updated deployments config for HIS usecase (#2898)

* updated deployments config for HIS usecase

* updated values

Author: acies312

save-cloud-charts/save-cloud/templates/backend-deployment.yaml

@@ -47,8 +47,21 @@ spec:
       initContainers:
         - name: git-cloner
           image: alpine/git
+          env:
+            {{ if .Values.proxy.enabled }}
+            {{- with .Values.proxy.extraEnv }}
+              {{- toYaml . | nindent 12 }}
+            {{- end }}
+            {{ end }}
           args:
             - clone
+            - --progress
+            - --verbose
+            {{ if .Values.proxy.enabled }}
+            {{- with .Values.proxy.extraArgs }}
+              {{- toYaml . | nindent 12 }}
+            {{- end }}
+            {{ end }}
             - --single-branch
             - --branch
             - {{ .Values.mysql.migrations.branch | default "master" }}
@@ -95,6 +108,11 @@ spec:
                 secretKeyRef:
                   name: db-secrets
                   key: spring.datasource.password
+            {{ if .Values.proxy.enabled }}
+            {{- with .Values.proxy.extraEnv }}
+              {{- toYaml . | nindent 12 }}
+            {{- end }}
+            {{ end }}
           volumeMounts:
             - mountPath: /liquibase/changelog
               name: migrations-data
@@ -110,4 +128,4 @@ spec:
           secret:
             secretName: s3-secrets
         - name: migrations-data
-          emptyDir: {}
+          emptyDir: {}

save-cloud-charts/save-cloud/templates/demo-deployment.yaml

@@ -67,8 +67,21 @@ spec:
       initContainers:
         - name: git-cloner
           image: alpine/git
+          env:
+            {{ if .Values.proxy.enabled }}
+            {{- with .Values.proxy.extraEnv }}
+              {{- toYaml . | nindent 12 }}
+            {{- end }}
+            {{ end }}
           args:
             - clone
+            - --progress
+            - --verbose
+            {{ if .Values.proxy.enabled }}
+            {{- with .Values.proxy.extraArgs }}
+              {{- toYaml . | nindent 12 }}
+            {{- end }}
+            {{ end }}
             - --single-branch
             - --branch
             - {{ .Values.mysql.migrations.branch | default "master" }}
@@ -114,6 +127,11 @@ spec:
                 secretKeyRef:
                   name: db-secrets
                   key: spring.datasource.password
+            {{ if .Values.proxy.enabled }}
+            {{- with .Values.proxy.extraEnv }}
+              {{- toYaml . | nindent 12 }}
+            {{- end }}
+            {{ end }}
           volumeMounts:
             - mountPath: /liquibase/changelog
               name: migrations-data

save-cloud-charts/save-cloud/templates/gateway-deployment.yaml

@@ -35,10 +35,37 @@ spec:
               memory: 300M
           volumeMounts:
             - {{ include "spring-boot.config-volume-mount" . | indent 14 | trim }}
+            - mountPath: /layers/paketo-buildpacks_bellsoft-liberica/jre/lib/security
+              name: cacerts
             - mountPath: /home/cnb/secrets/oauth
               name: oauth-credentials
+      {{ if .Values.gateway.initCerts.enabled }}
+      initContainers:
+      - name: init-cacerts
+        image: ghcr.io/saveourtool/api-gateway:0.4.0-alpha.0.408-9b56d61
+        command:
+        - bash
+        - -c
+        - |
+          cp -R /layers/paketo-buildpacks_bellsoft-liberica/jre/lib/security/* /home/cnb/cacerts
+          chmod 661 /home/cnb/cacerts/cacerts
+          find /layers -type f -name keytool -exec {} -import -noprompt -trustcacerts -alias HuaweiITRootCA -file /security/HuaweiITRootCA.pem -keystore /home/cnb/cacerts/cacerts -storepass changeit \;
+          find /layers -type f -name keytool -exec {} -import -noprompt -trustcacerts -alias HWITEnterpriseCA1 -file /security/HWITEnterpriseCA1.pem -keystore /home/cnb/cacerts/cacerts -storepass changeit \;
+        volumeMounts:
+        - mountPath: /home/cnb/cacerts
+          name: cacerts
+        - mountPath: /security
+          name: his-certs
+      {{ end }}    
       volumes:
         - {{ include "spring-boot.config-volume" (dict "service" .Values.gateway) | indent 10 | trim }}
         - name: oauth-credentials
           secret:
             secretName: oauth-credentials
+        - name: his-certs
+          secret:
+            secretName: his-certs
+        - name: cacerts
+          emptyDir: {}
+
+        

save-cloud-charts/save-cloud/templates/sandbox-deployment.yaml

@@ -68,8 +68,21 @@ spec:
       initContainers:
         - name: git-cloner
           image: alpine/git
+          env:
+            {{ if .Values.proxy.enabled }}
+            {{- with .Values.proxy.extraEnv }}
+              {{- toYaml . | nindent 12 }}
+            {{- end }}
+            {{ end }}
           args:
             - clone
+            - --progress
+            - --verbose
+            {{ if .Values.proxy.enabled }}
+            {{- with .Values.proxy.extraArgs }}
+              {{- toYaml . | nindent 12 }}
+            {{- end }}
+            {{ end }}
             - --single-branch
             - --branch
             - {{ .Values.mysql.migrations.branch | default "master" }}
@@ -116,6 +129,11 @@ spec:
                 secretKeyRef:
                   name: db-secrets
                   key: spring.datasource.password
+            {{ if .Values.proxy.enabled }}
+            {{- with .Values.proxy.extraEnv }}
+              {{- toYaml . | nindent 12 }}
+            {{- end }}
+            {{ end }}
           volumeMounts:
             - mountPath: /liquibase/changelog
               name: migrations-data

save-cloud-charts/save-cloud/values.yaml

@@ -47,6 +47,8 @@ preprocessor:
   # Fixed ClusterIP can be assigned to make it easier to query preprocessor from services outside Kubernetes
   clusterIP: null
 gateway:
+  initCerts:
+    enabled: true
   name: gateway
   profile: dev,kubernetes
   imageName: api-gateway