diff options
author | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2021-05-28 19:52:04 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2021-05-28 19:52:04 +0000 |
commit | 84b962398213641e656e8d1750b83f480f531563 (patch) | |
tree | a084aa3af8166515aeef8103d6714a8270d61df8 | |
parent | 11c87298fa0e735756eacf6384a358b96d50af5c (diff) | |
parent | 7b09503a8bfcf128c021b6072bec24a1cc93317a (diff) |
Merge "[DCAEGEN2] Update CMPv2 certs usage in dcaegen2-services"
5 files changed, 30 insertions, 7 deletions
diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl index 4554b50de8..310d9ae662 100644 --- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl @@ -330,7 +330,7 @@ spec: {{- if $certDir }} - mountPath: {{ $certDir }} name: tls-info - {{- if and .Values.certificates .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration -}} + {{- if (include "dcaegen2-services-common.shouldUseCmpv2Certificates" .) -}} {{- include "common.certManager.volumeMountsReadOnly" . | nindent 8 -}} {{- end -}} {{- end }} @@ -428,7 +428,7 @@ spec: {{- if $certDir }} - emptyDir: {} name: tls-info - {{ if and .Values.certificates .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration -}} + {{ if (include "dcaegen2-services-common.shouldUseCmpv2Certificates" .) -}} {{ include "common.certManager.volumesReadOnly" . | nindent 6 }} {{- end }} {{- end }} @@ -449,7 +449,7 @@ spec: */}} {{- define "dcaegen2-services-common._certPostProcessor" -}} {{- $certDir := default "" .Values.certDirectory . -}} - {{- if and $certDir .Values.certificates .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration -}} + {{- if (include "dcaegen2-services-common.shouldUseCmpv2Certificates" .) -}} {{- $cmpv2Certificate := (index .Values.certificates 0) -}} {{- $cmpv2CertificateDir := $cmpv2Certificate.mountPath -}} {{- $certType := "pem" -}} @@ -486,3 +486,16 @@ spec: value: {{ $keystoreDestinationPaths | quote }} {{- end }} {{- end -}} + +{{/* + Template returns string "true" if CMPv2 certificates should be used and nothing (so it can be used in with statements) + when they shouldn't. Example use: + {{- if (include "dcaegen2-services-common.shouldUseCmpv2Certificates" .) -}} + +*/}} +{{- define "dcaegen2-services-common.shouldUseCmpv2Certificates" -}} + {{- $certDir := default "" .Values.certDirectory . -}} + {{- if (and $certDir .Values.certificates .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration .Values.useCmpv2Certificates) -}} + true + {{- end -}} +{{- end -}} diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/templates/certificates.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/templates/certificates.yaml index 0db2138a4f..12a05885ca 100644 --- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/templates/certificates.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/templates/certificates.yaml @@ -14,6 +14,6 @@ # limitations under the License. */}} -{{ if and .Values.certDirectory .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }} +{{- if (include "dcaegen2-services-common.shouldUseCmpv2Certificates" .) -}} {{ include "certManagerCertificate.certificate" . }} {{ end }} diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml index bb65f37f73..223789a75f 100644 --- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml @@ -65,8 +65,13 @@ secrets: passwordPolicy: required # CMPv2 certificate -# It is used only when global parameter cmpv2Enabled is true +# It is used only when: +# - certDirectory is set +# - global cmpv2Enabled flag is set to true +# - global CertManagerIntegration flag is set to true +# - flag useCmpv2Certificates is set to true # Disabled by default +useCmpv2Certificates: false certificates: - mountPath: /etc/ves-hv/ssl/external commonName: dcae-hv-ves-collector diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/templates/certificates.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/templates/certificates.yaml index 0db2138a4f..12a05885ca 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/templates/certificates.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/templates/certificates.yaml @@ -14,6 +14,6 @@ # limitations under the License. */}} -{{ if and .Values.certDirectory .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }} +{{- if (include "dcaegen2-services-common.shouldUseCmpv2Certificates" .) -}} {{ include "certManagerCertificate.certificate" . }} {{ end }} diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml index a675db6797..9e08ea1a69 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml @@ -58,8 +58,13 @@ certDirectory: /opt/app/dcae-certificate tlsServer: true # CMPv2 certificate -# It is used only when global parameter cmpv2Enabled is true +# It is used only when: +# - certDirectory is set +# - global cmpv2Enabled flag is set to true +# - global CertManagerIntegration flag is set to true +# - flag useCmpv2Certificates is set to true # Disabled by default +useCmpv2Certificates: false certificates: - mountPath: /opt/app/dcae-certificate/external commonName: dcae-ves-collector |