summaryrefslogtreecommitdiffstats
path: root/kubernetes/common
diff options
context:
space:
mode:
authorPiotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>2021-06-01 12:36:13 +0200
committerPiotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>2021-06-08 14:45:49 +0000
commit598f2d8f5e84c92c42c5da0e4dbf9562f860b8f7 (patch)
treed0fb29eef0bda279a8710cc14bf9b25fad82c97f /kubernetes/common
parent87411cc03c91a0ba7f26fcd9e7e4bd8afb75b24e (diff)
[COMMON] Remove CertService client mechanism
- Remove cmpv2Certificate chart in order to deprecate CertService client mechanism. - Remove CertServiceClient init containers in SDNC. - Replace CMPv2CertManagerIntegration with cmpv2Enabled flag Issue-ID: OOM-2744 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: I8c818fcf64a029552c8833f68b6ae95fad379c8d
Diffstat (limited to 'kubernetes/common')
-rw-r--r--kubernetes/common/cmpv2Certificate/Chart.yaml18
-rw-r--r--kubernetes/common/cmpv2Certificate/requirements.yaml24
-rw-r--r--kubernetes/common/cmpv2Certificate/templates/_certServiceClient.tpl189
-rw-r--r--kubernetes/common/cmpv2Certificate/values.yaml13
-rw-r--r--kubernetes/common/cmpv2Config/values.yaml12
-rw-r--r--kubernetes/common/repositoryGenerator/templates/_repository.tpl4
-rw-r--r--kubernetes/common/repositoryGenerator/values.yaml2
7 files changed, 0 insertions, 262 deletions
diff --git a/kubernetes/common/cmpv2Certificate/Chart.yaml b/kubernetes/common/cmpv2Certificate/Chart.yaml
deleted file mode 100644
index 6641ec6954..0000000000
--- a/kubernetes/common/cmpv2Certificate/Chart.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-# Copyright © 2021 Nokia
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: Template used to add cmpv2 certificates to components
-name: cmpv2Certificate
-version: 8.0.0
diff --git a/kubernetes/common/cmpv2Certificate/requirements.yaml b/kubernetes/common/cmpv2Certificate/requirements.yaml
deleted file mode 100644
index b10896d2ce..0000000000
--- a/kubernetes/common/cmpv2Certificate/requirements.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-# Copyright © 2021 Nokia
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-dependencies:
- - name: common
- version: ~8.x-0
- repository: 'file://../common'
- - name: repositoryGenerator
- version: ~8.x-0
- repository: 'file://../repositoryGenerator'
- - name: cmpv2Config
- version: ~8.x-0
- repository: 'file://../cmpv2Config'
diff --git a/kubernetes/common/cmpv2Certificate/templates/_certServiceClient.tpl b/kubernetes/common/cmpv2Certificate/templates/_certServiceClient.tpl
deleted file mode 100644
index f80b06b4d3..0000000000
--- a/kubernetes/common/cmpv2Certificate/templates/_certServiceClient.tpl
+++ /dev/null
@@ -1,189 +0,0 @@
-{{/*
-# Copyright © 2021 Nokia
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{/*
-In order to use certServiceClient it is needed do define certificates array in target component values.yaml. Each
-certificate will be requested from separate init container
-
-Minimum example of array in target component values.yaml:
-certificates:
- - mountPath: /var/custom-certs
- commonName: common-name
-
-Full example (other fields are ignored):
-certificates:
- - mountPath: /var/custom-certs
- caName: RA
- keystore:
- outputType:
- - jks
- commonName: common-name
- dnsNames:
- - dns-name-1
- - dns-name-2
- ipAddresses:
- - 192.168.0.1
- - 192.168.0.2
- emailAddresses:
- - email-1@onap.org
- - email-2@onap.org
- uris:
- - http://uri-1.onap.org
- - http://uri-2.onap.org
- subject:
- organization: Linux-Foundation
- country: US
- locality: San Francisco
- province: California
- organizationalUnit: ONAP
-
-There also need to be some includes used in a target component deployment (indent values may need to be adjusted):
- 1. In initContainers section:
- {{ include "common.certServiceClient.initContainer" . | indent 6 }}
- 2. In volumeMounts section of container using certificates:
- {{ include "common.certServiceClient.volumeMounts" . | indent 10 }}
- 3. In volumes section:
- {{ include "common.certServiceClient.volumes" . | indent 8 }}
-
-*/}}
-
-{{- define "common.certServiceClient.initContainer" -}}
-{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.cmpv2Certificate.cmpv2Config .initRoot -}}
-{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
-{{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}}
-{{- range $index, $certificate := $dot.Values.certificates -}}
-{{/*# General certifiacate attributes #*/}}
-{{- $commonName := (required "'commonName' for Certificate is required." $certificate.commonName) -}}
-{{/*# SAN's #*/}}
-{{- $dnsNames := default (list) $certificate.dnsNames -}}
-{{- $ipAddresses := default (list) $certificate.ipAddresses -}}
-{{- $uris := default (list) $certificate.uris -}}
-{{- $emailAddresses := default (list) $certificate.emailAddresses -}}
-{{- $sansList := concat $dnsNames $ipAddresses $uris $emailAddresses -}}
-{{- $sans := join "," $sansList }}
-{{/*# Subject #*/}}
-{{- $organization := $subchartGlobal.certificate.default.subject.organization -}}
-{{- $country := $subchartGlobal.certificate.default.subject.country -}}
-{{- $locality := $subchartGlobal.certificate.default.subject.locality -}}
-{{- $province := $subchartGlobal.certificate.default.subject.province -}}
-{{- $orgUnit := $subchartGlobal.certificate.default.subject.organizationalUnit -}}
-{{- if $certificate.subject -}}
-{{- $organization := $certificate.subject.organization -}}
-{{- $country := $certificate.subject.country -}}
-{{- $locality := $certificate.subject.locality -}}
-{{- $province := $certificate.subject.province -}}
-{{- $orgUnit := $certificate.subject.organizationalUnit -}}
-{{- end -}}
-{{- $caName := default $subchartGlobal.platform.certServiceClient.envVariables.caName $certificate.caName -}}
-{{- $outputType := $subchartGlobal.platform.certServiceClient.envVariables.outputType -}}
-{{- if $certificate.keystore -}}
-{{- $outputTypeList := (required "'outputType' in 'keystore' section is required." $certificate.keystore.outputType) -}}
-{{- $outputType = mustFirst ($outputTypeList) | upper -}}
-{{- end -}}
-{{- $requestUrl := $subchartGlobal.platform.certServiceClient.envVariables.requestURL -}}
-{{- $certPath := $subchartGlobal.platform.certServiceClient.envVariables.certPath -}}
-{{- $requestTimeout := $subchartGlobal.platform.certServiceClient.envVariables.requestTimeout -}}
-{{- $certificatesSecret:= $subchartGlobal.platform.certServiceClient.clientSecretName -}}
-{{- $certificatesSecretMountPath := $subchartGlobal.platform.certServiceClient.certificatesSecretMountPath -}}
-{{- $keystorePath := (printf "%s%s" $subchartGlobal.platform.certServiceClient.certificatesSecretMountPath $subchartGlobal.platform.certificates.keystoreKeyRef ) -}}
-{{- $keystorePasswordSecret := $subchartGlobal.platform.certificates.keystorePasswordSecretName -}}
-{{- $keystorePasswordSecretKey := $subchartGlobal.platform.certificates.keystorePasswordSecretKey -}}
-{{- $truststorePath := (printf "%s%s" $subchartGlobal.platform.certServiceClient.certificatesSecretMountPath $subchartGlobal.platform.certificates.truststoreKeyRef ) -}}
-{{- $truststorePasswordSecret := $subchartGlobal.platform.certificates.truststorePasswordSecretName -}}
-{{- $truststorePasswordSecretKey := $subchartGlobal.platform.certificates.truststorePasswordSecretKey -}}
-- name: certs-init-{{ $index }}
- image: {{ include "repositoryGenerator.image.certserviceclient" $dot }}
- imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
- env:
- - name: REQUEST_URL
- value: {{ $requestUrl | quote }}
- - name: REQUEST_TIMEOUT
- value: {{ $requestTimeout | quote }}
- - name: OUTPUT_PATH
- value: {{ $certPath | quote }}
- - name: OUTPUT_TYPE
- value: {{ $outputType | quote }}
- - name: CA_NAME
- value: {{ $caName | quote }}
- - name: COMMON_NAME
- value: {{ $commonName | quote }}
- - name: SANS
- value: {{ $sans | quote }}
- - name: ORGANIZATION
- value: {{ $organization | quote }}
- - name: ORGANIZATION_UNIT
- value: {{ $orgUnit | quote }}
- - name: LOCATION
- value: {{ $locality | quote }}
- - name: STATE
- value: {{ $province | quote }}
- - name: COUNTRY
- value: {{ $country | quote }}
- - name: KEYSTORE_PATH
- value: {{ $keystorePath | quote }}
- - name: KEYSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ $keystorePasswordSecret | quote}}
- key: {{ $keystorePasswordSecretKey | quote}}
- - name: TRUSTSTORE_PATH
- value: {{ $truststorePath | quote }}
- - name: TRUSTSTORE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ $truststorePasswordSecret | quote}}
- key: {{ $truststorePasswordSecretKey | quote}}
- terminationMessagePath: /dev/termination-log
- terminationMessagePolicy: File
- volumeMounts:
- - mountPath: {{ $certPath }}
- name: cmpv2-certs-volume-{{ $index }}
- - mountPath: {{ $certificatesSecretMountPath }}
- name: certservice-tls-volume
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{- define "common.certServiceClient.volumes" -}}
-{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.cmpv2Certificate.cmpv2Config .initRoot -}}
-{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
-{{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}}
-{{- $certificatesSecretName := $subchartGlobal.platform.certificates.clientSecretName -}}
-- name: certservice-tls-volume
- secret:
- secretName: {{ $certificatesSecretName }}
-{{ range $index, $certificate := $dot.Values.certificates -}}
-- name: cmpv2-certs-volume-{{ $index }}
- emptyDir:
- medium: Memory
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{- define "common.certServiceClient.volumeMounts" -}}
-{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.cmpv2Certificate.cmpv2Config .initRoot -}}
-{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
-{{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}}
-{{- range $index, $certificate := $dot.Values.certificates -}}
-{{- $mountPath := $certificate.mountPath -}}
-- mountPath: {{ $mountPath }}
- name: cmpv2-certs-volume-{{ $index }}
-{{ end -}}
-{{- end -}}
-{{- end -}}
diff --git a/kubernetes/common/cmpv2Certificate/values.yaml b/kubernetes/common/cmpv2Certificate/values.yaml
deleted file mode 100644
index 504947525d..0000000000
--- a/kubernetes/common/cmpv2Certificate/values.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-# Copyright © 2021 Nokia
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
diff --git a/kubernetes/common/cmpv2Config/values.yaml b/kubernetes/common/cmpv2Config/values.yaml
index 695e40616c..02595b348d 100644
--- a/kubernetes/common/cmpv2Config/values.yaml
+++ b/kubernetes/common/cmpv2Config/values.yaml
@@ -15,7 +15,6 @@ global:
# Enabling CMPv2
cmpv2Enabled: true
- CMPv2CertManagerIntegration: false
certificate:
default:
@@ -35,17 +34,6 @@ global:
keystorePasswordSecretKey: password
truststorePasswordSecretName: oom-cert-service-truststore-password
truststorePasswordSecretKey: password
- certServiceClient:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3
- certificatesSecretMountPath: /etc/onap/oom/certservice/certs/
- envVariables:
- certPath: "/var/custom-certs"
- # Certificate related
- caName: "RA"
- # Client configuration related
- requestURL: "https://oom-cert-service:8443/v1/certificate/"
- requestTimeout: "30000"
- outputType: "P12"
certPostProcessor:
image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.3
diff --git a/kubernetes/common/repositoryGenerator/templates/_repository.tpl b/kubernetes/common/repositoryGenerator/templates/_repository.tpl
index 91f21ab0c9..87dd5c29e9 100644
--- a/kubernetes/common/repositoryGenerator/templates/_repository.tpl
+++ b/kubernetes/common/repositoryGenerator/templates/_repository.tpl
@@ -83,10 +83,6 @@
{{- include "repositoryGenerator.image._helper" (merge (dict "image" "curlImage") .) }}
{{- end -}}
-{{- define "repositoryGenerator.image.certserviceclient" -}}
- {{- include "repositoryGenerator.image._helper" (merge (dict "image" "certServiceClientImage") .) }}
-{{- end -}}
-
{{- define "repositoryGenerator.image.dcaepolicysync" -}}
{{- include "repositoryGenerator.image._helper" (merge (dict "image" "dcaePolicySyncImage") .) }}
{{- end -}}
diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml
index 8a68f6dd9c..bf21e2da08 100644
--- a/kubernetes/common/repositoryGenerator/values.yaml
+++ b/kubernetes/common/repositoryGenerator/values.yaml
@@ -23,7 +23,6 @@ global:
# common global images
busyboxImage: busybox:1.32
curlImage: curlimages/curl:7.69.1
- certServiceClientImage: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3
envsubstImage: dibi/envsubst:1
# there's only latest image for htpasswd
htpasswdImage: xmartlabs/htpasswd:latest
@@ -56,7 +55,6 @@ global:
imageRepoMapping:
busyboxImage: dockerHubRepository
curlImage: dockerHubRepository
- certServiceClientImage: repository
envsubstImage: dockerHubRepository
htpasswdImage: dockerHubRepository
jreImage: repository