From: Zhang Rong(Jon) Date: Wed, 13 Nov 2024 07:50:17 +0000 (+0800) Subject: Fix o2pubsub container without host cert X-Git-Tag: k-release~3 X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=commitdiff_plain;h=6af0885aacaec2d572e64a3afe939a9c5fdf90b6;p=pti%2Fo2.git Fix o2pubsub container without host cert On StarlingX openstack is now by default HTTPS. Support must be added for this. Also, In the helm chart, values have been added to allowing mounting the host cert in the o2pubsub pod. The mounted cert is then used to verify the SSL certificate of the STX and FM clients. TEST PLAN PASS: Run compliance and quality robot tests, with mock SMO * With HTTPS enabled * Use cert mounting values * Deploy oran-o2 application on StarlingX system controller (stx10) PASS: Run compliance and quality robot tests, with mock SMO * Without HTTPS enabled * Deploy oran-o2 application on StarlingX system controller (stx10) Change-Id: I2b2e26f25e04d638a3a0814645cfa28153721b49 Signed-off-by: Zhang Rong(Jon) --- diff --git a/charts/templates/deployment.yaml b/charts/templates/deployment.yaml index a1596e3..32ec7ad 100644 --- a/charts/templates/deployment.yaml +++ b/charts/templates/deployment.yaml @@ -94,6 +94,10 @@ spec: value: localhost - name: K8S_KUBECONFIG value: {{ .Values.ocloud.K8S_KUBECONFIG }} + {{- if default false .Values.o2ims.useHostCert }} + - name: REQUESTS_CA_BUNDLE + value: /etc/ssl/custom-cert.pem + {{- end }} volumeMounts: - name: scripts mountPath: /opt @@ -104,6 +108,11 @@ spec: - name: smocacrt mountPath: /configs/smoca.crt subPath: config.json + {{- if default false .Values.o2ims.useHostCert }} + - name: ca-certs + mountPath: /etc/ssl/custom-cert.pem + readOnly: true + {{- end }} - name: watcher image: "{{ .Values.o2ims.images.tags.o2service }}" command: ["/bin/bash", "/opt/o2watcher_start.sh"]