summaryrefslogtreecommitdiffstats
path: root/kubernetes/platform
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/platform')
-rw-r--r--kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml5
-rw-r--r--kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml1
-rw-r--r--kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml20
-rw-r--r--kubernetes/platform/components/cmpv2-cert-provider/templates/service.yaml38
-rw-r--r--kubernetes/platform/components/cmpv2-cert-provider/values.yaml25
-rw-r--r--kubernetes/platform/components/oom-cert-service/resources/test/cmpServers.json6
-rw-r--r--kubernetes/platform/components/oom-cert-service/values.yaml4
7 files changed, 14 insertions, 85 deletions
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml b/kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml
index 0bc24afe86..e8418355d3 100644
--- a/kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml
+++ b/kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml
@@ -56,7 +56,10 @@ spec:
description: Path of health check endpoint.
type: string
certEndpoint:
- description: Path of cerfificate signing enpoint.
+ description: Path of cerfificate signing endpoint.
+ type: string
+ updateEndpoint:
+ description: Path of certificate update endpoint.
type: string
caName:
description: Name of the external CA server configured on CertService API side.
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml
index ae4ae81f02..52e35375d3 100644
--- a/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml
+++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml
@@ -25,6 +25,7 @@ spec:
url: {{ .Values.cmpv2issuer.url }}
healthEndpoint: {{ .Values.cmpv2issuer.healthcheckEndpoint }}
certEndpoint: {{ .Values.cmpv2issuer.certEndpoint }}
+ updateEndpoint: {{ .Values.cmpv2issuer.updateEndpoint }}
caName: {{ .Values.cmpv2issuer.caName }}
certSecretRef:
name: {{ .Values.cmpv2issuer.certSecretRef.name }}
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml
index c5f289f2d9..c49762202b 100644
--- a/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml
+++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml
@@ -1,7 +1,7 @@
{{ if .Values.global.cmpv2Enabled }}
# ============LICENSE_START=======================================================
-# Copyright (c) 2020 Nokia
+# Copyright (c) 2020-2021 Nokia
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -38,24 +38,6 @@ spec:
initContainers:
{{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
containers:
- - name: {{ .Values.deploymentProxy.name }}
- image: {{ .Values.deploymentProxy.image }}
- imagePullPolicy: {{ .Values.deploymentProxy.pullPolicy }}
- args:
- - --secure-listen-address=0.0.0.0:8443
- - --upstream=http://127.0.0.1:8080/
- - --logtostderr=true
- - --v=10
- ports:
- - containerPort: 8443
- name: https
- resources:
- limits:
- cpu: {{ .Values.deploymentProxy.resources.limits.cpu }}
- memory: {{ .Values.deploymentProxy.resources.limits.memory }}
- requests:
- cpu: {{ .Values.deploymentProxy.resources.requests.cpu }}
- memory: {{ .Values.deploymentProxy.resources.requests.memory }}
- name: provider
image: {{ .Values.global.repository }}{{if .Values.global.repository }}/{{ end }}{{ .Values.deployment.image }}
imagePullPolicy: {{ .Values.deployment.pullPolicy }}
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/service.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/service.yaml
deleted file mode 100644
index bc689cc68f..0000000000
--- a/kubernetes/platform/components/cmpv2-cert-provider/templates/service.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
-{{ if .Values.global.cmpv2Enabled }}
-
-# ============LICENSE_START=======================================================
-# Copyright (c) 2020 Nokia
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-apiVersion: v1
-kind: Service
-metadata:
- annotations:
- prometheus.io/port: "8443"
- prometheus.io/scheme: https
- prometheus.io/scrape: "true"
- labels:
- control-plane: controller-manager
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- - name: {{ .Values.service.ports.name }}
- port: {{ .Values.service.ports.port }}
- targetPort: {{ .Values.service.ports.targetPort }}
- selector:
- control-plane: controller-manager
-{{ end }}
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml
index 55c4d0beac..2237811465 100644
--- a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml
+++ b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2020, Nokia
+# Copyright © 2020-2021, Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -25,19 +25,10 @@ global:
namespace: onap
-# Service configuration
-service:
- name: oom-certservice-cmpv2issuer-metrics-service
- type: ClusterIP
- ports:
- name: https
- port: 8443
- targetPort: https
-
# Deployment configuration
deployment:
name: oom-certservice-cmpv2issuer
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.3.2
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.4.0
proxyImage: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0
# fol local development use IfNotPresent
pullPolicy: Always
@@ -49,17 +40,6 @@ deployment:
requests:
cpu: 100m
memory: 64Mi
-deploymentProxy:
- name: kube-rbac-proxy
- image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0
- pullPolicy: IfNotPresent
- resources:
- limits:
- cpu: 250m
- memory: 128Mi
- requests:
- cpu: 50m
- memory: 32Mi
readinessCheck:
wait_for:
- oom-cert-service
@@ -70,6 +50,7 @@ cmpv2issuer:
url: https://oom-cert-service:8443
healthcheckEndpoint: actuator/health
certEndpoint: v1/certificate
+ updateEndpoint: v1/certificate-update
caName: RA
certSecretRef:
name: oom-cert-service-client-tls-secret
diff --git a/kubernetes/platform/components/oom-cert-service/resources/test/cmpServers.json b/kubernetes/platform/components/oom-cert-service/resources/test/cmpServers.json
index 06e1087f60..5a967f0405 100644
--- a/kubernetes/platform/components/oom-cert-service/resources/test/cmpServers.json
+++ b/kubernetes/platform/components/oom-cert-service/resources/test/cmpServers.json
@@ -3,7 +3,7 @@
{
"caName": "CLIENT",
"url": "http://ejbca:8080/ejbca/publicweb/cmp/cmp",
- "issuerDN": "CN=ManagementCA",
+ "issuerDN": "O=EJBCA Container Quickstart,CN=ManagementCA,UID=12345",
"caMode": "CLIENT",
"authentication": {
"iak": "${CLIENT_IAK}",
@@ -13,7 +13,7 @@
{
"caName": "RA",
"url": "http://ejbca:8080/ejbca/publicweb/cmp/cmpRA",
- "issuerDN": "CN=ManagementCA",
+ "issuerDN": "O=EJBCA Container Quickstart,CN=ManagementCA,UID=12345",
"caMode": "RA",
"authentication": {
"iak": "${RA_IAK}",
@@ -21,4 +21,4 @@
}
}
]
-} \ No newline at end of file
+}
diff --git a/kubernetes/platform/components/oom-cert-service/values.yaml b/kubernetes/platform/components/oom-cert-service/values.yaml
index 2e149683d7..6cabde79da 100644
--- a/kubernetes/platform/components/oom-cert-service/values.yaml
+++ b/kubernetes/platform/components/oom-cert-service/values.yaml
@@ -34,7 +34,7 @@ service:
# Deployment configuration
repository: "nexus3.onap.org:10001"
-image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.3.3
+image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.4.0
pullPolicy: Always
replicaCount: 1
@@ -79,7 +79,7 @@ tls:
selfsigning:
name: &selfSigningIssuer cmpv2-selfsigning-issuer
ca:
- name: &caIssuer cmpv2-ca-issuer
+ name: &caIssuer cmpv2-issuer-onap
secret:
name: &caKeyPairSecret cmpv2-ca-key-pair
server: