mirror of
https://github.com/bitnami/charts.git
synced 2026-03-13 14:57:24 +08:00
4329d77158
* [bitnami/ejbca] Add missing namespace metadata Signed-off-by: Miguel Ruiz <miruiz@vmware.com> * [skip ci] Update README.md with readme-generator-for-helm Signed-off-by: Bitnami Containers <containers@bitnami.com> Co-authored-by: Bitnami Containers <containers@bitnami.com>
91 lines
4.9 KiB
Plaintext
91 lines
4.9 KiB
Plaintext
CHART NAME: {{ .Chart.Name }}
|
|
CHART VERSION: {{ .Chart.Version }}
|
|
APP VERSION: {{ .Chart.AppVersion }}
|
|
|
|
{{- $databaseSecretName := include "ejbca.databaseSecretName" . -}}
|
|
{{- $secretName := include "ejbca.secretName" . -}}
|
|
|
|
** Please be patient while the chart is being deployed **
|
|
|
|
{{- if .Values.diagnosticMode.enabled }}
|
|
The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with:
|
|
|
|
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }}
|
|
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }}
|
|
|
|
Get the list of pods by executing:
|
|
|
|
kubectl get pods --namespace {{ include "common.names.namespace" . }} -l app.kubernetes.io/instance={{ .Release.Name }}
|
|
|
|
Access the pod you want to debug by executing
|
|
|
|
kubectl exec --namespace {{ include "common.names.namespace" . }} -ti <NAME OF THE POD> -- bash
|
|
|
|
In order to replicate the container startup scripts execute this command:
|
|
|
|
/opt/bitnami/scripts/ejbca/entrypoint.sh /opt/bitnami/scripts/ejbca/run.sh
|
|
|
|
{{- else }}
|
|
|
|
To access your EJBCA site from outside the cluster follow the steps below:
|
|
|
|
{{- $port := .Values.service.httpsPort | toString }}
|
|
|
|
1. Get the EJBCA URL by running these commands:
|
|
|
|
{{- if contains "NodePort" .Values.service.type }}
|
|
|
|
export NODE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[1].nodePort}" services {{ template "common.names.fullname" . }})
|
|
export NODE_IP=$(kubectl get nodes --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
|
|
echo "EJBCA Public URL: https://$NODE_IP:$NODE_PORT/ejbca"
|
|
echo "EJBCA Admin URL: https://$NODE_IP:$NODE_PORT/ejbca/adminweb"
|
|
echo "EJBCA Enrol URL: https://$NODE_IP:$NODE_PORT/ejbca/enrol/keystore.jsp"
|
|
|
|
{{- else if contains "LoadBalancer" .Values.service.type }}
|
|
|
|
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
|
|
Watch the status with: 'kubectl get svc --namespace {{ include "common.names.namespace" . }} -w {{ template "common.names.fullname" . }}'
|
|
|
|
export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.names.namespace" . }} {{ template "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
|
|
echo "EJBCA Public URL: https://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.service.httpsPort }}{{ end }}/ejbca"
|
|
echo "EJBCA Admin URL: https://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.service.httpsPort }}{{ end }}/ejbca/adminweb"
|
|
echo "EJBCA Enrol URL: https://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.service.httpsPort }}{{ end }}/ejbca/enrol/keystore.jsp"
|
|
|
|
{{- else if contains "ClusterIP" .Values.service.type }}
|
|
|
|
kubectl port-forward --namespace {{ include "common.names.namespace" . }} svc/{{ template "common.names.fullname" . }} {{ .Values.service.httpsPort }}:{{ .Values.service.httpsPort }} &
|
|
echo "EJBCA Public URL: https://127.0.0.1{{- if ne $port "80" }}:{{ .Values.service.httpsPort }}{{ end }}/ejbca"
|
|
echo "EJBCA Admin URL: https://127.0.0.1{{- if ne $port "80" }}:{{ .Values.service.httpsPort }}{{ end }}/ejbca/adminweb"
|
|
echo "EJBCA Enrol URL: https://127.0.0.1{{- if ne $port "80" }}:{{ .Values.service.httpsPort }}{{ end }}/ejbca/enrol/keystore.jsp"
|
|
|
|
{{- end }}
|
|
|
|
2. Open a browser and access EJBCA using the obtained URL.
|
|
|
|
3. In order to be able to log in to the Admin Portal, you first need to enrol and import the generated certificate in your Browser:
|
|
export EJBCA_ADMIN_USERNAME={{ .Values.ejbcaAdminUsername }}
|
|
{{ include "common.utils.secret.getvalue" (dict "secret" $secretName "field" "ejbca-admin-password" "context" $) }}
|
|
echo Username: $EJBCA_ADMIN_USERNAME
|
|
echo Password: $EJBCA_ADMIN_PASSWORD
|
|
|
|
4. You can access the DB using the following password:
|
|
{{ include "common.utils.secret.getvalue" (dict "secret" $databaseSecretName "field" "mariadb-password" "context" $) }}
|
|
|
|
{{- $passwordErrors := list -}}
|
|
|
|
{{- if not .Values.existingSecret -}}
|
|
{{- $requiredEJBCAPassword := dict "valueKey" "ejbcaAdminPassword" "secret" $secretName "field" "ejbca-admin-password" "context" $ -}}
|
|
{{- $requiredEJBCAPasswordError := include "common.validations.values.single.empty" $requiredEJBCAPassword -}}
|
|
{{- $passwordErrors = append $passwordErrors $requiredEJBCAPasswordError -}}
|
|
{{- end -}}
|
|
|
|
{{- $mariadbSecretName := include "ejbca.databaseSecretName" . -}}
|
|
{{- $mariadbPasswordValidationErrors := include "common.validations.values.mariadb.passwords" (dict "secret" $mariadbSecretName "subchart" true "context" $) -}}
|
|
{{- $passwordErrors = append $passwordErrors $mariadbPasswordValidationErrors -}}
|
|
|
|
{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordErrors "context" $) -}}
|
|
|
|
{{- end -}}
|
|
|
|
{{- include "common.warnings.rollingTag" .Values.image }}
|