[DCAEGEN2] Add pem support in CMPv2 for dcaegen2-services

- Add mounting certificates in pem format. - Add comment description to certificates in dcae values Issue-ID: DCAEGEN2-2688 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: I546292c33e25e36376b98d42e08a3c4ffa95de64
author: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> 2021-04-29 17:02:37 +0200
committer: Krzysztof Opasiak <k.opasiak@samsung.com> 2021-05-10 20:12:00 +0000
commit: 7062518d303da3de71d3f424bea5d2a87a5fc516 (patch)
tree: 47794fa090221cf87a9b9da7f1122f4e71b7f827
parent: 7782c3e8da81539a348a5fd18c44dcc6a1983dc3 (diff)
4 files changed, 23 insertions, 6 deletions
diff --git a/kubernetes/common/certManagerCertificate/templates/_certificate.tpl b/kubernetes/common/certManagerCertificate/templates/_certificate.tpl
index 6fc667429e..2b9461e50e 100644
--- a/kubernetes/common/certManagerCertificate/templates/_certificate.tpl
+++ b/kubernetes/common/certManagerCertificate/templates/_certificate.tpl
@@ -219,8 +219,14 @@ spec:
     sources:
     - secret:
         name: {{ $certificatesSecretName }}
-    {{- if $certificate.keystore }}
         items:
+          - key: tls.key
+            path: key.pem
+          - key: tls.crt
+            path: cert.pem
+          - key: ca.crt
+            path: cacert.pem
+    {{- if $certificate.keystore }}
         {{- range $outputType := $certificate.keystore.outputType }}
           - key: keystore.{{ $outputType }}
             path: keystore.{{ $outputType }}
@@ -278,8 +284,14 @@ spec:
     sources:
     - secret:
         name: {{ $certificatesSecretName }}
-    {{- if $certificate.keystore }}
         items:
+          - key: tls.key
+            path: key.pem
+          - key: tls.crt
+            path: cert.pem
+          - key: ca.crt
+            path: cacert.pem
+    {{- if $certificate.keystore }}
         {{- range $outputType := $certificate.keystore.outputType }}
           - key: keystore.{{ $outputType }}
             path: keystore.{{ $outputType }}
diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
index db58726893..10a63ebbcf 100644
--- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
+++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
@@ -3,6 +3,7 @@
 # ================================================================================
 # Copyright (c) 2021 J. F. Lucas. All rights reserved.
 # Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2021 Nokia. All rights reserved.
 # ================================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -295,7 +296,7 @@ spec:
               name: onap-policy-xacml-pdp-api-creds
               key: password
         - name: POLICY_SYNC_PDP_URL
-          value : http{{ if (include "common.needTLS" .) }}s{{ end }}://policy-xacml-pdp:6969 
+          value : http{{ if (include "common.needTLS" .) }}s{{ end }}://policy-xacml-pdp:6969
         - name: POLICY_SYNC_OUTFILE
           value : "/etc/policies/policies.json"
         - name: POLICY_SYNC_V1_DECISION_ENDPOINT
@@ -370,9 +371,9 @@ spec:
     {{- if $cmpv2Certificate.keystore -}}
       {{- $certType = (index $cmpv2Certificate.keystore.outputType 0) -}}
     {{- end -}}
-    {{- $truststoresPaths := printf "%s/%s:%s/%s" $certDir "cacert.pem" $cmpv2CertificateDir "ca.crt" -}}
-    {{- $truststoresPasswordPaths := "" -}}
-    {{- $keystoreSourcePaths := printf "%s/%s:%s/%s" $cmpv2CertificateDir "tls.crt" $cmpv2CertificateDir "tls.key" -}}
+    {{- $truststoresPaths := printf "%s/%s:%s/%s" $certDir "cacert.pem" $cmpv2CertificateDir "cacert.pem" -}}
+    {{- $truststoresPasswordPaths := ":" -}}
+    {{- $keystoreSourcePaths := printf "%s/%s:%s/%s" $cmpv2CertificateDir "cert.pem" $cmpv2CertificateDir "key.pem" -}}
     {{- $keystoreDestinationPaths := printf "%s/%s:%s/%s" $certDir "cert.pem" $certDir "key.pem" -}}
     {{- if not (eq $certType "pem") -}}
       {{- $truststoresPaths = printf "%s/%s:%s/%s.%s" $certDir "trust.jks" $cmpv2CertificateDir "truststore" $certType -}}
diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
index 502e3a89dc..bb65f37f73 100644
--- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
@@ -65,6 +65,8 @@ secrets:
     passwordPolicy: required
 
 # CMPv2 certificate
+# It is used only when global parameter cmpv2Enabled is true
+# Disabled by default
 certificates:
   - mountPath: /etc/ves-hv/ssl/external
     commonName: dcae-hv-ves-collector
diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
index 263715650e..081bcdcc1a 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
@@ -58,6 +58,8 @@ certDirectory: /opt/app/dcae-certificate
 tlsServer: true
 
 # CMPv2 certificate
+# It is used only when global parameter cmpv2Enabled is true
+# Disabled by default
 certificates:
   - mountPath: /opt/app/dcae-certificate/external
     commonName: dcae-ves-collector
author	Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>	2021-04-29 17:02:37 +0200
committer	Krzysztof Opasiak <k.opasiak@samsung.com>	2021-05-10 20:12:00 +0000
commit	7062518d303da3de71d3f424bea5d2a87a5fc516 (patch)
tree	47794fa090221cf87a9b9da7f1122f4e71b7f827
parent	7782c3e8da81539a348a5fd18c44dcc6a1983dc3 (diff)