2 # Copyright © 2021 Nokia
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
8 # http://www.apache.org/licenses/LICENSE-2.0
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
18 In order to use certServiceClient it is needed do define certificates array in target component values.yaml. Each
19 certificate will be requested from separate init container
21 Minimum example of array in target component values.yaml:
23 - mountPath: /var/custom-certs
24 commonName: common-name
26 Full example (other fields are ignored):
28 - mountPath: /var/custom-certs
33 commonName: common-name
44 - http://uri-1.onap.org
45 - http://uri-2.onap.org
47 organization: Linux-Foundation
49 locality: San Francisco
51 organizationalUnit: ONAP
53 There also need to be some includes used in a target component deployment (indent values may need to be adjusted):
54 1. In initContainers section:
55 {{ include "common.certServiceClient.initContainer" . | indent 6 }}
56 2. In volumeMounts section of container using certificates:
57 {{ include "common.certServiceClient.volumeMounts" . | indent 10 }}
58 3. In volumes section:
59 {{ include "common.certServiceClient.volumes" . | indent 8 }}
63 {{- define "common.certServiceClient.initContainer" -}}
64 {{- $dot := default . .dot -}}
65 {{- $initRoot := default $dot.Values.cmpv2Certificate.cmpv2Config .initRoot -}}
66 {{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
67 {{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}}
68 {{- range $index, $certificate := $dot.Values.certificates -}}
69 {{/*# General certifiacate attributes #*/}}
70 {{- $commonName := (required "'commonName' for Certificate is required." $certificate.commonName) -}}
72 {{- $dnsNames := default (list) $certificate.dnsNames -}}
73 {{- $ipAddresses := default (list) $certificate.ipAddresses -}}
74 {{- $uris := default (list) $certificate.uris -}}
75 {{- $emailAddresses := default (list) $certificate.emailAddresses -}}
76 {{- $sansList := concat $dnsNames $ipAddresses $uris $emailAddresses -}}
77 {{- $sans := join "," $sansList }}
79 {{- $organization := $subchartGlobal.certificate.default.subject.organization -}}
80 {{- $country := $subchartGlobal.certificate.default.subject.country -}}
81 {{- $locality := $subchartGlobal.certificate.default.subject.locality -}}
82 {{- $province := $subchartGlobal.certificate.default.subject.province -}}
83 {{- $orgUnit := $subchartGlobal.certificate.default.subject.organizationalUnit -}}
84 {{- if $certificate.subject -}}
85 {{- $organization := $certificate.subject.organization -}}
86 {{- $country := $certificate.subject.country -}}
87 {{- $locality := $certificate.subject.locality -}}
88 {{- $province := $certificate.subject.province -}}
89 {{- $orgUnit := $certificate.subject.organizationalUnit -}}
91 {{- $caName := default $subchartGlobal.platform.certServiceClient.envVariables.caName $certificate.caName -}}
92 {{- $outputType := $subchartGlobal.platform.certServiceClient.envVariables.outputType -}}
93 {{- if $certificate.keystore -}}
94 {{- $outputTypeList := (required "'outputType' in 'keystore' section is required." $certificate.keystore.outputType) -}}
95 {{- $outputType = mustFirst ($outputTypeList) | upper -}}
97 {{- $requestUrl := $subchartGlobal.platform.certServiceClient.envVariables.requestURL -}}
98 {{- $certPath := $subchartGlobal.platform.certServiceClient.envVariables.certPath -}}
99 {{- $requestTimeout := $subchartGlobal.platform.certServiceClient.envVariables.requestTimeout -}}
100 {{- $certificatesSecret:= $subchartGlobal.platform.certServiceClient.clientSecretName -}}
101 {{- $certificatesSecretMountPath := $subchartGlobal.platform.certServiceClient.certificatesSecretMountPath -}}
102 {{- $keystorePath := (printf "%s%s" $subchartGlobal.platform.certServiceClient.certificatesSecretMountPath $subchartGlobal.platform.certificates.keystoreKeyRef ) -}}
103 {{- $keystorePasswordSecret := $subchartGlobal.platform.certificates.keystorePasswordSecretName -}}
104 {{- $keystorePasswordSecretKey := $subchartGlobal.platform.certificates.keystorePasswordSecretKey -}}
105 {{- $truststorePath := (printf "%s%s" $subchartGlobal.platform.certServiceClient.certificatesSecretMountPath $subchartGlobal.platform.certificates.truststoreKeyRef ) -}}
106 {{- $truststorePasswordSecret := $subchartGlobal.platform.certificates.truststorePasswordSecretName -}}
107 {{- $truststorePasswordSecretKey := $subchartGlobal.platform.certificates.truststorePasswordSecretKey -}}
108 - name: certs-init-{{ $index }}
109 image: {{ include "repositoryGenerator.image.certserviceclient" $dot }}
110 imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
113 value: {{ $requestUrl | quote }}
114 - name: REQUEST_TIMEOUT
115 value: {{ $requestTimeout | quote }}
117 value: {{ $certPath | quote }}
119 value: {{ $outputType | quote }}
121 value: {{ $caName | quote }}
123 value: {{ $commonName | quote }}
125 value: {{ $sans | quote }}
127 value: {{ $organization | quote }}
128 - name: ORGANIZATION_UNIT
129 value: {{ $orgUnit | quote }}
131 value: {{ $locality | quote }}
133 value: {{ $province | quote }}
135 value: {{ $country | quote }}
136 - name: KEYSTORE_PATH
137 value: {{ $keystorePath | quote }}
138 - name: KEYSTORE_PASSWORD
141 name: {{ $keystorePasswordSecret | quote}}
142 key: {{ $keystorePasswordSecretKey | quote}}
143 - name: TRUSTSTORE_PATH
144 value: {{ $truststorePath | quote }}
145 - name: TRUSTSTORE_PASSWORD
148 name: {{ $truststorePasswordSecret | quote}}
149 key: {{ $truststorePasswordSecretKey | quote}}
150 terminationMessagePath: /dev/termination-log
151 terminationMessagePolicy: File
153 - mountPath: {{ $certPath }}
154 name: cmpv2-certs-volume-{{ $index }}
155 - mountPath: {{ $certificatesSecretMountPath }}
156 name: certservice-tls-volume
161 {{- define "common.certServiceClient.volumes" -}}
162 {{- $dot := default . .dot -}}
163 {{- $initRoot := default $dot.Values.cmpv2Certificate.cmpv2Config .initRoot -}}
164 {{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
165 {{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}}
166 {{- $certificatesSecretName := $subchartGlobal.platform.certificates.clientSecretName -}}
167 - name: certservice-tls-volume
169 secretName: {{ $certificatesSecretName }}
170 {{ range $index, $certificate := $dot.Values.certificates -}}
171 - name: cmpv2-certs-volume-{{ $index }}
178 {{- define "common.certServiceClient.volumeMounts" -}}
179 {{- $dot := default . .dot -}}
180 {{- $initRoot := default $dot.Values.cmpv2Certificate.cmpv2Config .initRoot -}}
181 {{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
182 {{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}}
183 {{- range $index, $certificate := $dot.Values.certificates -}}
184 {{- $mountPath := $certificate.mountPath -}}
185 - mountPath: {{ $mountPath }}
186 name: cmpv2-certs-volume-{{ $index }}