From 16627d570700165c3a86ab1af92079cd24fded2d Mon Sep 17 00:00:00 2001 From: Joseph Richard Date: Tue, 7 Jul 2020 10:27:12 -0400 Subject: [PATCH] Use cert-manager for portieris secret creation Also add portieris-certs helm chart to create the portieris-certs secret. This chart is applied before portieris chart as part of stx-portieris armada app application. Also update to latest version of portieris to pull in required changes for allowing cert-manager certificate handling. Story: 2007348 Task: 40352 Change-Id: If033fafe8e6a5be50243a45174285f82567dde69 Signed-off-by: Joseph Richard --- centos_tarball-dl.lst | 2 +- portieris-helm/centos/build_srpm.data | 2 +- portieris-helm/centos/portieris-helm.spec | 11 +---- portieris-helm/files/caCert.pem | 19 -------- portieris-helm/files/caCert.srl | 1 - portieris-helm/files/serverCert.pem | 18 -------- portieris-helm/files/serverKey.pem | 27 ------------ .../centos/stx-portieris-helm.spec | 8 +++- .../helm-charts/portieris-certs/Chart.yaml | 5 +++ .../templates/certificate.yaml | 11 +++++ .../portieris-certs/templates/issuer.yaml | 7 +++ .../portieris-certs/templates/secret.yaml | 10 +++++ .../helm-charts/portieris-certs/values.yaml | 11 +++++ .../manifests/manifest.yaml | 44 ++++++++++++++++--- 14 files changed, 91 insertions(+), 85 deletions(-) delete mode 100644 portieris-helm/files/caCert.pem delete mode 100644 portieris-helm/files/caCert.srl delete mode 100644 portieris-helm/files/serverCert.pem delete mode 100644 portieris-helm/files/serverKey.pem create mode 100644 stx-portieris-helm/stx-portieris-helm/helm-charts/portieris-certs/Chart.yaml create mode 100644 stx-portieris-helm/stx-portieris-helm/helm-charts/portieris-certs/templates/certificate.yaml create mode 100644 stx-portieris-helm/stx-portieris-helm/helm-charts/portieris-certs/templates/issuer.yaml create mode 100644 stx-portieris-helm/stx-portieris-helm/helm-charts/portieris-certs/templates/secret.yaml create mode 100644 stx-portieris-helm/stx-portieris-helm/helm-charts/portieris-certs/values.yaml diff --git a/centos_tarball-dl.lst b/centos_tarball-dl.lst index 2b66cb5..1bd7550 100644 --- a/centos_tarball-dl.lst +++ b/centos_tarball-dl.lst @@ -1 +1 @@ -portieris-0.6.0.tgz#portieris#https://github.com/IBM/portieris/archive/0.6.0.tar.gz#http## +portieris-0.7.0.tgz#portieris#https://github.com/IBM/portieris/archive/0.7.0.tar.gz#http## diff --git a/portieris-helm/centos/build_srpm.data b/portieris-helm/centos/build_srpm.data index 79f2cf1..9159885 100644 --- a/portieris-helm/centos/build_srpm.data +++ b/portieris-helm/centos/build_srpm.data @@ -1,5 +1,5 @@ TAR_NAME=portieris -VERSION=0.6.0 +VERSION=0.7.0 TAR="$TAR_NAME-$VERSION.tgz" COPY_LIST="${CGCS_BASE}/downloads/$TAR $PKG_BASE/files/* " diff --git a/portieris-helm/centos/portieris-helm.spec b/portieris-helm/centos/portieris-helm.spec index 55000ca..4962b68 100644 --- a/portieris-helm/centos/portieris-helm.spec +++ b/portieris-helm/centos/portieris-helm.spec @@ -13,7 +13,7 @@ Summary: StarlingX portieris Helm charts Name: portieris-helm -Version: 0.6.0 +Version: 0.7.0 Release: %{tis_patch_ver}%{?_tis_dist} License: Apache-2.0 Group: base @@ -23,10 +23,6 @@ URL: unknown Source0: portieris-%{version}.tgz Source1: repositories.yaml Source2: index.yaml -Source3: caCert.pem -Source4: caCert.srl -Source5: serverCert.pem -Source6: serverKey.pem BuildArch: noarch @@ -54,11 +50,6 @@ helm repo add local http://localhost:8879/charts make helm.package cd %{_builddir}/portieris tar -xvf %{app_tarball} -mkdir $PWD/portieris/certs -cp %{SOURCE3} $PWD/portieris/certs -cp %{SOURCE4} $PWD/portieris/certs -cp %{SOURCE5} $PWD/portieris/certs -cp %{SOURCE6} $PWD/portieris/certs tar -zcf %{app_tarball} portieris cd - diff --git a/portieris-helm/files/caCert.pem b/portieris-helm/files/caCert.pem deleted file mode 100644 index a2e13ec..0000000 --- a/portieris-helm/files/caCert.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDAzCCAeugAwIBAgIJAPM3ehKOEOZWMA0GCSqGSIb3DQEBCwUAMBcxFTATBgNV -BAMMDHBvcnRpZXJpc19jYTAgFw0yMDA0MzAwMTE4MDBaGA8yMjk0MDIxMzAxMTgw -MFowFzEVMBMGA1UEAwwMcG9ydGllcmlzX2NhMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAwC+YN0JGTFq2fpqi4AGq6P5uzjJDON/LYHzh93McA44MZAzj -I5LnDKmnPpQsXkvzwnUAldNjOgH9dUo4URw5lq5br9cTP7hVUzrdoUxOr7nsk/N8 -gviO1mEIDZXSYoJBMd6wizOBy7mO+Upf5luaxty2AC5/GKI7BemlCC2FH6+ioYC/ -lOYNHEWrF2HExHWnEhu9L3lWPqL4ulmMUOJ3PH4UQHkT6mhnODgPP1kddCOjvUrn -YRbovU5T65PoQd8/ImSOgKV2vpNO5a8oRmPwoXyqESbMDLGhEsGvMk99DYYtID+x -HRPcl2vnZnX4IpTr29SEyc7z/gjQoUYEgZ0RJwIDAQABo1AwTjAdBgNVHQ4EFgQU -/+5P9my7zIYeyyc9afQjVNhEudwwHwYDVR0jBBgwFoAU/+5P9my7zIYeyyc9afQj -VNhEudwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAEhzqqz2c2CKD -cAuhijmW6f+bOQZBLMz6GS+N20MhTgWBPXeoeFBwK+P2ukTOJXbOUu9VSmH8NdsW -7cLQgyjKDOVQUTtgtuOgZyng3H9Fp1SzRDmj3SX/lS+bfX7B6CSJ28NKhhIvAQC/ -adsIHZv7ef8dsE4v9sojyJIpSQVnrhtMwlOL2/lOMHbYtwBg0e/Fgipqhzb2O4GJ -1aNayHIZTAsKdNxBmQ1oXdioSnj+zTP5Mhiwa9oup+w9gfHPc//FKUCqIPQINky8 -naXwE+J8yjWG+HVWbFN33cO3uPS2IbX1BJaY+kfCaLv0X5KoTRlXcx4Y6WbfDuth -P1gM9y9/NA== ------END CERTIFICATE----- diff --git a/portieris-helm/files/caCert.srl b/portieris-helm/files/caCert.srl deleted file mode 100644 index e27662b..0000000 --- a/portieris-helm/files/caCert.srl +++ /dev/null @@ -1 +0,0 @@ -9EB4619C5A555553 diff --git a/portieris-helm/files/serverCert.pem b/portieris-helm/files/serverCert.pem deleted file mode 100644 index 97d2ee5..0000000 --- a/portieris-helm/files/serverCert.pem +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIC+TCCAeGgAwIBAgIJAJ60YZxaVVVTMA0GCSqGSIb3DQEBCwUAMBcxFTATBgNV -BAMMDHBvcnRpZXJpc19jYTAgFw0yMDA0MzAwMTE4MDBaGA8yMjk0MDIxMzAxMTgw -MFowJDEiMCAGA1UEAwwZcG9ydGllcmlzLmt1YmUtc3lzdGVtLnN2YzCCASIwDQYJ -KoZIhvcNAQEBBQADggEPADCCAQoCggEBAOAYd9q1crnDfYI0/zO06dtaN7inMf2v -CN+uI9q7w7VJBGVLs+18E70s1iGM+XK/OSEKnyAGhlKduJxRcOymHOybiPVKHXgb -hQI0vWNKVEMdPg4dCZf5A3LbLVFFPy65j/zCN644xH0IewW6ZivQxDPEqdB0nqZH -KkmVtJSOdjzMM/7gQqkWiVPlZQWw+qoV4v4rAR/9lE9Z7qI6QUw4eWotzjL/YxfJ -vHIG5KKWaN0CPVwiSkqem8gyQde/XWgvOgnRIgQt//wv1puKU8Ea9lvjwnuyeI49 -qBbPpfQ76sadmvE4y4dPyVxhT4jR1WHW+Vaa+8aZwlwM6T/aqk10BMUCAwEAAaM5 -MDcwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIG -CCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQBfuznLGkzdfAWOrDO71RyMOWCV -JR5pMUuN5B3Kdv8+MFsINsjG6lIuV6TY82079BTEFqVoCaQjpIT+VJMAmkCRs2os -fekR3At7cXomJ4r4YykzIWsDIAzHRT2msDFdx/ZrAZc+iGgiGVYTmDD3Z2yD6JYM -MVcDOxV31AeQp4Y9ypHAbpt7qBkHyA4k/D+6mkEzKmbghZAZWVJA5SFI6hGZqIar -L3FV/0rbyCFV39DRD/l8xKRI3eFM7EnykbbGnb3hlNTPv6aixQEtFvnzyZROtNDk -zZGoZRUaBRspgOS8SDPqoi9mz9MZAhBBbQv/E9RiBsIKmDf9sVxEkrSwmnnA ------END CERTIFICATE----- diff --git a/portieris-helm/files/serverKey.pem b/portieris-helm/files/serverKey.pem deleted file mode 100644 index 6cbad87..0000000 --- a/portieris-helm/files/serverKey.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEA4Bh32rVyucN9gjT/M7Tp21o3uKcx/a8I364j2rvDtUkEZUuz -7XwTvSzWIYz5cr85IQqfIAaGUp24nFFw7KYc7JuI9UodeBuFAjS9Y0pUQx0+Dh0J -l/kDctstUUU/LrmP/MI3rjjEfQh7BbpmK9DEM8Sp0HSepkcqSZW0lI52PMwz/uBC -qRaJU+VlBbD6qhXi/isBH/2UT1nuojpBTDh5ai3OMv9jF8m8cgbkopZo3QI9XCJK -Sp6byDJB179daC86CdEiBC3//C/Wm4pTwRr2W+PCe7J4jj2oFs+l9Dvqxp2a8TjL -h0/JXGFPiNHVYdb5Vpr7xpnCXAzpP9qqTXQExQIDAQABAoIBAEiJAvqC8uCYG17z -AovdCjkbCaA2ViMT7d5hAnABiMZ8HPUgvNuo5sa75Y+0juWKadZ9FqaKFh5VuPS4 -E8I1vnUDnyAuXj2LQtFE+uxRmdajd3ugAIP1cR1TPmbo8BuSqr2Yq+czrr396bwf -6oRSLb/H72Nu7A9MR67Ly0iumCzzHOfHHzL2MMqXmT+RnJ8fX4IkZMcVp6SKM4Be -GiYVYtRXBhDySHr5Vh7jFPbxY9sVZbgo5CT6XQDMNaaDVRr4EBR9qY+smNZ9ie3O -kpxdOuGnsT3PB4v9aACaCshsbWvgovrKxuLzYF4q8Nc+1R0twfqAHKY/T2WMcpsw -WfYaK30CgYEA9CYeeXFPKAgrE4RT5Z6IQxGMcixNIpLj5J1khsoWG3yRn2C9joJK -pmLXQ5brcZBFN5iTsu7QLNUv1VSoAnuSFtmbtHj6x2Uh7r4r+tUU8s+sAFnXvOHg -/IvLayUSKFidHH2vMq6s0klrzmr0UfkGLDWyoGairi/Yd4qfhLhJaTcCgYEA6vko -z7i4sjoXdjCzyfwkcZ/9AQy8wcsdFbrpILXpcV+FuzvTDWvmZlhy6Q4ypldnSxaX -DBtSD2FYZDNVY8EkgSGujfRb/i32BJg5eW8iCG/KYvtFABAUvpYbRmzXjbyf7U2u -0aE6mLs7gtoq11e9qNAGvhZcyvUXg9/wweUaj+MCgYEA2cIqCh0zAbyPVx/+iF3m -oRNE1gyHW9/x3VU4dTRHlYp8g8+QIkw5cr/TydgQ9UA9TEIM8looWORofni8RUKb -4T+Drer9mdys8Di0F0v4HD135vQ7BJ/ewMGa1FzDHjMzJlc/bQ/42rJbskcY1Qgs -JkBaqtAAJyZLhwugDYslBu8CgYB7gEYRF9gL5TibqHF3Ao3tItgKCzXS7fz1hO4v -gS2Xp0tU49bEQSgyNt7+27WHdH0YHGF7vYheCR46XDjPW57iOF/UwNDxQhsCwzfC -OcU7hfZsHAFiTRF6Ms9XLrIFD1VHlwMBr6pqyE45Mo497SIEboJ8uqg/DJ81cyjJ -4K8bXQKBgB+bNhkscllp0wbkB554sY8M2UatPkmZ8iic7zpw+q+enxPDwXiCQADl -EruzbZxHClimju+lnpdamY0Ox6hPyv1H9uENL275kO8zXRljVOqSayRUH1XHwnW5 -0mxxe0uFxosui/6mogq3wOsLwVsHj39vWqKE7/frwfb/PZHuvHCe ------END RSA PRIVATE KEY----- diff --git a/stx-portieris-helm/centos/stx-portieris-helm.spec b/stx-portieris-helm/centos/stx-portieris-helm.spec index f032fd7..4e4ecdb 100644 --- a/stx-portieris-helm/centos/stx-portieris-helm.spec +++ b/stx-portieris-helm/centos/stx-portieris-helm.spec @@ -38,6 +38,12 @@ chartmuseum --debug --port=8879 --context-path='/charts' --storage="local" --sto sleep 2 helm repo add local http://localhost:8879/charts +# Make the charts. These produce a tgz file +cd helm-charts +helm lint portieris-certs +helm package portieris-certs +cd - + # terminate helm server (the last backgrounded task) kill %1 @@ -50,7 +56,7 @@ mkdir -p %{app_staging} cp files/metadata.yaml %{app_staging} cp manifests/*.yaml %{app_staging} mkdir -p %{app_staging}/charts -#cp helm-charts/*.tgz %{app_staging}/charts +cp helm-charts/*.tgz %{app_staging}/charts cp %{helm_folder}/portieris*.tgz %{app_staging}/charts cd %{app_staging} diff --git a/stx-portieris-helm/stx-portieris-helm/helm-charts/portieris-certs/Chart.yaml b/stx-portieris-helm/stx-portieris-helm/helm-charts/portieris-certs/Chart.yaml new file mode 100644 index 0000000..c9fdb2b --- /dev/null +++ b/stx-portieris-helm/stx-portieris-helm/helm-charts/portieris-certs/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: StarlingX-Helm portieris-certs +name: portieris-certs +version: 0.1.0 diff --git a/stx-portieris-helm/stx-portieris-helm/helm-charts/portieris-certs/templates/certificate.yaml b/stx-portieris-helm/stx-portieris-helm/helm-charts/portieris-certs/templates/certificate.yaml new file mode 100644 index 0000000..18cbe02 --- /dev/null +++ b/stx-portieris-helm/stx-portieris-helm/helm-charts/portieris-certs/templates/certificate.yaml @@ -0,0 +1,11 @@ +apiVersion: cert-manager.io/v1alpha2 +kind: Certificate +metadata: + name: portieris-certs + namespace: portieris +spec: + dnsNames: + - portieris.portieris.svc + secretName: portieris-certs + issuerRef: + name: stx-portieris \ No newline at end of file diff --git a/stx-portieris-helm/stx-portieris-helm/helm-charts/portieris-certs/templates/issuer.yaml b/stx-portieris-helm/stx-portieris-helm/helm-charts/portieris-certs/templates/issuer.yaml new file mode 100644 index 0000000..120b038 --- /dev/null +++ b/stx-portieris-helm/stx-portieris-helm/helm-charts/portieris-certs/templates/issuer.yaml @@ -0,0 +1,7 @@ +apiVersion: cert-manager.io/v1alpha2 +kind: Issuer +metadata: + name: stx-portieris + namespace: portieris +spec: + selfSigned: {} \ No newline at end of file diff --git a/stx-portieris-helm/stx-portieris-helm/helm-charts/portieris-certs/templates/secret.yaml b/stx-portieris-helm/stx-portieris-helm/helm-charts/portieris-certs/templates/secret.yaml new file mode 100644 index 0000000..a8f8b34 --- /dev/null +++ b/stx-portieris-helm/stx-portieris-helm/helm-charts/portieris-certs/templates/secret.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + ca.pem: {{ .Values.caCert }} + tls.crt: "" + tls.key: "" +kind: Secret +metadata: + name: portieris-certs + namespace: portieris +type: kubernetes.io/tls \ No newline at end of file diff --git a/stx-portieris-helm/stx-portieris-helm/helm-charts/portieris-certs/values.yaml b/stx-portieris-helm/stx-portieris-helm/helm-charts/portieris-certs/values.yaml new file mode 100644 index 0000000..331c32e --- /dev/null +++ b/stx-portieris-helm/stx-portieris-helm/helm-charts/portieris-certs/values.yaml @@ -0,0 +1,11 @@ +# +# Copyright (c) 2018 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +# Default values for nova-api-proxy. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +caCert: "" \ No newline at end of file diff --git a/stx-portieris-helm/stx-portieris-helm/manifests/manifest.yaml b/stx-portieris-helm/stx-portieris-helm/manifests/manifest.yaml index b3e8379..a670eee 100644 --- a/stx-portieris-helm/stx-portieris-helm/manifests/manifest.yaml +++ b/stx-portieris-helm/stx-portieris-helm/manifests/manifest.yaml @@ -1,12 +1,38 @@ --- schema: armada/Chart/v1 +metadata: + schema: metadata/Document/v1 + name: portieris-certs +data: + chart_name: portieris-certs + release: portieris-certs + namespace: portieris + wait: + timeout: 30 + native: + enabled: true + resources: [] + install: + no_hooks: false + upgrade: + no_hooks: false + source: + type: tar + location: http://172.17.0.1/helm_charts/starlingx/portieris-certs-0.1.0.tgz + subpath: portieris-certs + reference: master + dependencies: [] + values: + caCert: "" +--- +schema: armada/Chart/v1 metadata: schema: metadata/Document/v1 name: portieris data: chart_name: portieris release: portieris - namespace: default + namespace: portieris wait: timeout: 300 labels: @@ -17,29 +43,33 @@ data: no_hooks: false source: type: tar - location: http://172.17.0.1/helm_charts/starlingx/portieris-0.6.0.tgz + location: http://172.17.0.1/helm_charts/starlingx/portieris-0.7.0.tgz subpath: portieris reference: master dependencies: [] values: - namespace: default + replicaCount: 1 + namespace: portieris images: tags: - portieris: docker.io/ibmcom/portieris:0.6.0 + portieris: docker.io/ibmcom/portieris:0.7.0 image: host: docker.io/ibmcom image: portieris - tags: 0.6.0 + tags: 0.7.0 IBMContainerService: false + SkipSecretCreation: true + UseCertManager: true --- schema: armada/ChartGroup/v1 metadata: schema: metadata/Document/v1 - name: portieris + name: portieris-charts data: description: "StarlingX Portieris" sequenced: true chart_group: + - portieris-certs - portieris --- schema: armada/Manifest/v1 @@ -49,4 +79,4 @@ metadata: data: release_prefix: 'stx' chart_groups: - - portieris + - portieris-charts