...
RestConf collector has two keystores and one truststore. One keystore is used to protect RestConf's REST API while second is used to protect communication between RestConf collector and external controllers. The same truststore is used to protect both communications. Right now its is unknown 
if the same truststore is used when RestConf collector communicates with DMaaP.
| Code Block |
|---|
# Keystore used to protect RestConf's REST API: collector.keystore.file.location: "/opt/app/restconfcollector/etc/sdnc.p12" collector.keystore.passwordfile: "/opt/app/restconfcollector/etc/passwordfile" # Seems this alias is used to lookup correct certificate from keystore Keystoreused to proetectprotect RestConf's REST API: collector.rcc.keystore.alias: "dynamically generated" # Keystore used to protect communication between RestConf collector and external controllers: collector.rcc.keystore.file.location: "/opt/app/restconfcollector/etc/keystore" collector.rcc.keystore.passwordfile: "/opt/app/restconfcollector/etc/rcc_passwordfile" # Truststore used to protect both external communications collector.rcc.truststore.file.location: "/opt/app/restconfcollector/etc/truststore.onap.client.jks" collector.rcc.truststore.passwordfile: "/opt/app/restconfcollector/etc/trustpasswordfile" |
...
If new properties are provided by blueprint and use_external_tls is set to true, K8s plugin must be able to create init containers section and within it add information about CertService's client image and pass all other variables as environment variables. Very Section very similar to example described on a dedicated page.
DCAE component specs
Each component described above has its own component spec. Each has to be updated with all properties described above.
DCAE bluerprints
Cloudify blueprints must be adjusted to take advantage of new K8s plugin functionality and must provide extra properties which controls CertService's client call.
...