='/charts' --storage="local" --sto
 sleep 2
 helm repo add local http://localhost:8879/charts
 
+# Make the charts. These produce a tgz file
+cd helm-charts
+helm lint portieris-certs
+helm package portieris-certs
+cd -
+
 # terminate helm server (the last backgrounded task)
 kill %1
 
@@ -50,7 +56,7 @@ mkdir -p %{app_staging}
 cp files/metadata.yaml %{app_staging}
 cp manifests/*.yaml %{app_staging}
 mkdir -p %{app_staging}/charts
-#cp helm-charts/*.tgz %{app_staging}/charts
+cp helm-charts/*.tgz %{app_staging}/charts
 cp %{helm_folder}/portieris*.tgz %{app_staging}/charts
 cd %{app_staging}
 

stx-portieris-helm/stx-portieris-helm/helm-charts/portieris-certs/Chart.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: "1.0"
+description: StarlingX-Helm portieris-certs
+name: portieris-certs
+version: 0.1.0

stx-portieris-helm/stx-portieris-helm/helm-charts/portieris-certs/templates/certificate.yaml

@@ -0,0 +1,11 @@
+apiVersion: cert-manager.io/v1alpha2
+kind: Certificate
+metadata:
+  name: portieris-certs
+  namespace: portieris
+spec:
+  dnsNames:
+    - portieris.portieris.svc
+  secretName: portieris-certs
+  issuerRef:
+    name: stx-portieris

stx-portieris-helm/stx-portieris-helm/helm-charts/portieris-certs/templates/issuer.yaml

@@ -0,0 +1,7 @@
+apiVersion: cert-manager.io/v1alpha2
+kind: Issuer
+metadata:
+  name: stx-portieris
+  namespace: portieris
+spec:
+  selfSigned: {}

stx-portieris-helm/stx-portieris-helm/helm-charts/portieris-certs/templates/secret.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+data:
+    ca.pem: {{ .Values.caCert }}
+    tls.crt: ""
+    tls.key: ""
+kind: Secret
+metadata:
+  name: portieris-certs
+  namespace: portieris
+type: kubernetes.io/tls

stx-portieris-helm/stx-portieris-helm/helm-charts/portieris-certs/values.yaml

@@ -0,0 +1,11 @@
+#
+# Copyright (c) 2018 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+# Default values for nova-api-proxy.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+caCert: ""

stx-portieris-helm/stx-portieris-helm/manifests/manifest.yaml

@@ -1,12 +1,38 @@
 ---
 schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: portieris-certs
+data:
+  chart_name: portieris-certs
+  release: portieris-certs
+  namespace: portieris
+  wait:
+    timeout: 30
+    native:
+      enabled: true
+    resources: []
+  install:
+    no_hooks: false
+  upgrade:
+    no_hooks: false
+  source:
+    type: tar
+    location: http://172.17.0.1/helm_charts/starlingx/portieris-certs-0.1.0.tgz
+    subpath: portieris-certs
+    reference: master
+  dependencies: []
+  values:
+    caCert: ""
+---
+schema: armada/Chart/v1
 metadata:
   schema: metadata/Document/v1
   name: portieris
 data:
   chart_name: portieris
   release: portieris
-  namespace: default
+  namespace: portieris
   wait:
     timeout: 300
     labels:
@@ -17,29 +43,33 @@ data:
     no_hooks: false
   source:
     type: tar
-    location: http://172.17.0.1/helm_charts/starlingx/portieris-0.6.0.tgz
+    location: http://172.17.0.1/helm_charts/starlingx/portieris-0.7.0.tgz
     subpath: portieris
     reference: master
   dependencies: []
   values:
-    namespace: default
+    replicaCount: 1
+    namespace: portieris
     images:
       tags:
-        portieris: docker.io/ibmcom/portieris:0.6.0
+        portieris: docker.io/ibmcom/portieris:0.7.0
     image:
       host: docker.io/ibmcom
       image: portieris
-      tags: 0.6.0
+      tags: 0.7.0
     IBMContainerService: false
+    SkipSecretCreation: true
+    UseCertManager: true
 ---
 schema: armada/ChartGroup/v1
 metadata:
   schema: metadata/Document/v1
-  name: portieris
+  name: portieris-charts
 data:
   description: "StarlingX Portieris"
   sequenced: true
   chart_group:
+    - portieris-certs
     - portieris
 ---
 schema: armada/Manifest/v1
@@ -49,4 +79,4 @@ metadata:
 data:
   release_prefix: 'stx'
   chart_groups:
-    - portieris
+    - portieris-charts