1 ## Cert Service K8s external provider
3 ### General description
5 Cert Service K8s external provider ia a part of certificate distribution infrastructure in ONAP.
6 The main functionality of the provider is to forward Certificate Signing Requests (CSRs) created by cert-mananger (https://cert-manager.io) to CertServiceAPI.
8 More information can found on a dedicated page: https://wiki.onap.org/display/DW/CertService+and+K8s+Cert-Manager+integration.
12 There are two methods for building the project:
14 - mvn clean install (used by CI)
19 #### Providing K8s secret containing TLS certificates
21 Create secret with certificates for communication between CMPv2Issuer and Cert Service API:
23 kubectl create secret generic -n onap cmpv2-issuer-secret --from-file=<project-base-dir>/certs/cmpv2Issuer-key.pem
24 --from-file=<project-base-dir>/certs/cmpv2Issuer-cert.pem --from-file=<project-base-dir>/certs/cacert.pem
27 #### Deployment of the application
29 Apply K8s files from 'deploy' directory in following order:
34 - configuration.yaml (certRef, keyRef and cacertRef should match file names if secret was created with command listed
37 **Note:** Files and installation are currently examples, which should be used as a guide for OOM Helm Charts implementation
39 #### Log level adjustment
41 Log level can be set during deployment as docker container argument --> see deployment.yaml file.
42 Here is an interesting part from the deployment.yaml file:
45 - --metrics-addr=127.0.0.1:8080
48 - /oom-certservice-cmpv2issuer
49 image: onap/oom-certservice-cmpv2issuer:1.0.0
51 Supported values of log-level flag (case-sensitive): debug, info, warn, error
55 To issue a certificate adjust and apply following K8s file:
57 - certificate_example.yaml
59 #### Unsupported Certificate fields
61 Some fields present in Cert-Manager Certificate are currently not supported by CertService API and because of that they are
62 filtered out from the Certificate Signing Request.
64 **Fields that are filtered out:**
73 #### Overridden Certificate fields
75 Some fields present in a Cert-Manager Certificate will be overridden by a CMPv2 server.
77 **Overridden fields:**