[DCAEGEN2] Update CMPv2 certs usage in dcaegen2-services

Updates:
- Add microservice specific flag to determine if CMPv2
should be used
- Add function to check if CMPv2 parts should be included

Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
Issue-ID: DCAEGEN2-2630
Change-Id: If81c50c6029aafef40fa91c5295ad8ad24f953d3

diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
index 5de5262..1e7c3b4 100644 (file)
--- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
+++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
@@ -324,7 +324,7 @@ spec:
         {{- if $certDir }}
         - mountPath: {{ $certDir }}
           name: tls-info
-          {{- if and .Values.certificates .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration -}}
+          {{- if (include "dcaegen2-services-common.shouldUseCmpv2Certificates" .) -}}
           {{- include "common.certManager.volumeMountsReadOnly" . | nindent 8 -}}
           {{- end -}}
         {{- end }}
@@ -422,7 +422,7 @@ spec:
       {{- if $certDir }}
       - emptyDir: {}
         name: tls-info
-        {{ if and .Values.certificates .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration -}}
+        {{ if (include "dcaegen2-services-common.shouldUseCmpv2Certificates" .) -}}
         {{ include "common.certManager.volumesReadOnly" . | nindent 6 }}
         {{- end }}
       {{- end }}
@@ -443,7 +443,7 @@ spec:
 */}}
 {{- define "dcaegen2-services-common._certPostProcessor" -}}
   {{- $certDir := default "" .Values.certDirectory . -}}
-  {{- if and $certDir .Values.certificates .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration -}}
+  {{- if (include "dcaegen2-services-common.shouldUseCmpv2Certificates" .) -}}
     {{- $cmpv2Certificate := (index .Values.certificates 0) -}}
     {{- $cmpv2CertificateDir := $cmpv2Certificate.mountPath -}}
     {{- $certType := "pem" -}}
@@ -480,3 +480,16 @@ spec:
       value: {{ $keystoreDestinationPaths | quote }}
   {{- end }}
 {{- end -}}
+
+{{/*
+  Template returns string "true" if CMPv2 certificates should be used and nothing (so it can be used in with statements)
+  when they shouldn't. Example use:
+    {{- if (include "dcaegen2-services-common.shouldUseCmpv2Certificates" .) -}}
+
+*/}}
+{{- define "dcaegen2-services-common.shouldUseCmpv2Certificates" -}}
+  {{- $certDir := default "" .Values.certDirectory . -}}
+  {{- if (and $certDir .Values.certificates .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration .Values.useCmpv2Certificates) -}}
+  true
+  {{- end -}}
+{{- end -}}

diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/templates/certificates.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/templates/certificates.yaml
index 0db2138..12a0588 100644 (file)
--- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/templates/certificates.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/templates/certificates.yaml
@@ -14,6 +14,6 @@
 # limitations under the License.
 */}}
 
-{{ if and .Values.certDirectory .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }}
+{{- if (include "dcaegen2-services-common.shouldUseCmpv2Certificates" .) -}}
 {{ include "certManagerCertificate.certificate" . }}
 {{ end }}

diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
index bb65f37..223789a 100644 (file)
--- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
@@ -65,8 +65,13 @@ secrets:
     passwordPolicy: required
 
 # CMPv2 certificate
-# It is used only when global parameter cmpv2Enabled is true
+# It is used only when:
+# - certDirectory is set
+# - global cmpv2Enabled flag is set to true
+# - global CertManagerIntegration flag is set to true
+# - flag useCmpv2Certificates is set to true
 # Disabled by default
+useCmpv2Certificates: false
 certificates:
   - mountPath: /etc/ves-hv/ssl/external
     commonName: dcae-hv-ves-collector

diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/templates/certificates.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/templates/certificates.yaml
index 0db2138..12a0588 100644 (file)
--- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/templates/certificates.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/templates/certificates.yaml
@@ -14,6 +14,6 @@
 # limitations under the License.
 */}}
 
-{{ if and .Values.certDirectory .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }}
+{{- if (include "dcaegen2-services-common.shouldUseCmpv2Certificates" .) -}}
 {{ include "certManagerCertificate.certificate" . }}
 {{ end }}

diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
index 081bcdc..32f5072 100644 (file)
--- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
@@ -58,8 +58,13 @@ certDirectory: /opt/app/dcae-certificate
 tlsServer: true
 
 # CMPv2 certificate
-# It is used only when global parameter cmpv2Enabled is true
+# It is used only when:
+# - certDirectory is set
+# - global cmpv2Enabled flag is set to true
+# - global CertManagerIntegration flag is set to true
+# - flag useCmpv2Certificates is set to true
 # Disabled by default
+useCmpv2Certificates: false
 certificates:
   - mountPath: /opt/app/dcae-certificate/external
     commonName: dcae-ves-collector