[COMMON] Remove CertService client mechanism

- Remove cmpv2Certificate chart in order to deprecate CertService client mechanism. - Remove CertServiceClient init containers in SDNC. - Replace CMPv2CertManagerIntegration with cmpv2Enabled flag Issue-ID: OOM-2744 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: I8c818fcf64a029552c8833f68b6ae95fad379c8d
author: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> 2021-06-01 12:36:13 +0200
committer: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> 2021-06-08 14:45:49 +0000
commit: 598f2d8f5e84c92c42c5da0e4dbf9562f860b8f7 (patch)
tree: d0fb29eef0bda279a8710cc14bf9b25fad82c97f
parent: 87411cc03c91a0ba7f26fcd9e7e4bd8afb75b24e (diff)
25 files changed, 25 insertions, 319 deletions
diff --git a/kubernetes/common/cmpv2Certificate/Chart.yaml b/kubernetes/common/cmpv2Certificate/Chart.yaml
deleted file mode 100644
index 6641ec6954..0000000000
--- a/kubernetes/common/cmpv2Certificate/Chart.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-# Copyright © 2021 Nokia
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: Template used to add cmpv2 certificates to components
-name: cmpv2Certificate
-version: 8.0.0
diff --git a/kubernetes/common/cmpv2Certificate/requirements.yaml b/kubernetes/common/cmpv2Certificate/requirements.yaml
deleted file mode 100644
index b10896d2ce..0000000000
--- a/kubernetes/common/cmpv2Certificate/requirements.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-# Copyright © 2021 Nokia
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
-  - name: common
-    version: ~8.x-0
-    repository: 'file://../common'
-  - name: repositoryGenerator
-    version: ~8.x-0
-    repository: 'file://../repositoryGenerator'
-  - name: cmpv2Config
-    version: ~8.x-0
-    repository: 'file://../cmpv2Config'
diff --git a/kubernetes/common/cmpv2Certificate/templates/_certServiceClient.tpl b/kubernetes/common/cmpv2Certificate/templates/_certServiceClient.tpl
deleted file mode 100644
index f80b06b4d3..0000000000
--- a/kubernetes/common/cmpv2Certificate/templates/_certServiceClient.tpl
+++ /dev/null
@@ -1,189 +0,0 @@
-{{/*
-# Copyright © 2021 Nokia
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{/*
-In order to use certServiceClient it is needed do define certificates array in target component values.yaml. Each
-certificate will be requested from separate init container
-
-Minimum example of array in target component values.yaml:
-certificates:
-  - mountPath:  /var/custom-certs
-    commonName: common-name
-
-Full example (other fields are ignored):
-certificates:
-  - mountPath:  /var/custom-certs
-    caName: RA
-    keystore:
-      outputType:
-        - jks
-    commonName: common-name
-    dnsNames:
-      - dns-name-1
-      - dns-name-2
-    ipAddresses:
-      - 192.168.0.1
-      - 192.168.0.2
-    emailAddresses:
-      - email-1@onap.org
-      - email-2@onap.org
-    uris:
-      - http://uri-1.onap.org
-      - http://uri-2.onap.org
-    subject:
-      organization: Linux-Foundation
-      country: US
-      locality: San Francisco
-      province: California
-      organizationalUnit: ONAP
-
-There also need to be some includes used in a target component deployment (indent values may need to be adjusted):
-  1. In initContainers section:
-    {{ include "common.certServiceClient.initContainer" . | indent 6 }}
-  2. In volumeMounts section of container using certificates:
-    {{ include "common.certServiceClient.volumeMounts" . | indent 10 }}
-  3. In volumes section:
-    {{ include "common.certServiceClient.volumes" . | indent 8 }}
-
-*/}}
-
-{{- define "common.certServiceClient.initContainer" -}}
-{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.cmpv2Certificate.cmpv2Config .initRoot -}}
-{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
-{{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}}
-{{- range $index, $certificate := $dot.Values.certificates -}}
-{{/*# General certifiacate attributes  #*/}}
-{{- $commonName     := (required "'commonName' for Certificate is required." $certificate.commonName) -}}
-{{/*# SAN's #*/}}
-{{- $dnsNames       := default (list)    $certificate.dnsNames       -}}
-{{- $ipAddresses    := default (list)    $certificate.ipAddresses    -}}
-{{- $uris           := default (list)    $certificate.uris           -}}
-{{- $emailAddresses := default (list)    $certificate.emailAddresses   -}}
-{{- $sansList := concat $dnsNames $ipAddresses $uris $emailAddresses   -}}
-{{- $sans := join "," $sansList }}
-{{/*# Subject #*/}}
-{{- $organization   := $subchartGlobal.certificate.default.subject.organization        -}}
-{{- $country        := $subchartGlobal.certificate.default.subject.country             -}}
-{{- $locality       := $subchartGlobal.certificate.default.subject.locality            -}}
-{{- $province       := $subchartGlobal.certificate.default.subject.province            -}}
-{{- $orgUnit        := $subchartGlobal.certificate.default.subject.organizationalUnit  -}}
-{{- if $certificate.subject -}}
-{{- $organization   := $certificate.subject.organization -}}
-{{- $country        := $certificate.subject.country -}}
-{{- $locality       := $certificate.subject.locality -}}
-{{- $province       := $certificate.subject.province -}}
-{{- $orgUnit        := $certificate.subject.organizationalUnit -}}
-{{- end -}}
-{{- $caName := default $subchartGlobal.platform.certServiceClient.envVariables.caName $certificate.caName -}}
-{{- $outputType := $subchartGlobal.platform.certServiceClient.envVariables.outputType -}}
-{{- if $certificate.keystore -}}
-{{- $outputTypeList := (required "'outputType' in 'keystore' section is required." $certificate.keystore.outputType) -}}
-{{- $outputType = mustFirst ($outputTypeList) | upper -}}
-{{- end -}}
-{{- $requestUrl := $subchartGlobal.platform.certServiceClient.envVariables.requestURL -}}
-{{- $certPath := $subchartGlobal.platform.certServiceClient.envVariables.certPath -}}
-{{- $requestTimeout := $subchartGlobal.platform.certServiceClient.envVariables.requestTimeout -}}
-{{- $certificatesSecret:= $subchartGlobal.platform.certServiceClient.clientSecretName -}}
-{{- $certificatesSecretMountPath := $subchartGlobal.platform.certServiceClient.certificatesSecretMountPath -}}
-{{- $keystorePath := (printf "%s%s" $subchartGlobal.platform.certServiceClient.certificatesSecretMountPath $subchartGlobal.platform.certificates.keystoreKeyRef ) -}}
-{{- $keystorePasswordSecret := $subchartGlobal.platform.certificates.keystorePasswordSecretName -}}
-{{- $keystorePasswordSecretKey := $subchartGlobal.platform.certificates.keystorePasswordSecretKey -}}
-{{- $truststorePath := (printf "%s%s" $subchartGlobal.platform.certServiceClient.certificatesSecretMountPath $subchartGlobal.platform.certificates.truststoreKeyRef ) -}}
-{{- $truststorePasswordSecret := $subchartGlobal.platform.certificates.truststorePasswordSecretName -}}
-{{- $truststorePasswordSecretKey := $subchartGlobal.platform.certificates.truststorePasswordSecretKey -}}
-- name: certs-init-{{ $index }}
-  image: {{ include "repositoryGenerator.image.certserviceclient" $dot }}
-  imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
-  env:
-    - name: REQUEST_URL
-      value: {{ $requestUrl | quote }}
-    - name: REQUEST_TIMEOUT
-      value: {{ $requestTimeout | quote }}
-    - name: OUTPUT_PATH
-      value: {{ $certPath | quote }}
-    - name: OUTPUT_TYPE
-      value: {{ $outputType | quote }}
-    - name: CA_NAME
-      value: {{ $caName | quote }}
-    - name: COMMON_NAME
-      value: {{ $commonName | quote }}
-    - name: SANS
-      value: {{ $sans | quote }}
-    - name: ORGANIZATION
-      value: {{ $organization | quote }}
-    - name: ORGANIZATION_UNIT
-      value: {{ $orgUnit | quote }}
-    - name: LOCATION
-      value: {{ $locality | quote }}
-    - name: STATE
-      value: {{ $province | quote }}
-    - name: COUNTRY
-      value: {{ $country | quote }}
-    - name: KEYSTORE_PATH
-      value: {{ $keystorePath | quote }}
-    - name: KEYSTORE_PASSWORD
-      valueFrom:
-        secretKeyRef:
-          name: {{ $keystorePasswordSecret | quote}}
-          key: {{ $keystorePasswordSecretKey | quote}}
-    - name: TRUSTSTORE_PATH
-      value: {{ $truststorePath | quote }}
-    - name: TRUSTSTORE_PASSWORD
-      valueFrom:
-        secretKeyRef:
-          name: {{ $truststorePasswordSecret | quote}}
-          key: {{ $truststorePasswordSecretKey | quote}}
-  terminationMessagePath: /dev/termination-log
-  terminationMessagePolicy: File
-  volumeMounts:
-    - mountPath: {{ $certPath }}
-      name: cmpv2-certs-volume-{{ $index }}
-    - mountPath: {{ $certificatesSecretMountPath }}
-      name: certservice-tls-volume
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{- define "common.certServiceClient.volumes" -}}
-{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.cmpv2Certificate.cmpv2Config .initRoot -}}
-{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
-{{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}}
-{{- $certificatesSecretName := $subchartGlobal.platform.certificates.clientSecretName -}}
-- name: certservice-tls-volume
-  secret:
-    secretName: {{ $certificatesSecretName }}
-{{ range $index, $certificate := $dot.Values.certificates -}}
-- name: cmpv2-certs-volume-{{ $index }}
-  emptyDir:
-    medium: Memory
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{- define "common.certServiceClient.volumeMounts" -}}
-{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.cmpv2Certificate.cmpv2Config .initRoot -}}
-{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
-{{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}}
-{{- range $index, $certificate := $dot.Values.certificates -}}
-{{- $mountPath := $certificate.mountPath -}}
-- mountPath: {{ $mountPath }}
-  name: cmpv2-certs-volume-{{ $index }}
-{{ end -}}
-{{- end -}}
-{{- end -}}
diff --git a/kubernetes/common/cmpv2Certificate/values.yaml b/kubernetes/common/cmpv2Certificate/values.yaml
deleted file mode 100644
index 504947525d..0000000000
--- a/kubernetes/common/cmpv2Certificate/values.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-# Copyright © 2021 Nokia
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
diff --git a/kubernetes/common/cmpv2Config/values.yaml b/kubernetes/common/cmpv2Config/values.yaml
index 695e40616c..02595b348d 100644
--- a/kubernetes/common/cmpv2Config/values.yaml
+++ b/kubernetes/common/cmpv2Config/values.yaml
@@ -15,7 +15,6 @@ global:
 
   # Enabling CMPv2
   cmpv2Enabled: true
-  CMPv2CertManagerIntegration: false
 
   certificate:
     default:
@@ -35,17 +34,6 @@ global:
       keystorePasswordSecretKey: password
       truststorePasswordSecretName: oom-cert-service-truststore-password
       truststorePasswordSecretKey: password
-    certServiceClient:
-      image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3
-      certificatesSecretMountPath: /etc/onap/oom/certservice/certs/
-      envVariables:
-        certPath: "/var/custom-certs"
-        # Certificate related
-        caName: "RA"
-        # Client configuration related
-        requestURL: "https://oom-cert-service:8443/v1/certificate/"
-        requestTimeout: "30000"
-        outputType: "P12"
     certPostProcessor:
       image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.3
 
diff --git a/kubernetes/common/repositoryGenerator/templates/_repository.tpl b/kubernetes/common/repositoryGenerator/templates/_repository.tpl
index 91f21ab0c9..87dd5c29e9 100644
--- a/kubernetes/common/repositoryGenerator/templates/_repository.tpl
+++ b/kubernetes/common/repositoryGenerator/templates/_repository.tpl
@@ -83,10 +83,6 @@
   {{- include "repositoryGenerator.image._helper" (merge (dict "image" "curlImage") .) }}
 {{- end -}}
 
-{{- define "repositoryGenerator.image.certserviceclient" -}}
-  {{- include "repositoryGenerator.image._helper" (merge (dict "image" "certServiceClientImage") .) }}
-{{- end -}}
-
 {{- define "repositoryGenerator.image.dcaepolicysync" -}}
   {{- include "repositoryGenerator.image._helper" (merge (dict "image" "dcaePolicySyncImage") .) }}
 {{- end -}}
diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml
index 8a68f6dd9c..bf21e2da08 100644
--- a/kubernetes/common/repositoryGenerator/values.yaml
+++ b/kubernetes/common/repositoryGenerator/values.yaml
@@ -23,7 +23,6 @@ global:
   # common global images
   busyboxImage: busybox:1.32
   curlImage: curlimages/curl:7.69.1
-  certServiceClientImage: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3
   envsubstImage: dibi/envsubst:1
   # there's only latest image for htpasswd
   htpasswdImage: xmartlabs/htpasswd:latest
@@ -56,7 +55,6 @@ global:
 imageRepoMapping:
   busyboxImage: dockerHubRepository
   curlImage: dockerHubRepository
-  certServiceClientImage: repository
   envsubstImage: dockerHubRepository
   htpasswdImage: dockerHubRepository
   jreImage: repository
diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
index 310d9ae662..328a4c625f 100644
--- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
+++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
@@ -495,7 +495,7 @@ spec:
 */}}
 {{- define "dcaegen2-services-common.shouldUseCmpv2Certificates" -}}
   {{- $certDir := default "" .Values.certDirectory . -}}
-  {{- if (and $certDir .Values.certificates .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration .Values.useCmpv2Certificates) -}}
+  {{- if (and $certDir .Values.certificates .Values.global.cmpv2Enabled .Values.useCmpv2Certificates) -}}
   true
   {{- end -}}
 {{- end -}}
diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
index 223789a75f..64e4ba9b43 100644
--- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
@@ -68,7 +68,6 @@ secrets:
 # It is used only when:
 # - certDirectory is set
 # - global cmpv2Enabled flag is set to true
-# - global CertManagerIntegration flag is set to true
 # - flag useCmpv2Certificates is set to true
 # Disabled by default
 useCmpv2Certificates: false
diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
index 9e08ea1a69..982d770595 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
@@ -61,7 +61,6 @@ tlsServer: true
 # It is used only when:
 # - certDirectory is set
 # - global cmpv2Enabled flag is set to true
-# - global CertManagerIntegration flag is set to true
 # - flag useCmpv2Certificates is set to true
 # Disabled by default
 useCmpv2Certificates: false
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/plugins/k8s-plugin.json b/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/plugins/k8s-plugin.json
index 3c769fca5f..fb1a40edfd 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/plugins/k8s-plugin.json
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/resources/config/plugins/k8s-plugin.json
@@ -41,9 +41,6 @@
     "ca_cert_configmap": "{{ include "common.fullname" . }}-dcae-cacert"
   },
   "external_cert": {
-    "image_tag": "{{ include "repositoryGenerator.repository" . }}/{{ .Values.cmpv2Config.global.platform.certServiceClient.image }}",
-    "request_url": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.requestURL }}",
-    "timeout": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.requestTimeout }}",
     "country": "{{ .Values.cmpv2Config.global.certificate.default.subject.country }}",
     "organization": "{{ .Values.cmpv2Config.global.certificate.default.subject.organization }}",
     "state": "{{ .Values.cmpv2Config.global.certificate.default.subject.province }}",
@@ -61,7 +58,7 @@
     "image_tag": "{{ include "repositoryGenerator.repository" . }}/{{ .Values.cmpv2Config.global.platform.certPostProcessor.image }}"
   },
   "cmpv2_issuer": {
-    "enabled": "{{ .Values.global.CMPv2CertManagerIntegration }}",
+    "enabled": "true",
     "name": "{{ .Values.cmpv2issuer.name }}"
   }
 }
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
index fcc8f6d4b0..313ac9b34d 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
@@ -28,8 +28,6 @@ global:
   repositoryCred:
     user: docker
     password: docker
-  # Enabling CMPv2 with CertManager
-  CMPv2CertManagerIntegration: false
 
 cmpv2issuer:
   name: cmpv2-issuer-onap
diff --git a/kubernetes/onap/resources/overrides/onap-all.yaml b/kubernetes/onap/resources/overrides/onap-all.yaml
index d6c447240d..521cf2ff8b 100644
--- a/kubernetes/onap/resources/overrides/onap-all.yaml
+++ b/kubernetes/onap/resources/overrides/onap-all.yaml
@@ -20,7 +20,6 @@
 global:
   addTestingComponents: &testing true
   centralizedLoggingEnabled: &centralizedLogging false
-  CMPv2CertManagerIntegration: false
 cassandra:
   enabled: true
 mariadb-galera:
diff --git a/kubernetes/onap/resources/overrides/oom-cert-service-environment.yaml b/kubernetes/onap/resources/overrides/oom-cert-service-environment.yaml
index 643d3065c1..7b3603c041 100644
--- a/kubernetes/onap/resources/overrides/oom-cert-service-environment.yaml
+++ b/kubernetes/onap/resources/overrides/oom-cert-service-environment.yaml
@@ -1,5 +1,5 @@
 # Copyright © 2020 Nordix Foundation
-# Modifications Copyright © 2020 Nokia
+# Modifications Copyright © 2020-2021 Nokia
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -35,15 +35,17 @@
 #################################################################
 global:
   cmpv2Enabled: true
-  CMPv2CertManagerIntegration: true
-  platform:
-    certServiceClient:
-      envVariables:
-        # Certificate related
-        cmpv2Organization: "Linux-Foundation"
-        cmpv2OrganizationalUnit: "ONAP"
-        cmpv2Location: "San-Francisco"
-        cmpv2State: "California"
-        cmpv2Country: "US"
-        # Client configuration related
-        caName: "RA"
+  certificate:
+    default:
+      renewBefore: 720h #30 days
+      duration:    8760h #365 days
+      subject:
+        organization: "Linux-Foundation"
+        country: "US"
+        locality: "San-Francisco"
+        province: "California"
+        organizationalUnit: "ONAP"
+      issuer:
+        group: certmanager.onap.org
+        kind: CMPv2Issuer
+        name: cmpv2-issuer-onap
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index d91284a6c3..0e2b13b473 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -194,7 +194,6 @@ global:
 
   # Enabling CMPv2
   cmpv2Enabled: true
-  CMPv2CertManagerIntegration: false
   platform:
     certificates:
       clientSecretName: oom-cert-service-client-tls-secret
@@ -204,17 +203,6 @@ global:
       keystorePasswordSecretKey: password
       truststorePasswordSecretName: oom-cert-service-certificates-password
       truststorePasswordSecretKey: password
-    certServiceClient:
-      image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3
-      certificatesSecretMountPath: /etc/onap/oom/certservice/certs/
-      envVariables:
-        certPath: "/var/custom-certs"
-        # Certificate related
-        caName: "RA"
-        # Client configuration related
-        requestURL: "https://oom-cert-service:8443/v1/certificate/"
-        requestTimeout: "30000"
-        outputType: "P12"
 
   # Indicates offline deployment build
   # Set to true if you are rendering helm charts for offline deployment
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml
index 9ba61a5f57..ae4ae81f02 100644
--- a/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml
+++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml
@@ -1,4 +1,4 @@
-{{ if .Values.global.CMPv2CertManagerIntegration }}
+{{ if .Values.global.cmpv2Enabled }}
 
 # ============LICENSE_START=======================================================
 # Copyright (c) 2020 Nokia
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml
index 3a993734e4..8bcbc1f7d0 100644
--- a/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml
+++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml
@@ -1,4 +1,4 @@
-{{ if .Values.global.CMPv2CertManagerIntegration }}
+{{ if .Values.global.cmpv2Enabled }}
 
 # ============LICENSE_START=======================================================
 # Copyright (c) 2020 Nokia
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/roles.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/roles.yaml
index add5622f41..f976a80268 100644
--- a/kubernetes/platform/components/cmpv2-cert-provider/templates/roles.yaml
+++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/roles.yaml
@@ -1,4 +1,4 @@
-{{ if .Values.global.CMPv2CertManagerIntegration }}
+{{ if .Values.global.cmpv2Enabled }}
 
 # ============LICENSE_START=======================================================
 # Copyright (c) 2020 Nokia
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/service.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/service.yaml
index 152bd68ba6..bc689cc68f 100644
--- a/kubernetes/platform/components/cmpv2-cert-provider/templates/service.yaml
+++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/service.yaml
@@ -1,4 +1,4 @@
-{{ if .Values.global.CMPv2CertManagerIntegration }}
+{{ if .Values.global.cmpv2Enabled }}
 
 # ============LICENSE_START=======================================================
 # Copyright (c) 2020 Nokia
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml
index fd34b1ef28..55c4d0beac 100644
--- a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml
+++ b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml
@@ -21,7 +21,6 @@ global:
   busyboxRepository: registry.hub.docker.com
   busyboxImage: library/busybox:latest
   repository: "nexus3.onap.org:10001"
-  CMPv2CertManagerIntegration: false
 
 namespace: onap
 
diff --git a/kubernetes/platform/values.yaml b/kubernetes/platform/values.yaml
index d21fb791e2..a30dabbcc2 100644
--- a/kubernetes/platform/values.yaml
+++ b/kubernetes/platform/values.yaml
@@ -28,11 +28,6 @@ global:
   cmpv2Enabled: true
   addTestingComponents: false
 
-  certService:
-    certServiceClient:
-      secret:
-        name: oom-cert-service-client-tls-secret
-
 #################################################################
 # Application configuration defaults.
 #################################################################
diff --git a/kubernetes/sdnc/requirements.yaml b/kubernetes/sdnc/requirements.yaml
index 0c82f9581d..ac0e6ed868 100644
--- a/kubernetes/sdnc/requirements.yaml
+++ b/kubernetes/sdnc/requirements.yaml
@@ -21,9 +21,6 @@ dependencies:
   - name: certInitializer
     version: ~8.x-0
     repository: '@local'
-  - name: cmpv2Certificate
-    version: ~8.x-0
-    repository: '@local'
   - name: certManagerCertificate
     version: ~8.x-0
     repository: '@local'
diff --git a/kubernetes/sdnc/templates/certificates.yaml b/kubernetes/sdnc/templates/certificates.yaml
index c4eca61e35..acf9012099 100644
--- a/kubernetes/sdnc/templates/certificates.yaml
+++ b/kubernetes/sdnc/templates/certificates.yaml
@@ -14,6 +14,6 @@
 # limitations under the License.
 */}}
 
-{{ if and .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }}
+{{ if .Values.global.cmpv2Enabled }}
 {{ include "certManagerCertificate.certificate" . }}
 {{ end }}
diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml
index 8a7259ba0d..f0ee8a9456 100644
--- a/kubernetes/sdnc/templates/statefulset.yaml
+++ b/kubernetes/sdnc/templates/statefulset.yaml
@@ -155,7 +155,6 @@ spec:
         name: {{ include "common.name" . }}-readiness
         {{ end -}}
 {{ include "common.certInitializer.initContainer" . | indent 6 }}
-{{ include "common.certServiceClient.initContainer" . | indent 6 }}
       - name: {{ include "common.name" . }}-chown
         image: {{ include "repositoryGenerator.image.busybox" . }}
         command:
@@ -178,7 +177,7 @@ spec:
         - name: {{ include "common.name" . }}
           image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-          {{- if and .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }}
+          {{- if .Values.global.cmpv2Enabled }}
           {{- $linkCommand := include "common.certManager.linkVolumeMounts" . }}
           lifecycle:
             postStart:
@@ -312,8 +311,7 @@ spec:
             value: "{{ .Values.config.sdnr.netconfCallHome.enabled | default "false" }}"
           volumeMounts:
 {{ include "common.certInitializer.volumeMount" . | indent 10 }}
-{{ include "common.certServiceClient.volumeMounts" . | indent 10 }}
-{{- if and .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }}
+{{- if .Values.global.cmpv2Enabled }}
 {{ include "common.certManager.volumeMounts" . | indent 10 }}
 {{- end }}
           - mountPath: /etc/localtime
@@ -437,8 +435,7 @@ spec:
           emptyDir: {}
   {{ else }}
 {{ include "common.certInitializer.volumes" . | nindent 8 }}
-{{ include "common.certServiceClient.volumes" . | nindent 8 }}
-{{- if and .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }}
+{{- if .Values.global.cmpv2Enabled }}
 {{ include "common.certManager.volumes" . | nindent 8 }}
 {{- end }}
   volumeClaimTemplates:
diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index b22b6758d2..4fdcd2861d 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -30,8 +30,6 @@ global:
     service: mariadb-galera
     internalPort: 3306
     nameOverride: mariadb-galera
-  # Enabling CMPv2 with CertManager
-  CMPv2CertManagerIntegration: false
 
 #################################################################
 # Secrets metaconfig
author	Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>	2021-06-01 12:36:13 +0200
committer	Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>	2021-06-08 14:45:49 +0000
commit	598f2d8f5e84c92c42c5da0e4dbf9562f860b8f7 (patch)
tree	d0fb29eef0bda279a8710cc14bf9b25fad82c97f
parent	87411cc03c91a0ba7f26fcd9e7e4bd8afb75b24e (diff)