From: UNNAVA Date: Thu, 2 Apr 2020 19:29:20 +0000 (-0400) Subject: update cert using secrets X-Git-Tag: 5.0.2-ONAP~19^2 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;ds=sidebyside;h=1135f2c9310ea4bbeec31ced75e735121b2df243;p=oom.git update cert using secrets Issue-ID: DMAAP-1422 Change-Id: Idb75ceff8aff9df801f0781a1729dae1386b0b51 Signed-off-by: UNNAVA --- diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/cert/org.onap.dmaap.mr.keyfile b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/cert/org.onap.dmaap.mr.keyfile new file mode 100644 index 0000000000..72d3b73348 --- /dev/null +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/cert/org.onap.dmaap.mr.keyfile @@ -0,0 +1,27 @@ +yJhToh1HtF7641JOeljPtn4ECRn7dncPKtUh9XN4Hv1GX2q1MSVsDI2qQ7i2Q8hH1G3Ko_x0fl1p +PLn2bOh9cOOGKxQrWxY0724Cme1MMc_drOl7TNk5DPmiw-teI6BdpS_wPtfDGLql9xuxIMWPdv_P +Id9LSzdW_Fa4FepgcxAj6jOK7jQBmJIsedxIpAVFU0bjmMwybe_BRe1x8yEBrfQo8Si0cfjYdQYP +XBTAnJ46zejAPJh2U4MyBhYzz2Zr1nMux2wjHc52z8J7_YpfveNSpr9UwOzSo0VqAEORISQDS7Cb +Cc9jeYmxPkVCEraHWq5jtOpVdwxwTSh1PJ8_pgnhQ4AgQS-5JyRdHWvzwGa2RW8i3ZF1qfJBP4wb +lyXiNYKSU5jDd-wNP0b9WDILGFRKuAHjz1wKB1IHyQTBX7dpjouuZysEkZS348NVLfAmb1klKp5Q +1lq2H4TdQnPaG6tV_wyI0ZrZsf4TCeDxYRxEAZc3ILefM_72Zc-UWEHQ_Q4Qck30fJzoHFgEm5Rm +8XofzAfHOcjoa7o8mEVi9veNpqTeNa8b2DLqYehcE_rMYU_y1AgWsnWgiIX1AEzLyUyfliS2PxQh +ZI3HLMrzfV--pOuQp_CnrcHclvkX3u5ZJ01a6jq7ONpr712YNmUEoD6s1UR0wEEeO61Cun8zfty8 +m-qXD3k-re64WDizw-pHXHYmIS9a4jL7D0R4KysJRf6iZTAUy4ROy6aS-wMYGgy0r7sEOZY6zp4h +MBczN5-3O7r-dKjOrr1RWXS3zt71oJNSGcnG41KKOnUeNpFBmIzVfoIp9KR5zdcg-gGrA8Xi_tBj +-rAqYfaNMBUDDtFCLhCHwuhKpR0Y0gG_-8J43yi3bfWOYMWkgPRHrJIiIO-SNUW_pobbRqQzIT3h +V5IcEc5pa-lnJnBNS5b_-cHsA0x4g1FPmDmjsGBYZmiaPSvXPzhpZVsww1p9nVL63rYLMOTSps1V +Lj9_UYWef7jD409vZRqeLQGi7lMNeC7oLv_hi_l05rZUkpegMLYmIWzjhzW8OuYdiHGuboV9TyUR +QWn5e_bypQBAJhYqaYNADzV9duW0v3SW89zP9TlkJ6tfvhcVXRQn4MUzIC9h_0q3cf_9Wemx7UPW +tGML52lYWcEbVbGF9yFtOm3qVPi4sVFO61vOtIoQhIIL3oa9gOWO9yPCjNm4lD-C4jAWHjtJdMr8 +cGtBplAHGly63VQs9RRUr42A95JMtsuJIPNDWP5-I-9R77NALdzjKEJE2FngGW8Ud4pJQ1sikPH3 +F4kVn1L2NpAilVrjlyb_y89mskrWaSdHCE2P1_gtkWHXfXIfKK0UFQt17s8hk0MfL6JSUDUE4IKN +tK70iHwmqY9VbYKYLf-8Gl7CW_Q9MumHjGsktwVZinpH4kOUREr6tyve4rZv8wN6mbNPVJ5gw_PE +I4bvSiEstMgelbkheMC4l-zc3q9C_fNZmLmdav8PLUrkS_NxnZ4hJQCDTjhbMqLIwknXU9SkDyPb +Dgh049PyJrYzv2_TpYoS6M_o3HjApMkRKlV_TEcbGoX06gAUYTiEWAQU6wm0TdsIdxjEXAWeTiX7 +ddI_vEioFemoKjE5iRWNaKL85xsTsQj6bQi1eSj1F0lxqnSGRldiMAPMrfqKDJ7xFpXS7nyQfLjY +m1H-Y3bk0iBBZbU0JKXerE_jlr3s7rcdarpwY1pdODoUJBk-EiKezm6zWuG9o3IisPNSqqOs4Cax +QAE3dt-1TpCxkw7Rpgm8eTwPMPOD3gj7Szcs2sEh-0UIk8y7uZCSRz0ZCsQj-jJl97WQV1ky89xS +c9ECqzDTgl2cVrih9aQu863_yHnjm9tNTxMH4DudB5JcmM96BX4CfS9qgVzAqCGvW9KS37wy0bK_ +iSCAhAWNT5L9E3fUyg--V_gmVjxGb8Y020cc4_pkqSbAAC8qjQhDWHLy_M2RzQrPmQMdP2PZ5-AU +Pw6HdHmVTOLZeYuVS1rXx4AYWXkgKHiSRqO6bal1opzOnSpbw-Q1bQu0wZ1MarXodEtJFaOr \ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/cert/org.onap.dmaap.mr.p12 b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/cert/org.onap.dmaap.mr.p12 new file mode 100644 index 0000000000..1a0e8a49ce Binary files /dev/null and b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/cert/org.onap.dmaap.mr.p12 differ diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/cert/org.onap.dmaap.mr.trust.jks b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/cert/org.onap.dmaap.mr.trust.jks new file mode 100644 index 0000000000..aae6d81d70 Binary files /dev/null and b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/cert/org.onap.dmaap.mr.trust.jks differ diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties index 1e7d7d38ac..a5219c9399 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties @@ -3,16 +3,15 @@ aaf_env=DEV aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm cadi_truststore=/opt/kafka/config/org.onap.dmaap.mr.trust.jks -cadi_truststore_password=enc:gvXm0E9p-_SRNw5_feOUE7wqXBxgxV3S_bdAyB08Sq9F35cCUZHWgQyKIDtTAbEw +cadi_truststore_password=enc:mN6GiIzFQxKGDzAXDOs7b4j8DdIX02QrZ9QOWNRpxV3rD6whPCfizSMZkJwxi_FJ cadi_keyfile=/opt/kafka/config/org.onap.dmaap.mr.keyfile cadi_alias=dmaapmr@mr.dmaap.onap.org cadi_keystore=/opt/kafka/config/org.onap.dmaap.mr.p12 -cadi_keystore_password=enc:pLMCzQzk-OP7IpYNi0TPtQSkNcraFAdarZG8HbdOKq4BycW6g_7mfhphLhOZo6ht +cadi_keystore_password=enc:_JJT2gAEkRzXla5xfDIHal8pIoIB5iIos3USvZQT6sL-l14LpI5fRFR_QIGUCh5W cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US - cadi_loglevel=INFO cadi_protocols=TLSv1.1,TLSv1.2 cadi_latitude=37.78187 diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/secrets.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/secrets.yaml new file mode 100644 index 0000000000..d9abae5dd4 --- /dev/null +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/secrets.yaml @@ -0,0 +1,27 @@ +# Copyright © 2020 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-aaf-certs-secret + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ (.Files.Glob "resources/cert/*").AsSecrets | indent 2 }} +type: Opaque diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml index 3be8d5df61..06d3d8b2b8 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml @@ -150,6 +150,15 @@ spec: name: cadi - mountPath: /opt/kafka/data name: kafka-data + - mountPath: /etc/kafka/secrets/cert/org.onap.dmaap.mr.trust.jks + subPath: org.onap.dmaap.mr.trust.jks + name: aaf-certs-secret + - mountPath: /etc/kafka/secrets/cert/org.onap.dmaap.mr.keyfile + subPath: org.onap.dmaap.mr.keyfile + name: aaf-certs-secret + - mountPath: /etc/kafka/secrets/cert/org.onap.dmaap.mr.p12 + subPath: org.onap.dmaap.mr.p12 + name: aaf-certs-secret {{- if .Values.tolerations }} tolerations: {{ toYaml .Values.tolerations | indent 10 }} @@ -163,6 +172,9 @@ spec: - name: docker-socket hostPath: path: /var/run/docker.sock + - name: aaf-certs-secret + secret: + secretName: {{ include "common.fullname" . }}-aaf-certs-secret - name: server configMap: name: {{ include "common.fullname" . }}-server-prop-configmap diff --git a/kubernetes/dmaap/components/message-router/resources/cert/org.onap.dmaap.mr.jks b/kubernetes/dmaap/components/message-router/resources/cert/org.onap.dmaap.mr.jks new file mode 100644 index 0000000000..34cb01f44e Binary files /dev/null and b/kubernetes/dmaap/components/message-router/resources/cert/org.onap.dmaap.mr.jks differ diff --git a/kubernetes/dmaap/components/message-router/resources/cert/org.onap.dmaap.mr.keyfile b/kubernetes/dmaap/components/message-router/resources/cert/org.onap.dmaap.mr.keyfile new file mode 100644 index 0000000000..72d3b73348 --- /dev/null +++ b/kubernetes/dmaap/components/message-router/resources/cert/org.onap.dmaap.mr.keyfile @@ -0,0 +1,27 @@ +yJhToh1HtF7641JOeljPtn4ECRn7dncPKtUh9XN4Hv1GX2q1MSVsDI2qQ7i2Q8hH1G3Ko_x0fl1p +PLn2bOh9cOOGKxQrWxY0724Cme1MMc_drOl7TNk5DPmiw-teI6BdpS_wPtfDGLql9xuxIMWPdv_P +Id9LSzdW_Fa4FepgcxAj6jOK7jQBmJIsedxIpAVFU0bjmMwybe_BRe1x8yEBrfQo8Si0cfjYdQYP +XBTAnJ46zejAPJh2U4MyBhYzz2Zr1nMux2wjHc52z8J7_YpfveNSpr9UwOzSo0VqAEORISQDS7Cb +Cc9jeYmxPkVCEraHWq5jtOpVdwxwTSh1PJ8_pgnhQ4AgQS-5JyRdHWvzwGa2RW8i3ZF1qfJBP4wb +lyXiNYKSU5jDd-wNP0b9WDILGFRKuAHjz1wKB1IHyQTBX7dpjouuZysEkZS348NVLfAmb1klKp5Q +1lq2H4TdQnPaG6tV_wyI0ZrZsf4TCeDxYRxEAZc3ILefM_72Zc-UWEHQ_Q4Qck30fJzoHFgEm5Rm +8XofzAfHOcjoa7o8mEVi9veNpqTeNa8b2DLqYehcE_rMYU_y1AgWsnWgiIX1AEzLyUyfliS2PxQh +ZI3HLMrzfV--pOuQp_CnrcHclvkX3u5ZJ01a6jq7ONpr712YNmUEoD6s1UR0wEEeO61Cun8zfty8 +m-qXD3k-re64WDizw-pHXHYmIS9a4jL7D0R4KysJRf6iZTAUy4ROy6aS-wMYGgy0r7sEOZY6zp4h +MBczN5-3O7r-dKjOrr1RWXS3zt71oJNSGcnG41KKOnUeNpFBmIzVfoIp9KR5zdcg-gGrA8Xi_tBj +-rAqYfaNMBUDDtFCLhCHwuhKpR0Y0gG_-8J43yi3bfWOYMWkgPRHrJIiIO-SNUW_pobbRqQzIT3h +V5IcEc5pa-lnJnBNS5b_-cHsA0x4g1FPmDmjsGBYZmiaPSvXPzhpZVsww1p9nVL63rYLMOTSps1V +Lj9_UYWef7jD409vZRqeLQGi7lMNeC7oLv_hi_l05rZUkpegMLYmIWzjhzW8OuYdiHGuboV9TyUR +QWn5e_bypQBAJhYqaYNADzV9duW0v3SW89zP9TlkJ6tfvhcVXRQn4MUzIC9h_0q3cf_9Wemx7UPW +tGML52lYWcEbVbGF9yFtOm3qVPi4sVFO61vOtIoQhIIL3oa9gOWO9yPCjNm4lD-C4jAWHjtJdMr8 +cGtBplAHGly63VQs9RRUr42A95JMtsuJIPNDWP5-I-9R77NALdzjKEJE2FngGW8Ud4pJQ1sikPH3 +F4kVn1L2NpAilVrjlyb_y89mskrWaSdHCE2P1_gtkWHXfXIfKK0UFQt17s8hk0MfL6JSUDUE4IKN +tK70iHwmqY9VbYKYLf-8Gl7CW_Q9MumHjGsktwVZinpH4kOUREr6tyve4rZv8wN6mbNPVJ5gw_PE +I4bvSiEstMgelbkheMC4l-zc3q9C_fNZmLmdav8PLUrkS_NxnZ4hJQCDTjhbMqLIwknXU9SkDyPb +Dgh049PyJrYzv2_TpYoS6M_o3HjApMkRKlV_TEcbGoX06gAUYTiEWAQU6wm0TdsIdxjEXAWeTiX7 +ddI_vEioFemoKjE5iRWNaKL85xsTsQj6bQi1eSj1F0lxqnSGRldiMAPMrfqKDJ7xFpXS7nyQfLjY +m1H-Y3bk0iBBZbU0JKXerE_jlr3s7rcdarpwY1pdODoUJBk-EiKezm6zWuG9o3IisPNSqqOs4Cax +QAE3dt-1TpCxkw7Rpgm8eTwPMPOD3gj7Szcs2sEh-0UIk8y7uZCSRz0ZCsQj-jJl97WQV1ky89xS +c9ECqzDTgl2cVrih9aQu863_yHnjm9tNTxMH4DudB5JcmM96BX4CfS9qgVzAqCGvW9KS37wy0bK_ +iSCAhAWNT5L9E3fUyg--V_gmVjxGb8Y020cc4_pkqSbAAC8qjQhDWHLy_M2RzQrPmQMdP2PZ5-AU +Pw6HdHmVTOLZeYuVS1rXx4AYWXkgKHiSRqO6bal1opzOnSpbw-Q1bQu0wZ1MarXodEtJFaOr \ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/resources/cert/org.onap.dmaap.mr.p12 b/kubernetes/dmaap/components/message-router/resources/cert/org.onap.dmaap.mr.p12 new file mode 100644 index 0000000000..1a0e8a49ce Binary files /dev/null and b/kubernetes/dmaap/components/message-router/resources/cert/org.onap.dmaap.mr.p12 differ diff --git a/kubernetes/dmaap/components/message-router/resources/cert/org.onap.dmaap.mr.trust.jks b/kubernetes/dmaap/components/message-router/resources/cert/org.onap.dmaap.mr.trust.jks new file mode 100644 index 0000000000..aae6d81d70 Binary files /dev/null and b/kubernetes/dmaap/components/message-router/resources/cert/org.onap.dmaap.mr.trust.jks differ diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties b/kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties index 36dafce986..dca56c823d 100755 --- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties +++ b/kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties @@ -4,17 +4,16 @@ aaf_env=DEV aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm cadi_truststore=/appl/dmaapMR1/etc/org.onap.dmaap.mr.trust.jks -cadi_truststore_password=enc:gvXm0E9p-_SRNw5_feOUE7wqXBxgxV3S_bdAyB08Sq9F35cCUZHWgQyKIDtTAbEw +cadi_truststore_password=enc:mN6GiIzFQxKGDzAXDOs7b4j8DdIX02QrZ9QOWNRpxV3rD6whPCfizSMZkJwxi_FJ cadi_keyfile=/appl/dmaapMR1/etc/org.onap.dmaap.mr.keyfile cadi_alias=dmaapmr@mr.dmaap.onap.org cadi_keystore=/appl/dmaapMR1/etc/org.onap.dmaap.mr.p12 -cadi_keystore_password=enc:pLMCzQzk-OP7IpYNi0TPtQSkNcraFAdarZG8HbdOKq4BycW6g_7mfhphLhOZo6ht +cadi_keystore_password=enc:_JJT2gAEkRzXla5xfDIHal8pIoIB5iIos3USvZQT6sL-l14LpI5fRFR_QIGUCh5W cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US - cadi_loglevel=INFO cadi_protocols=TLSv1.1,TLSv1.2 cadi_latitude=37.78187 -cadi_longitude=-122.26147 +cadi_longitude=-122.26147 \ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/templates/secrets.yaml b/kubernetes/dmaap/components/message-router/templates/secrets.yaml index 023b5a1614..90f63ec98a 100644 --- a/kubernetes/dmaap/components/message-router/templates/secrets.yaml +++ b/kubernetes/dmaap/components/message-router/templates/secrets.yaml @@ -26,3 +26,17 @@ metadata: data: {{ (.Files.Glob "resources/config/dmaap/mykey").AsSecrets | indent 2 }} type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-aaf-certs-secret + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ (.Files.Glob "resources/cert/*").AsSecrets | indent 2 }} +type: Opaque \ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml index f6d67214a6..9f64b99d50 100644 --- a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml @@ -87,6 +87,18 @@ spec: - mountPath: /appl/dmaapMR1/etc/keyfile subPath: mykey name: mykey + - mountPath: /bundleconfig/etc/org.onap.dmaap.mr.jks + subPath: org.onap.dmaap.mr.jks + name: aaf-certs-secret + - mountPath: /appl/dmaapMR1/etc/org.onap.dmaap.mr.trust.jks + subPath: org.onap.dmaap.mr.trust.jks + name: aaf-certs-secret + - mountPath: /appl/dmaapMR1/etc/org.onap.dmaap.mr.keyfile + subPath: org.onap.dmaap.mr.keyfile + name: aaf-certs-secret + - mountPath: /appl/dmaapMR1/etc/org.onap.dmaap.mr.p12 + subPath: org.onap.dmaap.mr.p12 + name: aaf-certs-secret resources: {{ include "common.resources" . | indent 12 }} volumes: @@ -105,5 +117,8 @@ spec: - name: mykey secret: secretName: {{ include "common.fullname" . }}-secret + - name: aaf-certs-secret + secret: + secretName: {{ include "common.fullname" . }}-aaf-certs-secret imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key"