summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSylvain Desbureaux <sylvain.desbureaux@orange.com>2021-05-11 16:10:20 +0000
committerGerrit Code Review <gerrit@onap.org>2021-05-11 16:10:20 +0000
commit580328b0b20218706ea0748088510e7e24ddacda (patch)
tree24c154e891ad8dc0b9a1b5d82228d3c217271da4
parentff4d7e578224ca533f3cfda71220000a2a0f4dbf (diff)
parent7062518d303da3de71d3f424bea5d2a87a5fc516 (diff)
Merge "[DCAEGEN2] Add pem support in CMPv2 for dcaegen2-services"
-rw-r--r--kubernetes/common/certManagerCertificate/templates/_certificate.tpl16
-rw-r--r--kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl9
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml2
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml2
4 files changed, 23 insertions, 6 deletions
diff --git a/kubernetes/common/certManagerCertificate/templates/_certificate.tpl b/kubernetes/common/certManagerCertificate/templates/_certificate.tpl
index 6fc667429e..2b9461e50e 100644
--- a/kubernetes/common/certManagerCertificate/templates/_certificate.tpl
+++ b/kubernetes/common/certManagerCertificate/templates/_certificate.tpl
@@ -219,8 +219,14 @@ spec:
sources:
- secret:
name: {{ $certificatesSecretName }}
- {{- if $certificate.keystore }}
items:
+ - key: tls.key
+ path: key.pem
+ - key: tls.crt
+ path: cert.pem
+ - key: ca.crt
+ path: cacert.pem
+ {{- if $certificate.keystore }}
{{- range $outputType := $certificate.keystore.outputType }}
- key: keystore.{{ $outputType }}
path: keystore.{{ $outputType }}
@@ -278,8 +284,14 @@ spec:
sources:
- secret:
name: {{ $certificatesSecretName }}
- {{- if $certificate.keystore }}
items:
+ - key: tls.key
+ path: key.pem
+ - key: tls.crt
+ path: cert.pem
+ - key: ca.crt
+ path: cacert.pem
+ {{- if $certificate.keystore }}
{{- range $outputType := $certificate.keystore.outputType }}
- key: keystore.{{ $outputType }}
path: keystore.{{ $outputType }}
diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
index db58726893..10a63ebbcf 100644
--- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
+++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
@@ -3,6 +3,7 @@
# ================================================================================
# Copyright (c) 2021 J. F. Lucas. All rights reserved.
# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2021 Nokia. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -295,7 +296,7 @@ spec:
name: onap-policy-xacml-pdp-api-creds
key: password
- name: POLICY_SYNC_PDP_URL
- value : http{{ if (include "common.needTLS" .) }}s{{ end }}://policy-xacml-pdp:6969
+ value : http{{ if (include "common.needTLS" .) }}s{{ end }}://policy-xacml-pdp:6969
- name: POLICY_SYNC_OUTFILE
value : "/etc/policies/policies.json"
- name: POLICY_SYNC_V1_DECISION_ENDPOINT
@@ -370,9 +371,9 @@ spec:
{{- if $cmpv2Certificate.keystore -}}
{{- $certType = (index $cmpv2Certificate.keystore.outputType 0) -}}
{{- end -}}
- {{- $truststoresPaths := printf "%s/%s:%s/%s" $certDir "cacert.pem" $cmpv2CertificateDir "ca.crt" -}}
- {{- $truststoresPasswordPaths := "" -}}
- {{- $keystoreSourcePaths := printf "%s/%s:%s/%s" $cmpv2CertificateDir "tls.crt" $cmpv2CertificateDir "tls.key" -}}
+ {{- $truststoresPaths := printf "%s/%s:%s/%s" $certDir "cacert.pem" $cmpv2CertificateDir "cacert.pem" -}}
+ {{- $truststoresPasswordPaths := ":" -}}
+ {{- $keystoreSourcePaths := printf "%s/%s:%s/%s" $cmpv2CertificateDir "cert.pem" $cmpv2CertificateDir "key.pem" -}}
{{- $keystoreDestinationPaths := printf "%s/%s:%s/%s" $certDir "cert.pem" $certDir "key.pem" -}}
{{- if not (eq $certType "pem") -}}
{{- $truststoresPaths = printf "%s/%s:%s/%s.%s" $certDir "trust.jks" $cmpv2CertificateDir "truststore" $certType -}}
diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
index 502e3a89dc..bb65f37f73 100644
--- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
@@ -65,6 +65,8 @@ secrets:
passwordPolicy: required
# CMPv2 certificate
+# It is used only when global parameter cmpv2Enabled is true
+# Disabled by default
certificates:
- mountPath: /etc/ves-hv/ssl/external
commonName: dcae-hv-ves-collector
diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
index 263715650e..081bcdcc1a 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
@@ -58,6 +58,8 @@ certDirectory: /opt/app/dcae-certificate
tlsServer: true
# CMPv2 certificate
+# It is used only when global parameter cmpv2Enabled is true
+# Disabled by default
certificates:
- mountPath: /opt/app/dcae-certificate/external
commonName: dcae-ves-collector