From: Piotr Marcinkiewicz Date: Thu, 29 Apr 2021 15:02:37 +0000 (+0200) Subject: [DCAEGEN2] Add pem support in CMPv2 for dcaegen2-services X-Git-Tag: 9.0.0~270^2 X-Git-Url: https://gerrit.onap.org/r/gitweb?p=oom.git;a=commitdiff_plain;h=7062518d303da3de71d3f424bea5d2a87a5fc516 [DCAEGEN2] Add pem support in CMPv2 for dcaegen2-services - Add mounting certificates in pem format. - Add comment description to certificates in dcae values Issue-ID: DCAEGEN2-2688 Signed-off-by: Piotr Marcinkiewicz Change-Id: I546292c33e25e36376b98d42e08a3c4ffa95de64 --- diff --git a/kubernetes/common/certManagerCertificate/templates/_certificate.tpl b/kubernetes/common/certManagerCertificate/templates/_certificate.tpl index 6fc667429e..2b9461e50e 100644 --- a/kubernetes/common/certManagerCertificate/templates/_certificate.tpl +++ b/kubernetes/common/certManagerCertificate/templates/_certificate.tpl @@ -219,8 +219,14 @@ spec: sources: - secret: name: {{ $certificatesSecretName }} - {{- if $certificate.keystore }} items: + - key: tls.key + path: key.pem + - key: tls.crt + path: cert.pem + - key: ca.crt + path: cacert.pem + {{- if $certificate.keystore }} {{- range $outputType := $certificate.keystore.outputType }} - key: keystore.{{ $outputType }} path: keystore.{{ $outputType }} @@ -278,8 +284,14 @@ spec: sources: - secret: name: {{ $certificatesSecretName }} - {{- if $certificate.keystore }} items: + - key: tls.key + path: key.pem + - key: tls.crt + path: cert.pem + - key: ca.crt + path: cacert.pem + {{- if $certificate.keystore }} {{- range $outputType := $certificate.keystore.outputType }} - key: keystore.{{ $outputType }} path: keystore.{{ $outputType }} diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl index db58726893..10a63ebbcf 100644 --- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl @@ -3,6 +3,7 @@ # ================================================================================ # Copyright (c) 2021 J. F. Lucas. All rights reserved. # Copyright (c) 2021 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2021 Nokia. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -295,7 +296,7 @@ spec: name: onap-policy-xacml-pdp-api-creds key: password - name: POLICY_SYNC_PDP_URL - value : http{{ if (include "common.needTLS" .) }}s{{ end }}://policy-xacml-pdp:6969 + value : http{{ if (include "common.needTLS" .) }}s{{ end }}://policy-xacml-pdp:6969 - name: POLICY_SYNC_OUTFILE value : "/etc/policies/policies.json" - name: POLICY_SYNC_V1_DECISION_ENDPOINT @@ -370,9 +371,9 @@ spec: {{- if $cmpv2Certificate.keystore -}} {{- $certType = (index $cmpv2Certificate.keystore.outputType 0) -}} {{- end -}} - {{- $truststoresPaths := printf "%s/%s:%s/%s" $certDir "cacert.pem" $cmpv2CertificateDir "ca.crt" -}} - {{- $truststoresPasswordPaths := "" -}} - {{- $keystoreSourcePaths := printf "%s/%s:%s/%s" $cmpv2CertificateDir "tls.crt" $cmpv2CertificateDir "tls.key" -}} + {{- $truststoresPaths := printf "%s/%s:%s/%s" $certDir "cacert.pem" $cmpv2CertificateDir "cacert.pem" -}} + {{- $truststoresPasswordPaths := ":" -}} + {{- $keystoreSourcePaths := printf "%s/%s:%s/%s" $cmpv2CertificateDir "cert.pem" $cmpv2CertificateDir "key.pem" -}} {{- $keystoreDestinationPaths := printf "%s/%s:%s/%s" $certDir "cert.pem" $certDir "key.pem" -}} {{- if not (eq $certType "pem") -}} {{- $truststoresPaths = printf "%s/%s:%s/%s.%s" $certDir "trust.jks" $cmpv2CertificateDir "truststore" $certType -}} diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml index 502e3a89dc..bb65f37f73 100644 --- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml @@ -65,6 +65,8 @@ secrets: passwordPolicy: required # CMPv2 certificate +# It is used only when global parameter cmpv2Enabled is true +# Disabled by default certificates: - mountPath: /etc/ves-hv/ssl/external commonName: dcae-hv-ves-collector diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml index 263715650e..081bcdcc1a 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml @@ -58,6 +58,8 @@ certDirectory: /opt/app/dcae-certificate tlsServer: true # CMPv2 certificate +# It is used only when global parameter cmpv2Enabled is true +# Disabled by default certificates: - mountPath: /opt/app/dcae-certificate/external commonName: dcae-ves-collector