diff options
author | 2020-11-05 15:25:12 +0100 | |
---|---|---|
committer | 2020-11-10 13:08:23 +0100 | |
commit | 1815faa0ee14d5c27105a39f641a5b46939e72f8 (patch) | |
tree | a717a1b6a08a67d1a9341339bfd7c63170f5cf6c /certServiceK8sExternalProvider/README.md | |
parent | 8ad5e5e43ba2044e7deb1b92d131ceb086c89574 (diff) |
[OOM-K8S-CERT-EXTERNAL-PROVIDER] Refactoring & code improvements
Issue-ID: OOM-2559
Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com>
Change-Id: I52c38aacf064682f0018ac37b1400893bd9e53fc
Diffstat (limited to 'certServiceK8sExternalProvider/README.md')
-rw-r--r-- | certServiceK8sExternalProvider/README.md | 50 |
1 files changed, 42 insertions, 8 deletions
diff --git a/certServiceK8sExternalProvider/README.md b/certServiceK8sExternalProvider/README.md index bb3e0b8c..ee739a3f 100644 --- a/certServiceK8sExternalProvider/README.md +++ b/certServiceK8sExternalProvider/README.md @@ -1,21 +1,32 @@ -## Cert Service k8s external cert signing provider +## Cert Service K8s external provider + +### General description + +Cert Service K8s external provider ia a part of certificate distribution infrastructure in ONAP. +The main functionality of the provider is to forward Certificate Signing Requests (CSRs) created by cert-mananger (https://cert-manager.io) to CertServiceAPI. + +More information can found on a dedicated page: https://wiki.onap.org/display/DW/CertService+and+K8s+Cert-Manager+integration. ### Build project There are two methods for building the project: - - mvn clean install - - make + - mvn clean install (used by CI) + - make (used by DEV) ### Installation +#### Providing K8s secret containing TLS certificates + Create secret with certificates for communication between CMPv2Issuer and Cert Service API: ``` kubectl create secret generic -n onap cmpv2-issuer-secret --from-file=<project-base-dir>/certs/cmpv2Issuer-key.pem --from-file=<project-base-dir>/certs/cmpv2Issuer-cert.pem --from-file=<project-base-dir>/certs/cacert.pem ``` -Apply k8s files from 'deploy' directory in following order: +#### Deployment of the application + +Apply K8s files from 'deploy' directory in following order: - crd.yaml - roles.yaml @@ -25,18 +36,32 @@ Apply k8s files from 'deploy' directory in following order: **Note:** Files and installation are currently examples, which should be used as a guide for OOM Helm Charts implementation +#### Log level adjustment + +Log level can be set during deployment as docker container argument --> see deployment.yaml file. +Here is an interesting part from the deployment.yaml file: + + - args: + - --metrics-addr=127.0.0.1:8080 + - --log-level=debug + command: + - /oom-certservice-cmpv2issuer + image: onap/oom-certservice-cmpv2issuer:1.0.0 + +Supported values of log-level flag (case-sensitive): debug, info, warn, error + ### Usage -To issue a certificate adjust and apply following k8s file: +To issue a certificate adjust and apply following K8s file: - certificate_example.yaml #### Unsupported Certificate fields -Some of the fields present in Cert Manager Certificate are not currently supported by CertService API, because of that they are -filtered from the Certificate Signing Request. +Some fields present in Cert-Manager Certificate are currently not supported by CertService API and because of that they are +filtered out from the Certificate Signing Request. -**Filtered fields:** +**Fields that are filtered out:** - subjectDN fields: - serialNumber - streetAddresses @@ -48,3 +73,12 @@ filtered from the Certificate Signing Request. - duration - usages + #### Overridden Certificate fields + +Some fields present in a Cert-Manager Certificate will be overridden by a CMPv2 server. + +**Overridden fields:** + - duration + - usages + + |