diff --git a/debian_pkg_dirs b/debian_pkg_dirs index d06aae6..c9d458a 100644 --- a/debian_pkg_dirs +++ b/debian_pkg_dirs @@ -1,4 +1,3 @@ helm-charts/upstream/portieris-helm -helm-charts/custom/portieris-certs-helm python3-k8sapp-portieris stx-portieris-helm diff --git a/helm-charts/custom/portieris-certs-helm/debian/deb_folder/changelog b/helm-charts/custom/portieris-certs-helm/debian/deb_folder/changelog deleted file mode 100644 index 2f239eb..0000000 --- a/helm-charts/custom/portieris-certs-helm/debian/deb_folder/changelog +++ /dev/null @@ -1,5 +0,0 @@ -portieris-certs-helm (0.1-0) unstable; urgency=medium - - * Initial release. - - -- Tae Park Thu, 30 May 2024 13:02:42 +0000 diff --git a/helm-charts/custom/portieris-certs-helm/debian/deb_folder/control b/helm-charts/custom/portieris-certs-helm/debian/deb_folder/control deleted file mode 100644 index a570457..0000000 --- a/helm-charts/custom/portieris-certs-helm/debian/deb_folder/control +++ /dev/null @@ -1,15 +0,0 @@ -Source: portieris-certs-helm -Section: libs -Priority: optional -Maintainer: StarlingX Developers -Build-Depends: debhelper-compat (= 13), - helm -Standards-Version: 4.5.1 -Homepage: https://www.starlingx.io - -Package: portieris-certs-helm -Section: libs -Architecture: any -Depends: ${misc:Depends} -Description: StarlingX Portieris Certs Helm Charts - This package contains helm chart Portieris Certs for the portieris application. diff --git a/helm-charts/custom/portieris-certs-helm/debian/deb_folder/copyright b/helm-charts/custom/portieris-certs-helm/debian/deb_folder/copyright deleted file mode 100644 index 20c0ad4..0000000 --- a/helm-charts/custom/portieris-certs-helm/debian/deb_folder/copyright +++ /dev/null @@ -1,21 +0,0 @@ -Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ -Upstream-Name: portieris-certs-helm -Source: https://opendev.org/starlingx/portieris-armada-app/ - -Files: * -Copyright: (c) 2020-2024 Wind River Systems, Inc -License: Apache-2 - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - . - https://www.apache.org/licenses/LICENSE-2.0 - . - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - . - On Debian-based systems the full text of the Apache version 2.0 license - can be found in `/usr/share/common-licenses/Apache-2.0'. diff --git a/helm-charts/custom/portieris-certs-helm/debian/deb_folder/portieris-certs-helm.install b/helm-charts/custom/portieris-certs-helm/debian/deb_folder/portieris-certs-helm.install deleted file mode 100644 index 8a0c6de..0000000 --- a/helm-charts/custom/portieris-certs-helm/debian/deb_folder/portieris-certs-helm.install +++ /dev/null @@ -1 +0,0 @@ -usr/lib/helm/* diff --git a/helm-charts/custom/portieris-certs-helm/debian/deb_folder/rules b/helm-charts/custom/portieris-certs-helm/debian/deb_folder/rules deleted file mode 100755 index e985253..0000000 --- a/helm-charts/custom/portieris-certs-helm/debian/deb_folder/rules +++ /dev/null @@ -1,22 +0,0 @@ -#!/usr/bin/make -f -# export DH_VERBOSE = 1 - -export DEB_VERSION = $(shell dpkg-parsechangelog | egrep '^Version:' | cut -f 2 -d ' ') -export PATCH_VERSION = $(shell echo $(DEB_VERSION) | cut -f 4 -d '.') -export PORTIERIS_BASE_VERSION = $(shell echo $(DEB_VERSION) | cut -f 1 -d '-') -export PORTIERIS_VERSION = $(PORTIERIS_BASE_VERSION).$(PATCH_VERSION) - -export ROOT = debian/tmp -export CHART_FOLDER = $(ROOT)/usr/lib/helm - -%: - dh $@ - -override_dh_auto_build: - - make CHART_VERSION=$(PORTIERIS_VERSION) portieris-certs - -override_dh_auto_install: - # Install the app tar file. - install -d -m 755 $(CHART_FOLDER) - install -p -D -m 755 portieris-certs*.tgz $(CHART_FOLDER) diff --git a/helm-charts/custom/portieris-certs-helm/debian/deb_folder/source/format b/helm-charts/custom/portieris-certs-helm/debian/deb_folder/source/format deleted file mode 100644 index 163aaf8..0000000 --- a/helm-charts/custom/portieris-certs-helm/debian/deb_folder/source/format +++ /dev/null @@ -1 +0,0 @@ -3.0 (quilt) diff --git a/helm-charts/custom/portieris-certs-helm/debian/meta_data.yaml b/helm-charts/custom/portieris-certs-helm/debian/meta_data.yaml deleted file mode 100644 index 4f6bf0f..0000000 --- a/helm-charts/custom/portieris-certs-helm/debian/meta_data.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -debname: portieris-certs-helm -debver: 0.1-0 -src_path: portieris-certs-helm -revision: - dist: $STX_DIST - PKG_GITREVCOUNT: true - GITREVCOUNT: - SRC_DIR: ${MY_REPO}/stx/portieris-armada-app/helm-charts/custom/portieris-certs-helm - BASE_SRCREV: 419816d74a38e978a2743365052073719dc0cc8b diff --git a/helm-charts/custom/portieris-certs-helm/portieris-certs-helm/Makefile b/helm-charts/custom/portieris-certs-helm/portieris-certs-helm/Makefile deleted file mode 100644 index 277005b..0000000 --- a/helm-charts/custom/portieris-certs-helm/portieris-certs-helm/Makefile +++ /dev/null @@ -1,42 +0,0 @@ -# -# Copyright 2017 The Openstack-Helm Authors. -# -# Copyright (c) 2024 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# It's necessary to set this because some environments don't link sh -> bash. -SHELL := /bin/bash -TASK := build - -EXCLUDES := helm-toolkit doc tests tools logs tmp -CHARTS := helm-toolkit $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.))) - -.PHONY: $(EXCLUDES) $(CHARTS) - -all: $(CHARTS) - -$(CHARTS): - @if [ -d $@ ]; then \ - echo; \ - echo "===== Processing [$@] chart ====="; \ - make $(TASK)-$@; \ - fi - -init-%: - if [ -f $*/Makefile ]; then make -C $*; fi - if [ -f $*/requirements.yaml ]; then helm dep up $*; fi - -lint-%: init-% - if [ -d $* ]; then helm lint $*; fi - -build-%: lint-% - if [ -d $* ]; then helm package --version $(CHART_VERSION) $*; fi - -clean: - @echo "Clean all build artifacts" - rm -f */templates/_partials.tpl */templates/_globals.tpl - rm -rf */charts */tmpcharts - -%: - @: diff --git a/helm-charts/custom/portieris-certs-helm/portieris-certs-helm/portieris-certs/Chart.yaml b/helm-charts/custom/portieris-certs-helm/portieris-certs-helm/portieris-certs/Chart.yaml deleted file mode 100644 index c9fdb2b..0000000 --- a/helm-charts/custom/portieris-certs-helm/portieris-certs-helm/portieris-certs/Chart.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -appVersion: "1.0" -description: StarlingX-Helm portieris-certs -name: portieris-certs -version: 0.1.0 diff --git a/helm-charts/custom/portieris-certs-helm/portieris-certs-helm/portieris-certs/templates/certificate.yaml b/helm-charts/custom/portieris-certs-helm/portieris-certs-helm/portieris-certs/templates/certificate.yaml deleted file mode 100644 index 62ed14a..0000000 --- a/helm-charts/custom/portieris-certs-helm/portieris-certs-helm/portieris-certs/templates/certificate.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - creationTimestamp: null - name: portieris-certs - namespace: portieris -spec: - dnsNames: - - portieris.portieris.svc - issuerRef: - name: stx-portieris - secretName: portieris-certs -status: {} diff --git a/helm-charts/custom/portieris-certs-helm/portieris-certs-helm/portieris-certs/templates/issuer.yaml b/helm-charts/custom/portieris-certs-helm/portieris-certs-helm/portieris-certs/templates/issuer.yaml deleted file mode 100644 index 5d33929..0000000 --- a/helm-charts/custom/portieris-certs-helm/portieris-certs-helm/portieris-certs/templates/issuer.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - creationTimestamp: null - name: stx-portieris - namespace: portieris -spec: - selfSigned: {} -status: {} diff --git a/helm-charts/custom/portieris-certs-helm/portieris-certs-helm/portieris-certs/templates/secret.yaml b/helm-charts/custom/portieris-certs-helm/portieris-certs-helm/portieris-certs/templates/secret.yaml deleted file mode 100644 index abdf63c..0000000 --- a/helm-charts/custom/portieris-certs-helm/portieris-certs-helm/portieris-certs/templates/secret.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -data: - ca.pem: {{ .Values.caCert | toString | quote }} - tls.crt: "" - tls.key: "" -kind: Secret -metadata: - name: portieris-certs - namespace: portieris -type: kubernetes.io/tls \ No newline at end of file diff --git a/helm-charts/custom/portieris-certs-helm/portieris-certs-helm/portieris-certs/values.yaml b/helm-charts/custom/portieris-certs-helm/portieris-certs-helm/portieris-certs/values.yaml deleted file mode 100644 index 331c32e..0000000 --- a/helm-charts/custom/portieris-certs-helm/portieris-certs-helm/portieris-certs/values.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# -# Copyright (c) 2018 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -# Default values for nova-api-proxy. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -caCert: "" \ No newline at end of file diff --git a/helm-charts/upstream/portieris-helm/debian/deb_folder/patches/0004-Add-trusted-CA-Cert-secret.patch b/helm-charts/upstream/portieris-helm/debian/deb_folder/patches/0004-Add-trusted-CA-Cert-secret.patch new file mode 100644 index 0000000..7a2a313 --- /dev/null +++ b/helm-charts/upstream/portieris-helm/debian/deb_folder/patches/0004-Add-trusted-CA-Cert-secret.patch @@ -0,0 +1,80 @@ +From 0e576f796c4e07ba8457c1d39ea7e145d5641aaa Mon Sep 17 00:00:00 2001 +From: Tae Park +Date: Tue, 9 Sep 2025 14:59:42 +0000 +Subject: [PATCH] Add trusted CA Cert secret + +Adding a secret that contains a trusted CA cert for portieris. It allows +communication with the image trust server. + +Signed-off-by: Tae Park +--- + helm/portieris/templates/deployment.yaml | 11 +++++++++++ + helm/portieris/templates/secret.yaml | 11 +++++++++++ + helm/portieris/values.yaml | 6 ++++++ + 3 files changed, 28 insertions(+) + +diff --git a/helm/portieris/templates/deployment.yaml b/helm/portieris/templates/deployment.yaml +index 826fdba..53d120f 100644 +--- a/helm/portieris/templates/deployment.yaml ++++ b/helm/portieris/templates/deployment.yaml +@@ -51,6 +51,12 @@ spec: + - name: portieris-certs + readOnly: true + mountPath: "/etc/certs" ++ {{- if .Values.TrustedCACert }} ++ - name: trusted-cert ++ readOnly: true ++ mountPath: /etc/pki/tls/certs/trustedcert.pem ++ subPath: trustedcert.pem ++ {{- end }} + livenessProbe: + httpGet: + port: 8000 +@@ -86,3 +92,8 @@ spec: + - name: portieris-certs + secret: + secretName: portieris-certs ++ {{- if .Values.TrustedCACert }} ++ - name: trusted-cert ++ secret: ++ secretName: trusted-cert ++ {{- end }} +diff --git a/helm/portieris/templates/secret.yaml b/helm/portieris/templates/secret.yaml +index 805b7d3..e8c6c46 100644 +--- a/helm/portieris/templates/secret.yaml ++++ b/helm/portieris/templates/secret.yaml +@@ -39,3 +39,14 @@ data: + {{- end }} + {{ end }} + {{ end }} ++{{ if .Values.TrustedCACert }} ++--- ++apiVersion: v1 ++kind: Secret ++metadata: ++ name: trusted-cert ++ namespace: {{ .Release.Namespace }} ++type: Opaque ++data: ++ trustedcert.pem: {{ .Values.TrustedCACert | quote }} ++{{ end }} +diff --git a/helm/portieris/values.yaml b/helm/portieris/values.yaml +index ebe26e5..c9ff82f 100644 +--- a/helm/portieris/values.yaml ++++ b/helm/portieris/values.yaml +@@ -53,6 +53,12 @@ UseGeneratedCerts: + tlsKey: |- + caCert: |- + ++# Add the specified certificate(s) to the pod filesystem trust store. ++# The golang x509 module will read all files in this location, and ++# portieris will trust those certificates. ++# The value must be a base 64 encoded list of certificate(s) in PEM format. ++TrustedCACert: "" ++ + # Resoures defined to assist scheduling + # request is typical x10, limit is typical x100 + resources: +-- +2.34.1 + diff --git a/helm-charts/upstream/portieris-helm/debian/deb_folder/patches/series b/helm-charts/upstream/portieris-helm/debian/deb_folder/patches/series index a715bc4..13124dc 100644 --- a/helm-charts/upstream/portieris-helm/debian/deb_folder/patches/series +++ b/helm-charts/upstream/portieris-helm/debian/deb_folder/patches/series @@ -1,3 +1,4 @@ 0001-Add-permissive-cluster-policy-by-default.patch 0002-Hardcode-app-label-selector.patch 0003-Adjust-liveness-readiness-probe-configurations.patch +0004-Add-trusted-CA-Cert-secret.patch diff --git a/python3-k8sapp-portieris/k8sapp_portieris/k8sapp_portieris/common/constants.py b/python3-k8sapp-portieris/k8sapp_portieris/k8sapp_portieris/common/constants.py index bc0f67d..6abdc74 100644 --- a/python3-k8sapp-portieris/k8sapp_portieris/k8sapp_portieris/common/constants.py +++ b/python3-k8sapp-portieris/k8sapp_portieris/k8sapp_portieris/common/constants.py @@ -8,6 +8,5 @@ # These values match the names in the chart package's Chart.yaml HELM_APP_PORTIERIS = 'portieris' HELM_CHART_PORTIERIS = 'portieris' -HELM_CHART_PORTIERIS_CERTS = 'portieris-certs' HELM_NS_PORTIERIS = 'portieris' HELM_COMPONENT_LABEL_PORTIERIS = 'app.starlingx.io/component' diff --git a/python3-k8sapp-portieris/k8sapp_portieris/k8sapp_portieris/helm/portieris_certs.py b/python3-k8sapp-portieris/k8sapp_portieris/k8sapp_portieris/helm/portieris_certs.py deleted file mode 100644 index 2358fc6..0000000 --- a/python3-k8sapp-portieris/k8sapp_portieris/k8sapp_portieris/helm/portieris_certs.py +++ /dev/null @@ -1,41 +0,0 @@ -# -# Copyright (c) 2020 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -from k8sapp_portieris.common import constants - -from sysinv.common import exception - -from sysinv.helm import base - - -class PortierisCertsHelm(base.BaseHelm): - """Class to encapsulate helm operations for the psp rolebinding chart""" - - SUPPORTED_NAMESPACES = base.BaseHelm.SUPPORTED_NAMESPACES + \ - [constants.HELM_NS_PORTIERIS] - SUPPORTED_APP_NAMESPACES = { - constants.HELM_APP_PORTIERIS: - base.BaseHelm.SUPPORTED_NAMESPACES + [constants.HELM_NS_PORTIERIS], - } - - CHART = constants.HELM_CHART_PORTIERIS_CERTS - SERVICE_NAME = 'portieris-certs' - - def get_namespaces(self): - return self.SUPPORTED_NAMESPACES - - def get_overrides(self, namespace=None): - overrides = { - constants.HELM_NS_PORTIERIS: {} - } - - if namespace in self.SUPPORTED_NAMESPACES: - return overrides[namespace] - elif namespace: - raise exception.InvalidHelmNamespace(chart=self.CHART, - namespace=namespace) - else: - return overrides diff --git a/python3-k8sapp-portieris/k8sapp_portieris/setup.cfg b/python3-k8sapp-portieris/k8sapp_portieris/setup.cfg index 775eb45..0ae829a 100644 --- a/python3-k8sapp-portieris/k8sapp_portieris/setup.cfg +++ b/python3-k8sapp-portieris/k8sapp_portieris/setup.cfg @@ -33,7 +33,6 @@ systemconfig.helm_applications = portieris = systemconfig.helm_plugins.portieris systemconfig.helm_plugins.portieris = - 001_portieris-certs = k8sapp_portieris.helm.portieris_certs:PortierisCertsHelm 002_portieris = k8sapp_portieris.helm.portieris:PortierisHelm systemconfig.app_lifecycle = diff --git a/stx-portieris-helm/debian/deb_folder/control b/stx-portieris-helm/debian/deb_folder/control index 38c7bd8..d2ab2ad 100644 --- a/stx-portieris-helm/debian/deb_folder/control +++ b/stx-portieris-helm/debian/deb_folder/control @@ -5,7 +5,6 @@ Maintainer: StarlingX Developers Build-Depends: debhelper-compat (= 13), helm, portieris-helm, - portieris-certs-helm, python3-k8sapp-portieris-wheels, build-info Standards-Version: 4.5.1 diff --git a/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/kustomization.yaml b/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/kustomization.yaml index 7ab6d80..d6b2187 100644 --- a/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/kustomization.yaml +++ b/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/kustomization.yaml @@ -9,5 +9,4 @@ kind: Kustomization namespace: portieris resources: - base - - portieris-certs - portieris diff --git a/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris-certs/helmrelease.yaml b/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris-certs/helmrelease.yaml deleted file mode 100644 index 255b7b9..0000000 --- a/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris-certs/helmrelease.yaml +++ /dev/null @@ -1,36 +0,0 @@ -# -# Copyright (c) 2022 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -apiVersion: "helm.toolkit.fluxcd.io/v2" -kind: HelmRelease -metadata: - name: portieris-certs - labels: - chart_group: portieris-charts -spec: - releaseName: portieris-portieris-certs - chart: - spec: - chart: portieris-certs - version: REPLACE_HELM_CHART_VERSION - sourceRef: - kind: HelmRepository - name: stx-platform - interval: 1m - timeout: 30m - test: - enable: false - install: - disableHooks: false - upgrade: - disableHooks: false - valuesFrom: - - kind: Secret - name: portieris-certs-static-overrides - valuesKey: portieris-certs-static-overrides.yaml - - kind: Secret - name: portieris-certs-system-overrides - valuesKey: portieris-certs-system-overrides.yaml diff --git a/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris-certs/kustomization.yaml b/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris-certs/kustomization.yaml deleted file mode 100644 index a389b30..0000000 --- a/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris-certs/kustomization.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# -# Copyright (c) 2022 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -namespace: portieris -resources: - - helmrelease.yaml -secretGenerator: - - name: portieris-certs-static-overrides - files: - - portieris-certs-static-overrides.yaml - - name: portieris-certs-system-overrides - files: - - portieris-certs-system-overrides.yaml -generatorOptions: - disableNameSuffixHash: true diff --git a/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris-certs/portieris-certs-static-overrides.yaml b/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris-certs/portieris-certs-static-overrides.yaml deleted file mode 100644 index 5a5aa5b..0000000 --- a/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris-certs/portieris-certs-static-overrides.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# -# Copyright (c) 2022 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -caCert: "" diff --git a/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris-certs/portieris-certs-system-overrides.yaml b/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris-certs/portieris-certs-system-overrides.yaml deleted file mode 100644 index 7e93270..0000000 --- a/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris-certs/portieris-certs-system-overrides.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# -# Copyright (c) 2022 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - diff --git a/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris/portieris-static-overrides.yaml b/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris/portieris-static-overrides.yaml index 6aea36b..1aefc02 100644 --- a/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris/portieris-static-overrides.yaml +++ b/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris/portieris-static-overrides.yaml @@ -29,5 +29,5 @@ readinessProbe: initialDelaySeconds: 17 periodSeconds: 19 timeoutSeconds: 11 -SkipSecretCreation: true +SkipSecretCreation: false UseCertManager: true