From 43c79bb77fecbe8bbf881b989685bbd2a9e1c6e8 Mon Sep 17 00:00:00 2001
From: garciadeblas <gerardo.garciadeblas@telefonica.com>
Date: Wed, 24 May 2023 17:21:06 +0200
Subject: [PATCH] Update OSM helm chart to take into account manifest changes
 for feature 10957

Change-Id: Icd2802f943e3d1362d22be6daf88ba8eb56d54fe
Signed-off-by: garciadeblas <gerardo.garciadeblas@telefonica.com>
---
 .../lcm-client-certificate.yaml               | 39 +++++++++++++++++++
 .../osm/templates/lcm/lcm-deployment.yaml     |  7 ++++
 2 files changed, 46 insertions(+)
 create mode 100644 installers/helm/osm/templates/certauth_setup/lcm-client-certificate.yaml

diff --git a/installers/helm/osm/templates/certauth_setup/lcm-client-certificate.yaml b/installers/helm/osm/templates/certauth_setup/lcm-client-certificate.yaml
new file mode 100644
index 00000000..9a9646f8
--- /dev/null
+++ b/installers/helm/osm/templates/certauth_setup/lcm-client-certificate.yaml
@@ -0,0 +1,39 @@
+{{- if .Values.certauth.enabled -}}
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: lcm-client
+  namespace: osm
+spec:
+  secretName: lcm-client-cert
+  privateKey:
+    rotationPolicy: Always
+    algorithm: ECDSA
+    size: 256
+  duration: "8760h"
+  renewBefore: "2208h"
+  dnsNames:
+    - lcm.osm.svc.cluster.local
+  usages:
+    - "client auth"
+  issuerRef:
+    name: ca-issuer
+    kind: ClusterIssuer
+    group: cert-manager.io
+{{- end }}
diff --git a/installers/helm/osm/templates/lcm/lcm-deployment.yaml b/installers/helm/osm/templates/lcm/lcm-deployment.yaml
index e9bfd03f..11c5baa6 100644
--- a/installers/helm/osm/templates/lcm/lcm-deployment.yaml
+++ b/installers/helm/osm/templates/lcm/lcm-deployment.yaml
@@ -102,6 +102,9 @@ spec:
               name: osm-ca
               readOnly: true
               subPath: osm-ca.crt
+            - mountPath: /etc/ssl/lcm-client/
+              name: lcm-client-cert
+              readOnly: true
       volumes:
         - name: osm-ca
           secret:
@@ -110,6 +113,10 @@ spec:
               - key: tls.crt
                 path: osm-ca.crt
             secretName: osm-ca
+        - name: lcm-client-cert
+          secret:
+            defaultMode: 420
+            secretName: lcm-client-cert
       {{- with .Values.global.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
-- 
2.25.1