From: Piotr Marcinkiewicz Date: Thu, 9 Jul 2020 14:44:29 +0000 (+0200) Subject: [DCAEGEN2] Add config supporting request CMPv2 certs X-Git-Tag: 7.0.0~317^2 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=a16144f739f578da8fd0e712ea3bd482b0941db0;p=oom.git [DCAEGEN2] Add config supporting request CMPv2 certs Add configuration supporting dealing with CMPv2 certs in K8s plugin. Remove outputType from global values to allow it be specific for service. Issue-ID: DCAEGEN2-2252 Signed-off-by: Piotr Marcinkiewicz Change-Id: Iedb9c3f63a539a386b9abd5d257c54f5ce023662 --- diff --git a/kubernetes/common/cmpv2Config/Chart.yaml b/kubernetes/common/cmpv2Config/Chart.yaml new file mode 100644 index 0000000000..816fcc79a5 --- /dev/null +++ b/kubernetes/common/cmpv2Config/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2020 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Template used to store cmpv2 configuration in onap +name: cmpv2Config +version: 6.0.0 diff --git a/kubernetes/common/cmpv2Config/requirements.yaml b/kubernetes/common/cmpv2Config/requirements.yaml new file mode 100644 index 0000000000..c9c16a95ec --- /dev/null +++ b/kubernetes/common/cmpv2Config/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright © 2020 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: 'file://../common' diff --git a/kubernetes/common/cmpv2Config/values.yaml b/kubernetes/common/cmpv2Config/values.yaml new file mode 100644 index 0000000000..cf866571c7 --- /dev/null +++ b/kubernetes/common/cmpv2Config/values.yaml @@ -0,0 +1,29 @@ +# Copyright © 2020 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +global: + aaf: + certServiceClient: + image: onap/org.onap.aaf.certservice.aaf-certservice-client:1.2.0 + envVariables: + # Certificate related + cmpv2Organization: "Linux-Foundation" + cmpv2OrganizationalUnit: "ONAP" + cmpv2Location: "San-Francisco" + cmpv2State: "California" + cmpv2Country: "US" + # Client configuration related + requestURL: "https://aaf-cert-service:8443/v1/certificate/" + requestTimeout: "30000" + keystorePassword: "secret" + truststorePassword: "secret" diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml index baef8a0c55..e917e900c7 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml @@ -2,6 +2,7 @@ #================================================================================= # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada +# Modifications (c) 2020 Nokia. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -27,3 +28,6 @@ dependencies: - name: mongo version: ~6.x-0 repository: '@local' + - name: cmpv2Config + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json index a0ec3b4a6d..6de75c96d7 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json @@ -2,6 +2,7 @@ #================================================================================= # Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada +# Modifications (c) 2020 Nokia. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -37,5 +38,18 @@ "component_cert_dir": "/opt/dcae/cacert", "component_ca_cert_path": "/opt/dcae/cacert/cacert.pem", "ca_cert_configmap": "{{ include "common.fullname" . }}-dcae-cacert" + }, + "external_cert": + { + "image_tag": "{{ .Values.global.tlsRepository }}/{{ .Values.cmpv2Config.global.aaf.certServiceClient.image }}", + "request_url": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.requestURL }}", + "timeout": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.requestTimeout }}", + "country": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.cmpv2Country }}", + "organization": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.cmpv2Organization }}", + "state": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.cmpv2State }}", + "organizational_unit": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.cmpv2OrganizationalUnit }}", + "location": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.cmpv2Location }}", + "keystore_password": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.keystorePassword }}", + "truststore_password": "{{ .Values.cmpv2Config.global.aaf.certServiceClient.envVariables.truststorePassword }}" } } diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index b562beb732..b96385cf07 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -127,8 +127,7 @@ global: # Client configuration related caName: "RA" requestURL: "https://aaf-cert-service:8443/v1/certificate/" - outputType: "P12" - requestTimeout: "20000" + requestTimeout: "30000" keystorePath: "/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks" keystorePassword: "secret" truststorePath: "/etc/onap/aaf/certservice/certs/truststore.jks"