From bd7d70b16ffce30e31acd0bf1013b1392ca5fb81 Mon Sep 17 00:00:00 2001 From: Joanna Jeremicz Date: Fri, 26 Jun 2020 16:53:53 +0200 Subject: Add support to request certificates from CMPv2 server in DCAE cloudify blueprints If the blueprint specifies that the component uses external TLS via the `external_cert` property, the `Deployment` includes an additional init container and the component's container. The init container populates the external TLS certificate artifacts in mounted volume. The container requires CMPv2 CertService to work properly. Issue-ID: DCAEGEN2-2252 Signed-off-by: Joanna Jeremicz Change-Id: I90cb79120ffaf634fc1f5b8a03a83abb30deb2b7 --- k8s/k8splugin_types.yaml | 60 +++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 59 insertions(+), 1 deletion(-) (limited to 'k8s/k8splugin_types.yaml') diff --git a/k8s/k8splugin_types.yaml b/k8s/k8splugin_types.yaml index af50e70..0568186 100644 --- a/k8s/k8splugin_types.yaml +++ b/k8s/k8splugin_types.yaml @@ -1,6 +1,7 @@ # ================================================================================ # Copyright (c) 2017-2020 AT&T Intellectual Property. All rights reserved. # Copyright (c) 2020 Pantheon.tech. All rights reserved. +# Copyright (c) 2020 Nokia. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,7 +23,7 @@ plugins: k8s: executor: 'central_deployment_agent' package_name: k8splugin - package_version: 3.0.0 + package_version: 3.1.0 data_types: @@ -67,6 +68,57 @@ data_types: type: boolean required: false + dcae.types.ExternalCertParameters: + description: > + Certificate parameters for external TLS info + properties: + common_name: + description: > + Common name which should be present in certificate + type: string + required: false + default: "" + sans: + description: > + List of Subject Alternative Names (SANs) which should be present in certificate + type: string + required: false + default: "" + + dcae.types.ExternalTLSInfo: + description: > + Information for using external TLS. + properties: + external_cert_directory: + description: > + The path in the container where the component expects to find TLS-related data. + type: string + required: false + default: "/opt/app/dcae-certificate/external" + use_external_tls: + description: > + Flag indicating whether external TLS is to be used + type: boolean + required: false + default: true + ca_name: + description: > + Name of Certificate Authority configured on CertService side + type: string + required: false + default: "RA" + cert_type: + description: > + Type of output certificates + type: string + required: false + default: "P12" + external_certificate_parameters: + description: > + Certificate parameters for external TLS info + type: dcae.types.ExternalCertParameters + required: false + node_types: dcae.nodes.ContainerizedComponent: # Base type for all containerized components @@ -110,6 +162,12 @@ node_types: Information for setting up TLS (HTTPS). required: false + external_cert: + type: dcae.types.ExternalTLSInfo + description: > + Information for setting up external TLS + required: false + replicas: type: integer description: > -- cgit 1.2.3-korg