This is an automated email from the ASF dual-hosted git repository.

dgrove pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/openwhisk-deploy-kube.git


The following commit(s) were added to refs/heads/master by this push:
     new bb2ed42  generate nginx server certificate during deployment (#550)
bb2ed42 is described below

commit bb2ed4281c6bbcbc514052d2d6a3cf6ec9dfed97
Author: David Grove <[email protected]>
AuthorDate: Tue Dec 3 10:25:38 2019 -0500

    generate nginx server certificate during deployment (#550)
    
    Add a job to generate the nginx server certificate during deployment.
    Although not currently done, the same job could (should?) be used to
    generate additional certificates and secrets to enable ssl-protected
    communication between all services on the openwhisk control plane.
    
    Fixes #305.
---
 helm/openwhisk/Chart.yaml                          |  2 +-
 .../genCerts/gencerts.sh}                          | 17 ++-----
 .../{Chart.yaml => templates/gen-certs-cm.yaml}    | 19 +++-----
 helm/openwhisk/templates/gen-certs-job.yaml        | 57 ++++++++++++++++++++++
 .../{Chart.yaml => templates/init-role.yaml}       | 25 +++++-----
 .../{Chart.yaml => templates/init-rolebind.yaml}   | 27 +++++-----
 .../{Chart.yaml => templates/init-svcact.yaml}     | 17 ++-----
 helm/openwhisk/templates/nginx-secret.yaml         | 29 -----------
 helm/openwhisk/values.yaml                         | 10 ++--
 9 files changed, 105 insertions(+), 98 deletions(-)

diff --git a/helm/openwhisk/Chart.yaml b/helm/openwhisk/Chart.yaml
index 9d93a6e..266e80d 100644
--- a/helm/openwhisk/Chart.yaml
+++ b/helm/openwhisk/Chart.yaml
@@ -18,7 +18,7 @@
 apiVersion: v1
 description: An open source, distributed serverless platform that executes 
functions in response to events at any scale
 name: openwhisk
-version: 0.1.8
+version: 0.1.9
 icon: 
https://raw.githubusercontent.com/apache/openwhisk/682eb5b62ee6ba8017ab54226c2ace3637f4f1ec/docs/images/whisk_icon_full-color_with_tm_64x64-300dpi.png
 keywords:
   - Apache OpenWhisk
diff --git a/helm/openwhisk/Chart.yaml 
b/helm/openwhisk/configMapFiles/genCerts/gencerts.sh
old mode 100644
new mode 100755
similarity index 60%
copy from helm/openwhisk/Chart.yaml
copy to helm/openwhisk/configMapFiles/genCerts/gencerts.sh
index 9d93a6e..8db6236
--- a/helm/openwhisk/Chart.yaml
+++ b/helm/openwhisk/configMapFiles/genCerts/gencerts.sh
@@ -15,16 +15,7 @@
 # limitations under the License.
 #
 
-apiVersion: v1
-description: An open source, distributed serverless platform that executes 
functions in response to events at any scale
-name: openwhisk
-version: 0.1.8
-icon: 
https://raw.githubusercontent.com/apache/openwhisk/682eb5b62ee6ba8017ab54226c2ace3637f4f1ec/docs/images/whisk_icon_full-color_with_tm_64x64-300dpi.png
-keywords:
-  - Apache OpenWhisk
-  - amd64
-maintainers:
-  - name: Apache OpenWhisk committers
-    email: [email protected]
-tillerVersion: ">=2.9.0"
-kubeVersion: ">=v1.10.0-r0"
+genssl.sh "*.$WHISK_API_HOST_NAME" server /cert-gen
+
+kubectl create secret tls $NGINX_CERT_SECRET 
--cert=/cert-gen/openwhisk-server-cert.pem 
--key=/cert-gen/openwhisk-server-key.pem
+
diff --git a/helm/openwhisk/Chart.yaml 
b/helm/openwhisk/templates/gen-certs-cm.yaml
similarity index 62%
copy from helm/openwhisk/Chart.yaml
copy to helm/openwhisk/templates/gen-certs-cm.yaml
index 9d93a6e..f7840ea 100644
--- a/helm/openwhisk/Chart.yaml
+++ b/helm/openwhisk/templates/gen-certs-cm.yaml
@@ -16,15 +16,10 @@
 #
 
 apiVersion: v1
-description: An open source, distributed serverless platform that executes 
functions in response to events at any scale
-name: openwhisk
-version: 0.1.8
-icon: 
https://raw.githubusercontent.com/apache/openwhisk/682eb5b62ee6ba8017ab54226c2ace3637f4f1ec/docs/images/whisk_icon_full-color_with_tm_64x64-300dpi.png
-keywords:
-  - Apache OpenWhisk
-  - amd64
-maintainers:
-  - name: Apache OpenWhisk committers
-    email: [email protected]
-tillerVersion: ">=2.9.0"
-kubeVersion: ">=v1.10.0-r0"
+kind: ConfigMap
+metadata:
+  name: {{ .Release.Name }}-gen-certs
+  labels:
+{{ include "openwhisk.label_boilerplate" . | indent 4 }}
+data:
+{{ (.Files.Glob "configMapFiles/genCerts/gencerts.sh").AsConfig | indent 2 }}
diff --git a/helm/openwhisk/templates/gen-certs-job.yaml 
b/helm/openwhisk/templates/gen-certs-job.yaml
new file mode 100644
index 0000000..d8925e1
--- /dev/null
+++ b/helm/openwhisk/templates/gen-certs-job.yaml
@@ -0,0 +1,57 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ .Release.Name }}-gen-certs
+  labels:
+    name: {{ .Release.Name }}-gen-certs
+{{ include "openwhisk.label_boilerplate" . | indent 4 }}
+spec:
+  backoffLimit: 3
+  template:
+    metadata:
+      name: {{ .Release.Name }}-gen-certs
+      labels:
+        name: {{ .Release.Name }}-gen-certs
+{{ include "openwhisk.label_boilerplate" . | indent 8 }}
+    spec:
+      serviceAccountName: {{ .Release.Name }}-init-sa
+      restartPolicy: Never
+      volumes:
+      - name: task-dir
+        configMap:
+          name: {{ .Release.Name }}-gen-certs
+{{ include "openwhisk.docker.imagePullSecrets" . | indent 6 }}
+      containers:
+      - name: gen-certs
+        image: "{{- .Values.docker.registry.name -}}{{- 
.Values.utility.imageName -}}:{{- .Values.utility.imageTag -}}"
+        imagePullPolicy: {{ .Values.utility.imagePullPolicy | quote }}
+        command: ["/bin/bash", "-c", "set -e; . /task/gencerts.sh"]
+        volumeMounts:
+        - name: task-dir
+          mountPath: "/task/gencerts.sh"
+          subPath: "gencerts.sh"
+        env:
+        - name: "NGINX_CERT_SECRET"
+          value: {{ .Release.Name }}-nginx
+        - name: "WHISK_API_HOST_NAME"
+          valueFrom:
+            configMapKeyRef:
+              name: {{ .Release.Name }}-whisk.config
+              key: whisk_api_host_name
diff --git a/helm/openwhisk/Chart.yaml b/helm/openwhisk/templates/init-role.yaml
similarity index 60%
copy from helm/openwhisk/Chart.yaml
copy to helm/openwhisk/templates/init-role.yaml
index 9d93a6e..51db340 100644
--- a/helm/openwhisk/Chart.yaml
+++ b/helm/openwhisk/templates/init-role.yaml
@@ -15,16 +15,15 @@
 # limitations under the License.
 #
 
-apiVersion: v1
-description: An open source, distributed serverless platform that executes 
functions in response to events at any scale
-name: openwhisk
-version: 0.1.8
-icon: 
https://raw.githubusercontent.com/apache/openwhisk/682eb5b62ee6ba8017ab54226c2ace3637f4f1ec/docs/images/whisk_icon_full-color_with_tm_64x64-300dpi.png
-keywords:
-  - Apache OpenWhisk
-  - amd64
-maintainers:
-  - name: Apache OpenWhisk committers
-    email: [email protected]
-tillerVersion: ">=2.9.0"
-kubeVersion: ">=v1.10.0-r0"
+# A role to allow initialization jobs to create secrets and config maps
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Release.Name }}-init-role
+  labels:
+{{ include "openwhisk.label_boilerplate" . | indent 4 }}
+rules:
+- apiGroups: [""]
+  resources: ["secrets", "configmaps"]
+  verbs: ["create"]
+
diff --git a/helm/openwhisk/Chart.yaml 
b/helm/openwhisk/templates/init-rolebind.yaml
similarity index 60%
copy from helm/openwhisk/Chart.yaml
copy to helm/openwhisk/templates/init-rolebind.yaml
index 9d93a6e..2c7469c 100644
--- a/helm/openwhisk/Chart.yaml
+++ b/helm/openwhisk/templates/init-rolebind.yaml
@@ -15,16 +15,17 @@
 # limitations under the License.
 #
 
-apiVersion: v1
-description: An open source, distributed serverless platform that executes 
functions in response to events at any scale
-name: openwhisk
-version: 0.1.8
-icon: 
https://raw.githubusercontent.com/apache/openwhisk/682eb5b62ee6ba8017ab54226c2ace3637f4f1ec/docs/images/whisk_icon_full-color_with_tm_64x64-300dpi.png
-keywords:
-  - Apache OpenWhisk
-  - amd64
-maintainers:
-  - name: Apache OpenWhisk committers
-    email: [email protected]
-tillerVersion: ">=2.9.0"
-kubeVersion: ">=v1.10.0-r0"
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ .Release.Name }}-init-rb
+  labels:
+{{ include "openwhisk.label_boilerplate" . | indent 4 }}
+subjects:
+- kind: ServiceAccount
+  namespace: {{ .Release.Namespace | quote }}
+  name: {{ .Release.Name }}-init-sa
+roleRef:
+  kind: Role
+  name: {{ .Release.Name }}-init-role
+  apiGroup: rbac.authorization.k8s.io
diff --git a/helm/openwhisk/Chart.yaml 
b/helm/openwhisk/templates/init-svcact.yaml
similarity index 62%
copy from helm/openwhisk/Chart.yaml
copy to helm/openwhisk/templates/init-svcact.yaml
index 9d93a6e..ea2b6b0 100644
--- a/helm/openwhisk/Chart.yaml
+++ b/helm/openwhisk/templates/init-svcact.yaml
@@ -16,15 +16,8 @@
 #
 
 apiVersion: v1
-description: An open source, distributed serverless platform that executes 
functions in response to events at any scale
-name: openwhisk
-version: 0.1.8
-icon: 
https://raw.githubusercontent.com/apache/openwhisk/682eb5b62ee6ba8017ab54226c2ace3637f4f1ec/docs/images/whisk_icon_full-color_with_tm_64x64-300dpi.png
-keywords:
-  - Apache OpenWhisk
-  - amd64
-maintainers:
-  - name: Apache OpenWhisk committers
-    email: [email protected]
-tillerVersion: ">=2.9.0"
-kubeVersion: ">=v1.10.0-r0"
+kind: ServiceAccount
+metadata:
+  name: {{ .Release.Name }}-init-sa
+  labels:
+{{ include "openwhisk.label_boilerplate" . | indent 4 }}
diff --git a/helm/openwhisk/templates/nginx-secret.yaml 
b/helm/openwhisk/templates/nginx-secret.yaml
deleted file mode 100644
index 1f2e9ce..0000000
--- a/helm/openwhisk/templates/nginx-secret.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements.  See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License.  You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-{{- if ne .Values.whisk.ingress.type "OpenShift" }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ .Release.Name }}-nginx
-  labels:
-{{ include "openwhisk.label_boilerplate" . | indent 4 }}
-type: tls
-data:
-  tls.crt: 
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURLakNDQWhJQ0NRQ3JWVW52eWpMdHpEQU5CZ2txaGtpRzl3MEJBUVVGQURCWE1Rc3dDUVlEVlFRR0V3SlYKVXpFTE1Ba0dBMVVFQ0F3Q1Rsa3hFVEFQQmdOVkJBY01DRmx2Y210MGIzZHVNUkl3RUFZRFZRUUtEQWxQY0dWdQpWMmhwYzJzeEZEQVNCZ05WQkFNTUN5b3ViRzlqWVd4b2IzTjBNQjRYRFRFNE1UQXdNVEl3TlRBd01sb1hEVEU1Ck1UQXdNVEl3TlRBd01sb3dWekVMTUFrR0ExVUVCaE1DVlZNeEN6QUpCZ05WQkFnTUFrNVpNUkV3RHdZRFZRUUgKREFoWmIzSnJkRzkzYmpFU01CQUdBMVVFQ2d3SlQzQmxibGRvYVhOck1SUXdFZ1lEVlFRRERBc3FMbXh2WTJGcwphRzl6ZERDQ
 [...]
-  tls.key: 
LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBMVhrMTZjYXFBZGNmM05JVFZjRnNxWEhjZVFmMTBsUGpsS1Q1RGcrYmJKUHdTKzlwCnFBc1lPbTB2TFA0RjcyUzcvQTlJZmdNc2t5VWJSc3VtSmx4U3pSNUplNG9iTVZRUUNCQjVmejkwUnpLZGFxSXMKclpkd2htb0JmcjlWZFVxT0pqY1VQZTBUTzJGVzdRSE8wcFAxV3dJUUJmdjI5bjFpdGtpTGxNWk9KZ05TV2NtRgpZN0hnai83V0RNK3dNL1hXdzlsS0NGM0o5R3NYczluQTcwQWxmLytidmxiUGZTVmdLM1Q0c0ljQlpsMWIrT3ZLCnMrMzR6cjJ4R2pXN1pidjFTK01XbEcvMzQyYkVsRm9UcStOMUtnUkxIMXJUUGRIWmZZL3FoM2hZZUJONDE2eEIKb1E3M
 [...]
-{{- end }}
diff --git a/helm/openwhisk/values.yaml b/helm/openwhisk/values.yaml
index fa42716..3b5671b 100644
--- a/helm/openwhisk/values.yaml
+++ b/helm/openwhisk/values.yaml
@@ -129,9 +129,9 @@ whisk:
     includeSystemTests: false
   versions:
     openwhisk:
-      buildDate: "2019-11-08-08:32:33Z"
+      buildDate: "2019-11-20-14:48:00Z"
       buildNo: "20191108a"
-      gitTag: "d47f4ec91d467295ffcfa894401ddb113984c108"
+      gitTag: "4cb41be6b7ea14c8002c9decda4b20f8d0fdd691"
     openwhiskCli:
       tag: "1.0.0"
     openwhiskCatalog:
@@ -154,7 +154,7 @@ k8s:
 # Images used to run auxillary tasks/jobs
 utility:
   imageName: "openwhisk/ow-utils"
-  imageTag: "d47f4ec"
+  imageTag: "4cb41be"
   imagePullPolicy: "IfNotPresent"
 
 # Docker registry
@@ -238,7 +238,7 @@ nginx:
 # Controller configurations
 controller:
   imageName: "openwhisk/controller"
-  imageTag: "d47f4ec"
+  imageTag: "4cb41be"
   imagePullPolicy: "IfNotPresent"
   replicaCount: 1
   restartPolicy: "Always"
@@ -250,7 +250,7 @@ controller:
 # Invoker configurations
 invoker:
   imageName: "openwhisk/invoker"
-  imageTag: "d47f4ec"
+  imageTag: "4cb41be"
   imagePullPolicy: "IfNotPresent"
   restartPolicy: "Always"
   port: 8080

Reply via email to