aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRemigiusz Janeczek <remigiusz.janeczek@nokia.com>2021-05-20 19:39:44 +0200
committerRemigiusz Janeczek <remigiusz.janeczek@nokia.com>2021-05-20 20:43:33 +0000
commit7b09503a8bfcf128c021b6072bec24a1cc93317a (patch)
tree6af8661e562627c9903cbd3906b45fae9baa44c9
parentcc2f53b36e0d7881540e8afd24119f9e3c98a210 (diff)
[DCAEGEN2] Update CMPv2 certs usage in dcaegen2-services
Updates: - Add microservice specific flag to determine if CMPv2 should be used - Add function to check if CMPv2 parts should be included Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com> Issue-ID: DCAEGEN2-2630 Change-Id: If81c50c6029aafef40fa91c5295ad8ad24f953d3
-rw-r--r--kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl19
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/templates/certificates.yaml2
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml7
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-ves-collector/templates/certificates.yaml2
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml7
5 files changed, 30 insertions, 7 deletions
diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
index 5de526288e..1e7c3b4c70 100644
--- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
+++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
@@ -324,7 +324,7 @@ spec:
{{- if $certDir }}
- mountPath: {{ $certDir }}
name: tls-info
- {{- if and .Values.certificates .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration -}}
+ {{- if (include "dcaegen2-services-common.shouldUseCmpv2Certificates" .) -}}
{{- include "common.certManager.volumeMountsReadOnly" . | nindent 8 -}}
{{- end -}}
{{- end }}
@@ -422,7 +422,7 @@ spec:
{{- if $certDir }}
- emptyDir: {}
name: tls-info
- {{ if and .Values.certificates .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration -}}
+ {{ if (include "dcaegen2-services-common.shouldUseCmpv2Certificates" .) -}}
{{ include "common.certManager.volumesReadOnly" . | nindent 6 }}
{{- end }}
{{- end }}
@@ -443,7 +443,7 @@ spec:
*/}}
{{- define "dcaegen2-services-common._certPostProcessor" -}}
{{- $certDir := default "" .Values.certDirectory . -}}
- {{- if and $certDir .Values.certificates .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration -}}
+ {{- if (include "dcaegen2-services-common.shouldUseCmpv2Certificates" .) -}}
{{- $cmpv2Certificate := (index .Values.certificates 0) -}}
{{- $cmpv2CertificateDir := $cmpv2Certificate.mountPath -}}
{{- $certType := "pem" -}}
@@ -480,3 +480,16 @@ spec:
value: {{ $keystoreDestinationPaths | quote }}
{{- end }}
{{- end -}}
+
+{{/*
+ Template returns string "true" if CMPv2 certificates should be used and nothing (so it can be used in with statements)
+ when they shouldn't. Example use:
+ {{- if (include "dcaegen2-services-common.shouldUseCmpv2Certificates" .) -}}
+
+*/}}
+{{- define "dcaegen2-services-common.shouldUseCmpv2Certificates" -}}
+ {{- $certDir := default "" .Values.certDirectory . -}}
+ {{- if (and $certDir .Values.certificates .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration .Values.useCmpv2Certificates) -}}
+ true
+ {{- end -}}
+{{- end -}}
diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/templates/certificates.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/templates/certificates.yaml
index 0db2138a4f..12a05885ca 100644
--- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/templates/certificates.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/templates/certificates.yaml
@@ -14,6 +14,6 @@
# limitations under the License.
*/}}
-{{ if and .Values.certDirectory .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }}
+{{- if (include "dcaegen2-services-common.shouldUseCmpv2Certificates" .) -}}
{{ include "certManagerCertificate.certificate" . }}
{{ end }}
diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
index bb65f37f73..223789a75f 100644
--- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
@@ -65,8 +65,13 @@ secrets:
passwordPolicy: required
# CMPv2 certificate
-# It is used only when global parameter cmpv2Enabled is true
+# It is used only when:
+# - certDirectory is set
+# - global cmpv2Enabled flag is set to true
+# - global CertManagerIntegration flag is set to true
+# - flag useCmpv2Certificates is set to true
# Disabled by default
+useCmpv2Certificates: false
certificates:
- mountPath: /etc/ves-hv/ssl/external
commonName: dcae-hv-ves-collector
diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/templates/certificates.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/templates/certificates.yaml
index 0db2138a4f..12a05885ca 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/templates/certificates.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/templates/certificates.yaml
@@ -14,6 +14,6 @@
# limitations under the License.
*/}}
-{{ if and .Values.certDirectory .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }}
+{{- if (include "dcaegen2-services-common.shouldUseCmpv2Certificates" .) -}}
{{ include "certManagerCertificate.certificate" . }}
{{ end }}
diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
index 081bcdcc1a..32f5072309 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
@@ -58,8 +58,13 @@ certDirectory: /opt/app/dcae-certificate
tlsServer: true
# CMPv2 certificate
-# It is used only when global parameter cmpv2Enabled is true
+# It is used only when:
+# - certDirectory is set
+# - global cmpv2Enabled flag is set to true
+# - global CertManagerIntegration flag is set to true
+# - flag useCmpv2Certificates is set to true
# Disabled by default
+useCmpv2Certificates: false
certificates:
- mountPath: /opt/app/dcae-certificate/external
commonName: dcae-ves-collector