Fix o2pubsub container without host cert

On StarlingX openstack is now by default HTTPS. Support must be added
for this.

Also, In the helm chart, values have been added to allowing mounting
the host cert in the o2pubsub pod. The mounted cert is then used to
verify the SSL certificate of the STX and FM clients.

TEST PLAN
PASS: Run compliance and quality robot tests, with mock SMO
* With HTTPS enabled
* Use cert mounting values
* Deploy oran-o2 application on StarlingX system controller (stx10)
PASS: Run compliance and quality robot tests, with mock SMO
* Without HTTPS enabled
* Deploy oran-o2 application on StarlingX system controller (stx10)

Change-Id: I2b2e26f25e04d638a3a0814645cfa28153721b49
Signed-off-by: Zhang Rong(Jon) <rong.zhang@windriver.com>

diff --git a/charts/templates/deployment.yaml b/charts/templates/deployment.yaml
index a1596e3..32ec7ad 100644 (file)
--- a/charts/templates/deployment.yaml
+++ b/charts/templates/deployment.yaml
@@ -94,6 +94,10 @@ spec:
               value: localhost
             - name: K8S_KUBECONFIG
               value: {{ .Values.ocloud.K8S_KUBECONFIG }}
+            {{- if default false .Values.o2ims.useHostCert }}
+            - name: REQUESTS_CA_BUNDLE
+              value: /etc/ssl/custom-cert.pem
+            {{- end }}
           volumeMounts:
             - name: scripts
               mountPath: /opt
@@ -104,6 +108,11 @@ spec:
             - name: smocacrt
               mountPath: /configs/smoca.crt
               subPath: config.json
+            {{- if default false .Values.o2ims.useHostCert }}
+            - name: ca-certs
+              mountPath: /etc/ssl/custom-cert.pem
+              readOnly: true
+            {{- end }}
         - name: watcher
           image: "{{ .Values.o2ims.images.tags.o2service }}"
           command: ["/bin/bash", "/opt/o2watcher_start.sh"]