diff options
author | Joanna Jeremicz <joanna.jeremicz@nokia.com> | 2020-06-26 16:53:53 +0200 |
---|---|---|
committer | Joanna Jeremicz <joanna.jeremicz@nokia.com> | 2020-07-24 16:10:20 +0200 |
commit | bd7d70b16ffce30e31acd0bf1013b1392ca5fb81 (patch) | |
tree | 4ebec55ebd75a40d82c2290acba9e95490de0e58 /k8s/configure | |
parent | c5abb9b34468400bdcdd3ce23595af41ac03cd80 (diff) |
Add support to request certificates from CMPv2 server in DCAE cloudify blueprints
If the blueprint specifies that the component uses external TLS via the `external_cert` property, the `Deployment` includes an additional init container and the component's container. The init container populates the external TLS certificate artifacts in mounted volume. The container requires CMPv2 CertService to work properly.
Issue-ID: DCAEGEN2-2252
Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com>
Change-Id: I90cb79120ffaf634fc1f5b8a03a83abb30deb2b7
Diffstat (limited to 'k8s/configure')
-rw-r--r-- | k8s/configure/configure.py | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/k8s/configure/configure.py b/k8s/configure/configure.py index d51b87b..c0dcd3f 100644 --- a/k8s/configure/configure.py +++ b/k8s/configure/configure.py @@ -3,6 +3,7 @@ # ================================================================================ # Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved. # Copyright (c) 2019 Pantheon.tech. All rights reserved. +# Copyright (c) 2020 Nokia. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -38,6 +39,17 @@ TLS_IMAGE = "nexus3.onap.org:10001/onap/org.onap.dcaegen2.deployments.tls-init-c TLS_COMP_CERT_PATH = "/opt/dcae/cacert" TLS_CA_CONFIGMAP = "dcae-cacert-configmap" +EXT_TLS_IMAGE = "nexus3.onap.org:10001/onap/org.onap.aaf.certservice.aaf-certservice-client:1.2.0" +EXT_TLS_REQUEST_URL = "https://aaf-cert-service:8443/v1/certificate/" +EXT_TLS_TIMEOUT = "30000" +EXT_TLS_COUNTRY = "US" +EXT_TLS_ORGANIZATION = "Linux-Foundation" +EXT_TLS_STATE = "California" +EXT_TLS_ORGANIZATIONAL_UNIT = "ONAP" +EXT_TLS_LOCATION = "San-Francisco" +EXT_TLS_KEYSTORE_PASSWORD = "secret" +EXT_TLS_TRUSTSTORE_PASSWORD = "secret" + CBS_BASE_URL = "https://config-binding-service:10443/service_component_all" def _set_defaults(): @@ -61,6 +73,18 @@ def _set_defaults(): "image": TLS_IMAGE, # Docker image to use for TLS init container "component_cert_dir": TLS_COMP_CERT_PATH # default mount point for certificate volume in component container }, + "external_cert": { + "image_tag": EXT_TLS_IMAGE, # Docker image to use for external TLS init container + "request_url" : EXT_TLS_REQUEST_URL, # URL to Cert Service API + "timeout" : EXT_TLS_TIMEOUT, # Request timeout + "country" : EXT_TLS_COUNTRY, # Country name in ISO 3166-1 alpha-2 format, for which certificate will be created + "organization" : EXT_TLS_ORGANIZATION, # Organization name, for which certificate will be created + "state" : EXT_TLS_STATE, # State name, for which certificate will be created + "organizational_unit" : EXT_TLS_ORGANIZATIONAL_UNIT, # Organizational unit name, for which certificate will be created + "location" : EXT_TLS_LOCATION, # Location name, for which certificate will be created + "keystore_password" : EXT_TLS_KEYSTORE_PASSWORD, # Password to keystore file + "truststore_password" : EXT_TLS_TRUSTSTORE_PASSWORD # Password to truststore file + }, "cbs": { "base_url" : CBS_BASE_URL # URL prefix for accessing config binding service } |