6 files changed, 239 insertions, 0 deletions
diff --git a/helm/netconf/templates/_helpers.tpl b/helm/netconf/templates/_helpers.tpl
index 1b0ef5c..2b620b9 100644
--- a/helm/netconf/templates/_helpers.tpl
+++ b/helm/netconf/templates/_helpers.tpl
@@ -1,3 +1,19 @@
+{{/*
+# Copyright © 2022 Nokia. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Expand the name of the chart.
@@ -51,3 +67,28 @@ app.kubernetes.io/name: {{ include "netconf-server.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 
+{{/*
+Define dns names in certificate
+*/}}
+{{- define "netconf.serverCertificates.dnsNames" -}}
+{{- range $dnsName := $.Values.serverCertificates.dnsNames }}
+- {{ $dnsName }}
+{{- end }}
+{{- end }}
+
+{{/*
+Define dns names in certificate
+*/}}
+{{- define "netconf.clientCertificates.dnsNames" -}}
+{{- range $dnsName := $.Values.clientCertificates.dnsNames }}
+- {{ $dnsName }}
+{{- end }}
+{{- end }}
+
+{{/*
+Common namespace
+*/}}
+{{- define "netconf.namespace" -}}
+  {{- default .Release.Namespace .Values.nsPrefix -}}
+{{- end -}}
+
diff --git a/helm/netconf/templates/certificate.yaml b/helm/netconf/templates/certificate.yaml
new file mode 100644
index 0000000..00c147b
--- /dev/null
+++ b/helm/netconf/templates/certificate.yaml
@@ -0,0 +1,70 @@
+# Copyright © 2022 Nokia. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if .Values.config.certService.enabled }}
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  namespace: {{ include "netconf.namespace" . }}
+  name: '{{ .Values.clientCertificates.name }}-cert'
+spec:
+  commonName: {{ .Values.clientCertificates.commonName }}
+  secretName: '{{ .Values.clientCertificates.name }}-secret'
+  renewBefore: {{ .Values.clientCertificates.renewBefore }}
+  duration: {{ .Values.clientCertificates.duration }}
+  subject:
+    organizations:
+      - {{ .Values.clientCertificates.subject.organization }}
+    countries:
+      - {{ .Values.clientCertificates.subject.country }}
+    localities:
+      - {{ .Values.clientCertificates.subject.locality }}
+    provinces:
+      - {{ .Values.clientCertificates.subject.province }}
+    organizationalUnits:
+      - {{ .Values.clientCertificates.subject.organizationalUnit }}
+  issuerRef:
+    group: {{ .Values.clientCertificates.issuerRef.group }}
+    kind: {{ .Values.clientCertificates.issuerRef.kind }}
+    name: {{ .Values.clientCertificates.issuerRef.name }}
+  dnsNames: {{ include "netconf.clientCertificates.dnsNames" . | indent 4 }}
+
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  namespace: {{ include "netconf.namespace" . }}
+  name: '{{ .Values.serverCertificates.name }}-cert'
+spec:
+  commonName: {{ .Values.serverCertificates.commonName }}
+  secretName: '{{ .Values.serverCertificates.name }}-secret'
+  renewBefore: {{ .Values.serverCertificates.renewBefore }}
+  duration: {{ .Values.serverCertificates.duration }}
+  subject:
+    organizations:
+      - {{ .Values.serverCertificates.subject.organization }}
+    countries:
+      - {{ .Values.serverCertificates.subject.country }}
+    localities:
+      - {{ .Values.serverCertificates.subject.locality }}
+    provinces:
+      - {{ .Values.serverCertificates.subject.province }}
+    organizationalUnits:
+      - {{ .Values.serverCertificates.subject.organizationalUnit }}
+  issuerRef:
+    group: {{ .Values.serverCertificates.issuerRef.group }}
+    kind: {{ .Values.serverCertificates.issuerRef.kind }}
+    name: {{ .Values.serverCertificates.issuerRef.name }}
+  dnsNames: {{ include "netconf.serverCertificates.dnsNames" . | indent 4 }}
+{{- end }}
diff --git a/helm/netconf/templates/configmap.yaml b/helm/netconf/templates/configmap.yaml
new file mode 100644
index 0000000..900f43a
--- /dev/null
+++ b/helm/netconf/templates/configmap.yaml
@@ -0,0 +1,25 @@
+# Copyright © 2022 Nokia. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if .Values.config.certService.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "netconf-server.fullname" . }}-prep-certs
+  namespace: {{ include "netconf.namespace" . }}
+  labels:
+    {{- include "netconf-server.labels" . | nindent 4 }}
+data:
+  {{ tpl (.Files.Glob "resources/set-up-netopeer.sh").AsConfig . | indent 2 }}
+{{- end }}
+\ No newline at end of file
diff --git a/helm/netconf/templates/deployment.yaml b/helm/netconf/templates/deployment.yaml
index 4a4663a..0b1af99 100644
--- a/helm/netconf/templates/deployment.yaml
+++ b/helm/netconf/templates/deployment.yaml
@@ -1,7 +1,22 @@
+# Copyright © 2022 Nokia. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ include "netconf-server.fullname" . }}
+  namespace: {{ include "netconf.namespace" . }}
   labels:
     {{- include "netconf-server.labels" . | nindent 4 }}
 spec:
@@ -28,6 +43,8 @@ spec:
         - env:
           - name: KAFKA_HOST_NAME
             value: {{ .Values.config.kafka_hostname | quote }}
+          - name: ENABLE_TLS
+            value: {{ .Values.config.tls.enabled | quote }}
           name: {{ .Chart.Name }}
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
@@ -41,6 +58,14 @@ spec:
             httpGet:
               path: /readiness
               port: {{ .Values.service.port }}
+          {{- if .Values.config.certService.enabled }}
+          volumeMounts:
+            - name: certstore
+              mountPath: {{ .Values.certsDir }}
+            - name: prep-certs
+              mountPath: /scripts/set-up-netopeer.sh
+              subPath: set-up-netopeer.sh
+          {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
@@ -53,4 +78,33 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- if .Values.config.certService.enabled }}
+      volumes:
+        - name: certstore
+          projected:
+            sources:
+              - secret:
+                  name: '{{.Values.clientCertificates.name}}-secret'
+                  items:
+                    - key: tls.key
+                      path: client.key
+                    - key: tls.crt
+                      path: client.crt
+                    - key: ca.crt
+                      path: ca.crt
+              - secret:
+                  name: '{{.Values.serverCertificates.name}}-secret'
+                  items:
+                    - key: tls.key
+                      path: server.key
+                    - key: tls.crt
+                      path: server.crt
+        - name: prep-certs
+          configMap:
+            name: {{ include "netconf-server.fullname" . }}-prep-certs
+            defaultMode: 0777
+      {{- end }}
+
+
+
 
diff --git a/helm/netconf/templates/secret.yaml b/helm/netconf/templates/secret.yaml
new file mode 100644
index 0000000..a9e21e2
--- /dev/null
+++ b/helm/netconf/templates/secret.yaml
@@ -0,0 +1,34 @@
+# Copyright © 2022 Nokia. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if .Values.config.certService.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: '{{ .Values.clientCertificates.name }}-secret'
+  namespace: {{ include "netconf.namespace" . }}
+data:
+  p12.pass: MjNlOTE3NzVjOTE4ZTRmNjY4ZTFhYzgyZDY5ZjExYWU0ZWU0ZGM2MTM3YzUwMzZkZjE3MmEyODJhYTA5
+type: Opaque
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: '{{ .Values.serverCertificates.name }}-secret'
+  namespace: {{ include "netconf.namespace" . }}
+data:
+  p12.pass: MjNlOTE3NzVjOTE4ZTRmNjY4ZTFhYzgyZDY5ZjExYWU0ZWU0ZGM2MTM3YzUwMzZkZjE3MmEyODJhYTA5
+type: Opaque
+{{- end }}
diff --git a/helm/netconf/templates/service.yaml b/helm/netconf/templates/service.yaml
index e359b81..81688fc 100644
--- a/helm/netconf/templates/service.yaml
+++ b/helm/netconf/templates/service.yaml
@@ -1,7 +1,22 @@
+# Copyright © 2022 Nokia. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 apiVersion: v1
 kind: Service
 metadata:
   name: {{ include "netconf-server.fullname" . }}
+  namespace: {{ include "netconf.namespace" . }}
   labels:
     {{- include "netconf-server.labels" . | nindent 4 }}
 spec: