[DCAEGEN2] Add pem support in CMPv2 for dcaegen2-services

- Add mounting certificates in pem format.
- Add comment description to certificates in dcae values

Issue-ID: DCAEGEN2-2688
Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Change-Id: I546292c33e25e36376b98d42e08a3c4ffa95de64

diff --git a/kubernetes/common/certManagerCertificate/templates/_certificate.tpl b/kubernetes/common/certManagerCertificate/templates/_certificate.tpl
index 6fc6674..2b9461e 100644 (file)
--- a/kubernetes/common/certManagerCertificate/templates/_certificate.tpl
+++ b/kubernetes/common/certManagerCertificate/templates/_certificate.tpl
@@ -219,8 +219,14 @@ spec:
     sources:
     - secret:
         name: {{ $certificatesSecretName }}
-    {{- if $certificate.keystore }}
         items:
+          - key: tls.key
+            path: key.pem
+          - key: tls.crt
+            path: cert.pem
+          - key: ca.crt
+            path: cacert.pem
+    {{- if $certificate.keystore }}
         {{- range $outputType := $certificate.keystore.outputType }}
           - key: keystore.{{ $outputType }}
             path: keystore.{{ $outputType }}
@@ -278,8 +284,14 @@ spec:
     sources:
     - secret:
         name: {{ $certificatesSecretName }}
-    {{- if $certificate.keystore }}
         items:
+          - key: tls.key
+            path: key.pem
+          - key: tls.crt
+            path: cert.pem
+          - key: ca.crt
+            path: cacert.pem
+    {{- if $certificate.keystore }}
         {{- range $outputType := $certificate.keystore.outputType }}
           - key: keystore.{{ $outputType }}
             path: keystore.{{ $outputType }}

diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
index db58726..10a63eb 100644 (file)
--- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
+++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
@@ -3,6 +3,7 @@
 # ================================================================================
 # Copyright (c) 2021 J. F. Lucas. All rights reserved.
 # Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2021 Nokia. All rights reserved.
 # ================================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -295,7 +296,7 @@ spec:
               name: onap-policy-xacml-pdp-api-creds
               key: password
         - name: POLICY_SYNC_PDP_URL
-          value : http{{ if (include "common.needTLS" .) }}s{{ end }}://policy-xacml-pdp:6969 
+          value : http{{ if (include "common.needTLS" .) }}s{{ end }}://policy-xacml-pdp:6969
         - name: POLICY_SYNC_OUTFILE
           value : "/etc/policies/policies.json"
         - name: POLICY_SYNC_V1_DECISION_ENDPOINT
@@ -370,9 +371,9 @@ spec:
     {{- if $cmpv2Certificate.keystore -}}
       {{- $certType = (index $cmpv2Certificate.keystore.outputType 0) -}}
     {{- end -}}
-    {{- $truststoresPaths := printf "%s/%s:%s/%s" $certDir "cacert.pem" $cmpv2CertificateDir "ca.crt" -}}
-    {{- $truststoresPasswordPaths := "" -}}
-    {{- $keystoreSourcePaths := printf "%s/%s:%s/%s" $cmpv2CertificateDir "tls.crt" $cmpv2CertificateDir "tls.key" -}}
+    {{- $truststoresPaths := printf "%s/%s:%s/%s" $certDir "cacert.pem" $cmpv2CertificateDir "cacert.pem" -}}
+    {{- $truststoresPasswordPaths := ":" -}}
+    {{- $keystoreSourcePaths := printf "%s/%s:%s/%s" $cmpv2CertificateDir "cert.pem" $cmpv2CertificateDir "key.pem" -}}
     {{- $keystoreDestinationPaths := printf "%s/%s:%s/%s" $certDir "cert.pem" $certDir "key.pem" -}}
     {{- if not (eq $certType "pem") -}}
       {{- $truststoresPaths = printf "%s/%s:%s/%s.%s" $certDir "trust.jks" $cmpv2CertificateDir "truststore" $certType -}}

diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
index 502e3a8..bb65f37 100644 (file)
--- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
@@ -65,6 +65,8 @@ secrets:
     passwordPolicy: required
 
 # CMPv2 certificate
+# It is used only when global parameter cmpv2Enabled is true
+# Disabled by default
 certificates:
   - mountPath: /etc/ves-hv/ssl/external
     commonName: dcae-hv-ves-collector

diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
index 2637156..081bcdc 100644 (file)
--- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
@@ -58,6 +58,8 @@ certDirectory: /opt/app/dcae-certificate
 tlsServer: true
 
 # CMPv2 certificate
+# It is used only when global parameter cmpv2Enabled is true
+# Disabled by default
 certificates:
   - mountPath: /opt/app/dcae-certificate/external
     commonName: dcae-ves-collector