From 6af0885aacaec2d572e64a3afe939a9c5fdf90b6 Mon Sep 17 00:00:00 2001 From: "Zhang Rong(Jon)" Date: Wed, 13 Nov 2024 15:50:17 +0800 Subject: [PATCH] Fix o2pubsub container without host cert On StarlingX openstack is now by default HTTPS. Support must be added for this. Also, In the helm chart, values have been added to allowing mounting the host cert in the o2pubsub pod. The mounted cert is then used to verify the SSL certificate of the STX and FM clients. TEST PLAN PASS: Run compliance and quality robot tests, with mock SMO * With HTTPS enabled * Use cert mounting values * Deploy oran-o2 application on StarlingX system controller (stx10) PASS: Run compliance and quality robot tests, with mock SMO * Without HTTPS enabled * Deploy oran-o2 application on StarlingX system controller (stx10) Change-Id: I2b2e26f25e04d638a3a0814645cfa28153721b49 Signed-off-by: Zhang Rong(Jon) --- charts/templates/deployment.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/charts/templates/deployment.yaml b/charts/templates/deployment.yaml index a1596e3..32ec7ad 100644 --- a/charts/templates/deployment.yaml +++ b/charts/templates/deployment.yaml @@ -94,6 +94,10 @@ spec: value: localhost - name: K8S_KUBECONFIG value: {{ .Values.ocloud.K8S_KUBECONFIG }} + {{- if default false .Values.o2ims.useHostCert }} + - name: REQUESTS_CA_BUNDLE + value: /etc/ssl/custom-cert.pem + {{- end }} volumeMounts: - name: scripts mountPath: /opt @@ -104,6 +108,11 @@ spec: - name: smocacrt mountPath: /configs/smoca.crt subPath: config.json + {{- if default false .Values.o2ims.useHostCert }} + - name: ca-certs + mountPath: /etc/ssl/custom-cert.pem + readOnly: true + {{- end }} - name: watcher image: "{{ .Values.o2ims.images.tags.o2service }}" command: ["/bin/bash", "/opt/o2watcher_start.sh"] -- 2.16.6