From 1135f2c9310ea4bbeec31ced75e735121b2df243 Mon Sep 17 00:00:00 2001 From: UNNAVA Date: Thu, 2 Apr 2020 15:29:20 -0400 Subject: [PATCH] update cert using secrets Issue-ID: DMAAP-1422 Change-Id: Idb75ceff8aff9df801f0781a1729dae1386b0b51 Signed-off-by: UNNAVA --- .../resources/cert/org.onap.dmaap.mr.keyfile | 27 +++++++++++++++++++++ .../resources/cert/org.onap.dmaap.mr.p12 | Bin 0 -> 4149 bytes .../resources/cert/org.onap.dmaap.mr.trust.jks | Bin 0 -> 1413 bytes .../resources/config/cadi.properties | 5 ++-- .../message-router-kafka/templates/secrets.yaml | 27 +++++++++++++++++++++ .../templates/statefulset.yaml | 12 +++++++++ .../resources/cert/org.onap.dmaap.mr.jks | Bin 0 -> 3619 bytes .../resources/cert/org.onap.dmaap.mr.keyfile | 27 +++++++++++++++++++++ .../resources/cert/org.onap.dmaap.mr.p12 | Bin 0 -> 4149 bytes .../resources/cert/org.onap.dmaap.mr.trust.jks | Bin 0 -> 1413 bytes .../resources/config/dmaap/cadi.properties | 7 +++--- .../message-router/templates/secrets.yaml | 14 +++++++++++ .../message-router/templates/statefulset.yaml | 15 ++++++++++++ 13 files changed, 127 insertions(+), 7 deletions(-) create mode 100644 kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/cert/org.onap.dmaap.mr.keyfile create mode 100644 kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/cert/org.onap.dmaap.mr.p12 create mode 100644 kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/cert/org.onap.dmaap.mr.trust.jks create mode 100644 kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/secrets.yaml create mode 100644 kubernetes/dmaap/components/message-router/resources/cert/org.onap.dmaap.mr.jks create mode 100644 kubernetes/dmaap/components/message-router/resources/cert/org.onap.dmaap.mr.keyfile create mode 100644 kubernetes/dmaap/components/message-router/resources/cert/org.onap.dmaap.mr.p12 create mode 100644 kubernetes/dmaap/components/message-router/resources/cert/org.onap.dmaap.mr.trust.jks diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/cert/org.onap.dmaap.mr.keyfile b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/cert/org.onap.dmaap.mr.keyfile new file mode 100644 index 0000000000..72d3b73348 --- /dev/null +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/cert/org.onap.dmaap.mr.keyfile @@ -0,0 +1,27 @@ +yJhToh1HtF7641JOeljPtn4ECRn7dncPKtUh9XN4Hv1GX2q1MSVsDI2qQ7i2Q8hH1G3Ko_x0fl1p +PLn2bOh9cOOGKxQrWxY0724Cme1MMc_drOl7TNk5DPmiw-teI6BdpS_wPtfDGLql9xuxIMWPdv_P +Id9LSzdW_Fa4FepgcxAj6jOK7jQBmJIsedxIpAVFU0bjmMwybe_BRe1x8yEBrfQo8Si0cfjYdQYP +XBTAnJ46zejAPJh2U4MyBhYzz2Zr1nMux2wjHc52z8J7_YpfveNSpr9UwOzSo0VqAEORISQDS7Cb +Cc9jeYmxPkVCEraHWq5jtOpVdwxwTSh1PJ8_pgnhQ4AgQS-5JyRdHWvzwGa2RW8i3ZF1qfJBP4wb +lyXiNYKSU5jDd-wNP0b9WDILGFRKuAHjz1wKB1IHyQTBX7dpjouuZysEkZS348NVLfAmb1klKp5Q +1lq2H4TdQnPaG6tV_wyI0ZrZsf4TCeDxYRxEAZc3ILefM_72Zc-UWEHQ_Q4Qck30fJzoHFgEm5Rm +8XofzAfHOcjoa7o8mEVi9veNpqTeNa8b2DLqYehcE_rMYU_y1AgWsnWgiIX1AEzLyUyfliS2PxQh +ZI3HLMrzfV--pOuQp_CnrcHclvkX3u5ZJ01a6jq7ONpr712YNmUEoD6s1UR0wEEeO61Cun8zfty8 +m-qXD3k-re64WDizw-pHXHYmIS9a4jL7D0R4KysJRf6iZTAUy4ROy6aS-wMYGgy0r7sEOZY6zp4h +MBczN5-3O7r-dKjOrr1RWXS3zt71oJNSGcnG41KKOnUeNpFBmIzVfoIp9KR5zdcg-gGrA8Xi_tBj +-rAqYfaNMBUDDtFCLhCHwuhKpR0Y0gG_-8J43yi3bfWOYMWkgPRHrJIiIO-SNUW_pobbRqQzIT3h +V5IcEc5pa-lnJnBNS5b_-cHsA0x4g1FPmDmjsGBYZmiaPSvXPzhpZVsww1p9nVL63rYLMOTSps1V +Lj9_UYWef7jD409vZRqeLQGi7lMNeC7oLv_hi_l05rZUkpegMLYmIWzjhzW8OuYdiHGuboV9TyUR +QWn5e_bypQBAJhYqaYNADzV9duW0v3SW89zP9TlkJ6tfvhcVXRQn4MUzIC9h_0q3cf_9Wemx7UPW +tGML52lYWcEbVbGF9yFtOm3qVPi4sVFO61vOtIoQhIIL3oa9gOWO9yPCjNm4lD-C4jAWHjtJdMr8 +cGtBplAHGly63VQs9RRUr42A95JMtsuJIPNDWP5-I-9R77NALdzjKEJE2FngGW8Ud4pJQ1sikPH3 +F4kVn1L2NpAilVrjlyb_y89mskrWaSdHCE2P1_gtkWHXfXIfKK0UFQt17s8hk0MfL6JSUDUE4IKN +tK70iHwmqY9VbYKYLf-8Gl7CW_Q9MumHjGsktwVZinpH4kOUREr6tyve4rZv8wN6mbNPVJ5gw_PE +I4bvSiEstMgelbkheMC4l-zc3q9C_fNZmLmdav8PLUrkS_NxnZ4hJQCDTjhbMqLIwknXU9SkDyPb +Dgh049PyJrYzv2_TpYoS6M_o3HjApMkRKlV_TEcbGoX06gAUYTiEWAQU6wm0TdsIdxjEXAWeTiX7 +ddI_vEioFemoKjE5iRWNaKL85xsTsQj6bQi1eSj1F0lxqnSGRldiMAPMrfqKDJ7xFpXS7nyQfLjY +m1H-Y3bk0iBBZbU0JKXerE_jlr3s7rcdarpwY1pdODoUJBk-EiKezm6zWuG9o3IisPNSqqOs4Cax +QAE3dt-1TpCxkw7Rpgm8eTwPMPOD3gj7Szcs2sEh-0UIk8y7uZCSRz0ZCsQj-jJl97WQV1ky89xS +c9ECqzDTgl2cVrih9aQu863_yHnjm9tNTxMH4DudB5JcmM96BX4CfS9qgVzAqCGvW9KS37wy0bK_ +iSCAhAWNT5L9E3fUyg--V_gmVjxGb8Y020cc4_pkqSbAAC8qjQhDWHLy_M2RzQrPmQMdP2PZ5-AU +Pw6HdHmVTOLZeYuVS1rXx4AYWXkgKHiSRqO6bal1opzOnSpbw-Q1bQu0wZ1MarXodEtJFaOr \ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/cert/org.onap.dmaap.mr.p12 b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/cert/org.onap.dmaap.mr.p12 new file mode 100644 index 0000000000000000000000000000000000000000..1a0e8a49ce7440f213ed2e4beb50f743462174c3 GIT binary patch literal 4149 zcmY+HcQhQ_y2fWl@1u_)1W_W4(TPsfVU$FP-h1zY!4T0)^iD{0AtXxFh!Aav7Cnd& zCF*F=ZqB#vJ?EbFuD7h;v-kVwv)6{B!9pM)9vn@zO-RBQqaJfc0VD#Jps5z{(Nwd4 z@gy8gkn&#=K?FXUAoMQ|`kQ`)WdD1MoD>KuLE~S-(fDWZ`-G(bhyN~T#;2>J2Yf}x z9&rmWFXWDn5n*GaQR*N(K%Xu?8h`Ml=*x|K?peZM49PPdorx}Y8SyAqB%20-$C&0Z zM>f6POumqn!slm4KJhVx!r-C^rdxTcgEt9z}70Hfu@bihH~5YVkTLC*J-48`4{)%F#KKFjb%A-5pfs5>xy;B3=xrA3wzV&gjf8ilUSn>Mx zht)<;5Xcm&oc)--U_)IKD(4%`-GvBf5Nq^rZPOEFS{wsPeUzM5H5F)))nzb?sLu$u zetGaSgu6EJ00+l3-3!A2C5&GAYuJgxUiiz& z214)~s1mwz7S|luUfD!QA!%z8ymc;O@`gtmyGOPI^sLmf*=-vontGa$b1)2687=9p zM1AJDrcZTUX3(FLXh)WIacQTVyY>_4rNx)kVSAQ~>rO6ju7~#P%{W&DZ%rd1CiLv_ zUB?3>uSO)F1%P(O)Y`I05)j`m!DSzWVyU%F&pD z7{$Om5pe@
mWVjO^h5(o1|2SEi+mXRQ<==aO;HT{LL`SA3|K55}&Q2&9*lUQ`V zf?u*}kyo~VjYF`Yu`&BtcYUdy@mn4G?$h(1nqcF2((kQkg;Hww)-m7Dop&o1*JZ4X zRG_8OcD^Ypn}dAmPb)aNNQ0Jp1R0`jyY9L-#YbWgLV!rpEX0-zwr_jQ+CpQDyGxnbnDOh+}# zf@b_P5cOj!#S~J=ry%t*=^-91VT@4AuDkcyMD*){wBd;f*7!V$%;AN0Rv9{@7;C{& zf*9)nw!4R6DjMgMEwHk3#~LE5b$@rO)av!GA03^b?|+|RctRyNLN*H(VZGtC%pcV5 zd zxKxA*3KucBZ83fO14>eV7H%jN+IiZy_&s;n5lhi@ptP}^=AWrK0a>xUR2(M^YTtw@ z>&xd}uamdoY^CW81m7?5wJsKPF==)MdhNa_JFLo`>@Ax-8ZC(BW-X;XTWw&t3i*E8FIe#UWn?DFfo z^^#B_>t|fyr{xK1+Z-uyQ;=sk77p37sc6+DP$^aAbw%MG-L7Vu8A*IcYPQ^&qU;;A z{n2mfOefYGM900FH3>|E!=FqQj?o z;_PmJS4d1!Oh^bWEG#7=E(J%E%KZBf5n&0MRNybV4*~-IHje)&!2j}L!hiX2mDD}t zfsxeKE4_-y{MqI$FgXqFKRz6RCizAF)O*o0RHUM<)l|>nJEAF+koRU(Hf^I1>bYVd zC9LmhUa+Nnpt&jiQ@CAK_mYFU4`x{KQe=*QwbnZT@KR(w)GTQr0s20n`Y zv}A4<&Erx;Ql_dVrSzu>op>nZe+C`0gv4Agc#XZ2cMc=LPQIUcp~dfh0Zz&Vd<*U$ zz)T(^iCjkvpf8bQ^?|W^M*_nPIHpWd367aEJ7A_yt^e(CT6SRV2eJoR^m$WM-``Yy zc#705o(a32PPMP!G5hSE@oOP&q%rb{0j0EG`oJ~|h9?>DBFNZ-gj`gThdwyKweH(; zs?2n3*-*C2TO0?koGjPi8;bS){2-9Irt!VcjDV8v#Xj3ZR^JKB$b*&VLOnk7Hi|h~ zbb-Hp(`xdp1xTi3VTta#F0fBj$r}>uBWj-oOrcj1-Vq1hJ>+WQf(D2}9c(nbqEfYz zve%<&_|qCL9VtGKX{Q7guH&^8Q~P}99_l5~48J;BW99jVupthp@toX8tEN1BulJ+G z6Rk{X(b2EtV)LWo{0d97dX9c6Cob}>d&fl=GYGzG)E{*5GIdIV+n(hOaj zZ)=H73-r}ucLDQwE|iAE!Dj6%;6vHiUNFsl`@aa#d zKm(f8pVAN0n~zy!Q{GogsX45rNtY5HO?_LxL=9Own%5;_E!6=6OO~oM)TJ^A{YHG_ zk~-hkFZ@z#T5DPtkF6Is$&r%^*A}fW(y1!cR^HfLXh~*MBm?!{L*t{mmHj1 zR;z@zjClp2_DbjRroKR>#?8~rnt=F^(Uz1!GF4Z7P+Y?amR5os)sdLFKO(p#AX~Wf z@`p~AqLLH35Ze$cfq^U=GBWH z*5PN!XncGo7;jq<_x&VC&-Q+({jluR$RxDl1@l=0I_YiIS-4JB@HtZ#-=yq8MXgB_ zZ`YgoxAbPS2BZnUgH`ZAuiNn^NS$WKTKoQBe_h9LQ)B>*h+%)!S!UI3x-;gKQ0waf zP0Iixro`aCuM4iT`Y_O{Ic~JTn)vcWRE#Atd}`in<5qf=YFfWh=v?$VM?)6(=(9a> zReDgCTLQrT=w@j$)yR-S=Z13cS!FqZqcr=xFtihSl%weaZZ8NY2o}WB4Z*pVG2@!^ z+jbvIlljn@0^#LNhfwd|xzINzU(a!jUlI@|ZG1?XFKtI8fe-b5H(DCB_TW8-9c6+P z%^tS9xa71Qc)?t?Cy-5HB!11QDtV{Ot!fJP8{q4P_gkNc`NP}(P^$HBbJ=T_cRva- z?xF4y`6l!-D1xxO;-oAf<7a)9psdmv;l<=}S+eqt-k~K0hIpyjm?v`8zIy6bgmucX zk^rN4aSBXQ$Tm$YGP)XynRE6it4oSx#O&6y2ryr=^d#wc!X)>KG>6ejv&8GV2TLj*lQTV zd-^(Wm6R`?)BFGv2j860rCi_-ZIK8kL_8|B6?Y_lnGmoixh3{`m}}tH&^g52UsXdg zN>xzeIm$ltWW`e7VcAMYbPhNkcgi*nGY1lb6arAcQ-0%X%$f>3w^-Vb!neb3Q9Fbj zu}O(4eB_5u{*HyJM3z_#m9Vp(r$!9ChGdRJWuer4JVl-o?fQTltQn85c^~N*4ao~j zU!Wnu>r<~g!3>5tu6#t#$S;pHz197oB%$vu4nG7x*U;g#hiWLFIlD#-Q9&!m#W2Z) zc^_EKhvMK65+khQ%$o8H)^uFA4yO0NZLy{^i%}rsizoUdnYQ(h~$JriH>hKvAE0- zcT2&r_f03@gFAlpA6U3#tKTa}%FxCeR2GsOI7vq0nfk|(7|#g;BZA<)-1d_{A0$xA zUA~JJ8#D}fs*`|p+;nd6}ZuGDTsHm@4u7A#4{u)k5nRWaV2oH%is zg1ppu;-_TNb$DkqXBdOIi?_Au(ar7VSBo@pNhjWS?1K`Ad=T`C$R-avXlCuOljWLI zK}_+jO?6no*JxfHQ)bga`Q7>wb)QQ5v`{Zv(prf-x#ki^WzFS9n0Etnr(DZ0%Vf=$ zRgb|*9Xl9z^&o3|ZU(<(lv|#ww>!q>Rhq851z-l6!X<0t=3C+sBAh$T(-l(mFk7=H zE6pj`4*xpJp6mcNj;)FXe#ZCdzSMq`nm?Jh?_>nntH7`4XWk0C(}RbP>g0fxol z@g+XAJhz0~l&QB|(H%5AFv^O}PadX?9)Fc~GSA`K58hQL4sLp`pVrX8%#<~Ys$1dIJ2{>iCji4hH)jST zbvWCxAY`)F;h4#E=R1mIVBXi1uF=egXE0Ez88>ty{uUA^%K<)C<^fdWGb>og$PC^e zx17ioJ+y_(!P(&?gai*L@jy@l06v{AJ3ER6dMht`*iC6Wvz68Er2_r?XAeuCtD|Su W(d$J1iCqH;%%z66Ihx6rp_&x9QzQ6bRJ--j{E1#3kK_C#QVt{{9 zYNCst5>ZjzfZKN-#QHRSn_nW@~GYQwLSoxr!Rx`G~CxP8C#Mr%IYox*NDn zOC3i9cY_4nZXCgq=&7ZSCxUo9?g#y!*ErDaKfePYATSOT1pzrw6(|P^K-#TJ9W-ic zn3$k#kJDL?baT!*VB8Enbxw%Bu0)sD^6MSw6nW$dnfN@h$(xlwhlY`>oN@rW36*)x z`RoPN-gxZU6?6W42aVs_*vJae7;~o$#uPKBkThD7nHNPk=(E_}ucljpJ=xlU?rw8Uycx6Rjvb#)3tnn? zXm{;Myn9)TC^G4KNBSDdPc-?`Wkh(xpzJZZdBAbiB>Lh4CnLhvhg7KdyAg-B^>-Vm6-1ockBH@r0I=jP?q|ajdUZ? zOgs5Q6?&f_6E$XoX~S)NFxGsWv5qG+x)8B)Ue4Qh}AMr%5%B+bl7s~(ubrDG3LHP=^C2~(*SUAPe zmL=)0-770c{(Fb$uq(-+oYjWzhYIQOuo2)}FEU*=1)K2&oI;)EYo}%_;=SSNf($NpaHOApJOyp5#^+na8$pzd@Frp9%%W-Wh7tEB`UlDm)^ZnvQgJFiWgclA3S zz$HtjN$l^Zk{H&TK4PNfRDnduH9DGFLJ;dd8jHG$dW+r~{f58r?8RAKtx#Ui-Ye7> T?tooWmx)X-c}FJia24$z&wpV7 literal 0 HcmV?d00001 diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties index 1e7d7d38ac..a5219c9399 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties @@ -3,16 +3,15 @@ aaf_env=DEV aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm cadi_truststore=/opt/kafka/config/org.onap.dmaap.mr.trust.jks -cadi_truststore_password=enc:gvXm0E9p-_SRNw5_feOUE7wqXBxgxV3S_bdAyB08Sq9F35cCUZHWgQyKIDtTAbEw +cadi_truststore_password=enc:mN6GiIzFQxKGDzAXDOs7b4j8DdIX02QrZ9QOWNRpxV3rD6whPCfizSMZkJwxi_FJ cadi_keyfile=/opt/kafka/config/org.onap.dmaap.mr.keyfile cadi_alias=dmaapmr@mr.dmaap.onap.org cadi_keystore=/opt/kafka/config/org.onap.dmaap.mr.p12 -cadi_keystore_password=enc:pLMCzQzk-OP7IpYNi0TPtQSkNcraFAdarZG8HbdOKq4BycW6g_7mfhphLhOZo6ht +cadi_keystore_password=enc:_JJT2gAEkRzXla5xfDIHal8pIoIB5iIos3USvZQT6sL-l14LpI5fRFR_QIGUCh5W cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US - cadi_loglevel=INFO cadi_protocols=TLSv1.1,TLSv1.2 cadi_latitude=37.78187 diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/secrets.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/secrets.yaml new file mode 100644 index 0000000000..d9abae5dd4 --- /dev/null +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/secrets.yaml @@ -0,0 +1,27 @@ +# Copyright © 2020 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-aaf-certs-secret + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ (.Files.Glob "resources/cert/*").AsSecrets | indent 2 }} +type: Opaque diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml index 3be8d5df61..06d3d8b2b8 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml @@ -150,6 +150,15 @@ spec: name: cadi - mountPath: /opt/kafka/data name: kafka-data + - mountPath: /etc/kafka/secrets/cert/org.onap.dmaap.mr.trust.jks + subPath: org.onap.dmaap.mr.trust.jks + name: aaf-certs-secret + - mountPath: /etc/kafka/secrets/cert/org.onap.dmaap.mr.keyfile + subPath: org.onap.dmaap.mr.keyfile + name: aaf-certs-secret + - mountPath: /etc/kafka/secrets/cert/org.onap.dmaap.mr.p12 + subPath: org.onap.dmaap.mr.p12 + name: aaf-certs-secret {{- if .Values.tolerations }} tolerations: {{ toYaml .Values.tolerations | indent 10 }} @@ -163,6 +172,9 @@ spec: - name: docker-socket hostPath: path: /var/run/docker.sock + - name: aaf-certs-secret + secret: + secretName: {{ include "common.fullname" . }}-aaf-certs-secret - name: server configMap: name: {{ include "common.fullname" . }}-server-prop-configmap diff --git a/kubernetes/dmaap/components/message-router/resources/cert/org.onap.dmaap.mr.jks b/kubernetes/dmaap/components/message-router/resources/cert/org.onap.dmaap.mr.jks new file mode 100644 index 0000000000000000000000000000000000000000..34cb01f44ef3c89b66216856e0ef29cadfbd3b51 GIT binary patch literal 3619 zcmb`Jc{r5q9>-_K%-A({k~L%<&ls|0k1&jklwFf8#4w|mEX6osMk-4U*&>PPmB=oX z#?m1oOO`03EF)2`tnV3h&U^Kq8yNCMHH6%ocSl6wyXf`I@sbQ|Dk?~l^c|=V>r$Fa*BH@($YFgMp&Ki7(@3frP zJ(J2DLuvm0TMIEKqdln6Ai@57wSe93{hEAAi!Fd1D4`XKao|BxP?jfQH`t?(1EA!S$-ZnH?jOFiWVe5*o6mE5$FpxP+_E+M+ z{`|0p4R?+ALUQ*y%y0LlU`A{Hkn<7YdlBOzZ)@lJo^LR_0v|*sNL{OMr72pAx>BD@ zn1%;N^e`hfBLMO&1@5!#n{V!)Ff_BeuAViMtI<6vZg)F(J~cbQrm73*$0GQyDcka$ z1@=EdV`lG#9!_n=@Bb=^SY)JPQ|^jdEDr22(LGYSjid)(l@yM9q7RH$NvH0#rHw!A zxJ9vD29Jsl7N$q>j>p~BP>2=JFlsPX+L3+rj?Wmw9Zx$-yGtLt@`jD3mG!`_#0A=V z$IWRdOG4Nj4Z->xwXbP)SvRXrZHZSmByC3okNd;jINgmlGX@|Em$jgS`g9?qloM(_ zVmhj=38P~3vM-l%K}t1;5!N9Q)oU&eW{;G;58gfvT#hcpC*6D38mqtVx!sY^09KBC zE^C2rk=`G(NuE@!ZTXy&xJ?zOBx23V2P{29Q15vAn=eW@ge?&6#*x6s-*NA@ zph&^XR}T-i>7(Tal%k*66RDZMm!dhnA`vT#`oRwJIioAfTqAG%(8iJ*Vh5D%*`<--lh8k{W#OakQin<8OLX?kq zFRz?c!so8!q6@k;&D*~K<8c~07hxNXV?V+=9$2x389 z2Q_u)d_vT83k$6R$Sxx}Afn7Jf$+m$`wH!46 z+N0mz4O!tkZJt!8H1r*rFlVGTpa%j$Em$}-1;}j5x7i?I2!unO@HV-2zB&=$g>$MT zS|zUYg2CJ@XdXjx1DtR+Cn#JH;^c_p1-SPF7Z21PYkC~T2k`7kZXTGuqp7JSN*oZ~ z(`-D5fRJ!sVz94I06yH;+|)}CkP_w91OT+AHlU@6*3xrjNz_jg@IxV3bpHM@``>wv zQUv6GEHC*V39oKA$;I_@1_Uinr?rL;XzJ9(Tn@t@eWNh}Az(wujpDuXF zt4H^{UJHcEyM&hR^DMd2HaU+L81RTi4;Gb_Wshqvo5o0Ys0k@rfqGS^-1Cp}T44M= zwJ={taxPl7-OoNSxWtKpsp#ml7iI6(d>!8;NFS)Pq7N~R)8So8SL@pFNkJ$C0DU({avvD{I~2+WflUK4ENdhc_Ou8f1m|G2RTzw&4gALp0-V^3I0&@^ zFmXch>)CFIhOR49YdFsZY`|@Eql(Ewpco0L{V(p3!R&zK-l}|15vUM$CGdJ9<%m|p zgj*$XVskQp^WJTKr~_ahFCC001|fZr!T1oozc0}w)Rz!?&KF4_;qiV*Z$dEn zABjfh3-%?ESTX8E!g*HSk_G>)zyDACoHeY0htBg? z5Q=HZdClq`El+NkH@=1RTVtGz)fi%xlihQ>OGkgB%!#W6gtY{f6pT(uh zp5=1KpnO8PwrWd^J!n>#n;KNJ20cgDz|X_9e=GE z&P+jwQl)&Hr!Ssq0G$yLZLF=I5MH|$Fiu%o<(qgcUy%Ni#%W|HP1#Bul9(-+ziifm z(?L@jkHb5qmaKcvd%&I|O3uy1?;;&U^42=fFMR;ViV0!{oge zDT!RTSJ3t?l-e~84KUIic`~EbK+gH?N{(BteA2tLm(6W9DV#E<#>UrPN$1^J6ldDk z7tYG{4vQ5ZBOS;~r_6K)yPAJQ&(>kB4bnE1o;k_3vW6Ab* z5o~%OzV{}MMEHXV^<|l~S?BafOV#CEEVsZc;VTa{j>q6vGpE)MTjYf@Kd06CiMDix zfrr^JkxOs3Tm0q=rDU7GHd|T;Ou0Ij4|qo!lv%wouizWWrwh6@ zgWHH(45{~{`)WBK171Cu+{*oJ8$WOmp9sV!{8V}Wu9^YqALT9vh{OpwI-yrFi~SB& z?UA?Il~B>27MRw6z+Qmh9x*roIO_rdga1qwaN>`5DEvpH{5h%E$Ph4SpCIv;OlqZn z-Ll+3RAQBiAK~eh@G#v}aOoE1-ay|uj>6Q}?w=4TQdan$Na13GSP$=>g0}49dtDKm z`rYBx();Kg@&*sNYbR`Q^>0Jga84$NxwjZi*-Z{Oj4Z~2_xj1em?4`0!76fRi43nW zBya5Hgrh5sq&BVKa8%g+(Sb48Qi{=L7X3>vz8&0GsMpb8r#-PdGK`4}0>L$jxTjD_)#B2r<7dhad|x4@Od-Wj>^w*9`f2teBbu9&Z_48b#3!BZ^ijo9lFH!TqS#HO z+l+6|I`F%VVAxuCh)h?VH90Nc%+&dKuLE~S-(fDWZ`-G(bhyN~T#;2>J2Yf}x z9&rmWFXWDn5n*GaQR*N(K%Xu?8h`Ml=*x|K?peZM49PPdorx}Y8SyAqB%20-$C&0Z zM>f6POumqn!slm4KJhVx!r-C^rdxTcgEt9z}70Hfu@bihH~5YVkTLC*J-48`4{)%F#KKFjb%A-5pfs5>xy;B3=xrA3wzV&gjf8ilUSn>Mx zht)<;5Xcm&oc)--U_)IKD(4%`-GvBf5Nq^rZPOEFS{wsPeUzM5H5F)))nzb?sLu$u zetGaSgu6EJ00+l3-3!A2C5&GAYuJgxUiiz& z214)~s1mwz7S|luUfD!QA!%z8ymc;O@`gtmyGOPI^sLmf*=-vontGa$b1)2687=9p zM1AJDrcZTUX3(FLXh)WIacQTVyY>_4rNx)kVSAQ~>rO6ju7~#P%{W&DZ%rd1CiLv_ zUB?3>uSO)F1%P(O)Y`I05)j`m!DSzWVyU%F&pD z7{$Om5pe@
mWVjO^h5(o1|2SEi+mXRQ<==aO;HT{LL`SA3|K55}&Q2&9*lUQ`V zf?u*}kyo~VjYF`Yu`&BtcYUdy@mn4G?$h(1nqcF2((kQkg;Hww)-m7Dop&o1*JZ4X zRG_8OcD^Ypn}dAmPb)aNNQ0Jp1R0`jyY9L-#YbWgLV!rpEX0-zwr_jQ+CpQDyGxnbnDOh+}# zf@b_P5cOj!#S~J=ry%t*=^-91VT@4AuDkcyMD*){wBd;f*7!V$%;AN0Rv9{@7;C{& zf*9)nw!4R6DjMgMEwHk3#~LE5b$@rO)av!GA03^b?|+|RctRyNLN*H(VZGtC%pcV5 zd zxKxA*3KucBZ83fO14>eV7H%jN+IiZy_&s;n5lhi@ptP}^=AWrK0a>xUR2(M^YTtw@ z>&xd}uamdoY^CW81m7?5wJsKPF==)MdhNa_JFLo`>@Ax-8ZC(BW-X;XTWw&t3i*E8FIe#UWn?DFfo z^^#B_>t|fyr{xK1+Z-uyQ;=sk77p37sc6+DP$^aAbw%MG-L7Vu8A*IcYPQ^&qU;;A z{n2mfOefYGM900FH3>|E!=FqQj?o z;_PmJS4d1!Oh^bWEG#7=E(J%E%KZBf5n&0MRNybV4*~-IHje)&!2j}L!hiX2mDD}t zfsxeKE4_-y{MqI$FgXqFKRz6RCizAF)O*o0RHUM<)l|>nJEAF+koRU(Hf^I1>bYVd zC9LmhUa+Nnpt&jiQ@CAK_mYFU4`x{KQe=*QwbnZT@KR(w)GTQr0s20n`Y zv}A4<&Erx;Ql_dVrSzu>op>nZe+C`0gv4Agc#XZ2cMc=LPQIUcp~dfh0Zz&Vd<*U$ zz)T(^iCjkvpf8bQ^?|W^M*_nPIHpWd367aEJ7A_yt^e(CT6SRV2eJoR^m$WM-``Yy zc#705o(a32PPMP!G5hSE@oOP&q%rb{0j0EG`oJ~|h9?>DBFNZ-gj`gThdwyKweH(; zs?2n3*-*C2TO0?koGjPi8;bS){2-9Irt!VcjDV8v#Xj3ZR^JKB$b*&VLOnk7Hi|h~ zbb-Hp(`xdp1xTi3VTta#F0fBj$r}>uBWj-oOrcj1-Vq1hJ>+WQf(D2}9c(nbqEfYz zve%<&_|qCL9VtGKX{Q7guH&^8Q~P}99_l5~48J;BW99jVupthp@toX8tEN1BulJ+G z6Rk{X(b2EtV)LWo{0d97dX9c6Cob}>d&fl=GYGzG)E{*5GIdIV+n(hOaj zZ)=H73-r}ucLDQwE|iAE!Dj6%;6vHiUNFsl`@aa#d zKm(f8pVAN0n~zy!Q{GogsX45rNtY5HO?_LxL=9Own%5;_E!6=6OO~oM)TJ^A{YHG_ zk~-hkFZ@z#T5DPtkF6Is$&r%^*A}fW(y1!cR^HfLXh~*MBm?!{L*t{mmHj1 zR;z@zjClp2_DbjRroKR>#?8~rnt=F^(Uz1!GF4Z7P+Y?amR5os)sdLFKO(p#AX~Wf z@`p~AqLLH35Ze$cfq^U=GBWH z*5PN!XncGo7;jq<_x&VC&-Q+({jluR$RxDl1@l=0I_YiIS-4JB@HtZ#-=yq8MXgB_ zZ`YgoxAbPS2BZnUgH`ZAuiNn^NS$WKTKoQBe_h9LQ)B>*h+%)!S!UI3x-;gKQ0waf zP0Iixro`aCuM4iT`Y_O{Ic~JTn)vcWRE#Atd}`in<5qf=YFfWh=v?$VM?)6(=(9a> zReDgCTLQrT=w@j$)yR-S=Z13cS!FqZqcr=xFtihSl%weaZZ8NY2o}WB4Z*pVG2@!^ z+jbvIlljn@0^#LNhfwd|xzINzU(a!jUlI@|ZG1?XFKtI8fe-b5H(DCB_TW8-9c6+P z%^tS9xa71Qc)?t?Cy-5HB!11QDtV{Ot!fJP8{q4P_gkNc`NP}(P^$HBbJ=T_cRva- z?xF4y`6l!-D1xxO;-oAf<7a)9psdmv;l<=}S+eqt-k~K0hIpyjm?v`8zIy6bgmucX zk^rN4aSBXQ$Tm$YGP)XynRE6it4oSx#O&6y2ryr=^d#wc!X)>KG>6ejv&8GV2TLj*lQTV zd-^(Wm6R`?)BFGv2j860rCi_-ZIK8kL_8|B6?Y_lnGmoixh3{`m}}tH&^g52UsXdg zN>xzeIm$ltWW`e7VcAMYbPhNkcgi*nGY1lb6arAcQ-0%X%$f>3w^-Vb!neb3Q9Fbj zu}O(4eB_5u{*HyJM3z_#m9Vp(r$!9ChGdRJWuer4JVl-o?fQTltQn85c^~N*4ao~j zU!Wnu>r<~g!3>5tu6#t#$S;pHz197oB%$vu4nG7x*U;g#hiWLFIlD#-Q9&!m#W2Z) zc^_EKhvMK65+khQ%$o8H)^uFA4yO0NZLy{^i%}rsizoUdnYQ(h~$JriH>hKvAE0- zcT2&r_f03@gFAlpA6U3#tKTa}%FxCeR2GsOI7vq0nfk|(7|#g;BZA<)-1d_{A0$xA zUA~JJ8#D}fs*`|p+;nd6}ZuGDTsHm@4u7A#4{u)k5nRWaV2oH%is zg1ppu;-_TNb$DkqXBdOIi?_Au(ar7VSBo@pNhjWS?1K`Ad=T`C$R-avXlCuOljWLI zK}_+jO?6no*JxfHQ)bga`Q7>wb)QQ5v`{Zv(prf-x#ki^WzFS9n0Etnr(DZ0%Vf=$ zRgb|*9Xl9z^&o3|ZU(<(lv|#ww>!q>Rhq851z-l6!X<0t=3C+sBAh$T(-l(mFk7=H zE6pj`4*xpJp6mcNj;)FXe#ZCdzSMq`nm?Jh?_>nntH7`4XWk0C(}RbP>g0fxol z@g+XAJhz0~l&QB|(H%5AFv^O}PadX?9)Fc~GSA`K58hQL4sLp`pVrX8%#<~Ys$1dIJ2{>iCji4hH)jST zbvWCxAY`)F;h4#E=R1mIVBXi1uF=egXE0Ez88>ty{uUA^%K<)C<^fdWGb>og$PC^e zx17ioJ+y_(!P(&?gai*L@jy@l06v{AJ3ER6dMht`*iC6Wvz68Er2_r?XAeuCtD|Su W(d$J1iCqH;%%z66Ihx6rp_&x9QzQ6bRJ--j{E1#3kK_C#QVt{{9 zYNCst5>ZjzfZKN-#QHRSn_nW@~GYQwLSoxr!Rx`G~CxP8C#Mr%IYox*NDn zOC3i9cY_4nZXCgq=&7ZSCxUo9?g#y!*ErDaKfePYATSOT1pzrw6(|P^K-#TJ9W-ic zn3$k#kJDL?baT!*VB8Enbxw%Bu0)sD^6MSw6nW$dnfN@h$(xlwhlY`>oN@rW36*)x z`RoPN-gxZU6?6W42aVs_*vJae7;~o$#uPKBkThD7nHNPk=(E_}ucljpJ=xlU?rw8Uycx6Rjvb#)3tnn? zXm{;Myn9)TC^G4KNBSDdPc-?`Wkh(xpzJZZdBAbiB>Lh4CnLhvhg7KdyAg-B^>-Vm6-1ockBH@r0I=jP?q|ajdUZ? zOgs5Q6?&f_6E$XoX~S)NFxGsWv5qG+x)8B)Ue4Qh}AMr%5%B+bl7s~(ubrDG3LHP=^C2~(*SUAPe zmL=)0-770c{(Fb$uq(-+oYjWzhYIQOuo2)}FEU*=1)K2&oI;)EYo}%_;=SSNf($NpaHOApJOyp5#^+na8$pzd@Frp9%%W-Wh7tEB`UlDm)^ZnvQgJFiWgclA3S zz$HtjN$l^Zk{H&TK4PNfRDnduH9DGFLJ;dd8jHG$dW+r~{f58r?8RAKtx#Ui-Ye7> T?tooWmx)X-c}FJia24$z&wpV7 literal 0 HcmV?d00001 diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties b/kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties index 36dafce986..dca56c823d 100755 --- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties +++ b/kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties @@ -4,17 +4,16 @@ aaf_env=DEV aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm cadi_truststore=/appl/dmaapMR1/etc/org.onap.dmaap.mr.trust.jks -cadi_truststore_password=enc:gvXm0E9p-_SRNw5_feOUE7wqXBxgxV3S_bdAyB08Sq9F35cCUZHWgQyKIDtTAbEw +cadi_truststore_password=enc:mN6GiIzFQxKGDzAXDOs7b4j8DdIX02QrZ9QOWNRpxV3rD6whPCfizSMZkJwxi_FJ cadi_keyfile=/appl/dmaapMR1/etc/org.onap.dmaap.mr.keyfile cadi_alias=dmaapmr@mr.dmaap.onap.org cadi_keystore=/appl/dmaapMR1/etc/org.onap.dmaap.mr.p12 -cadi_keystore_password=enc:pLMCzQzk-OP7IpYNi0TPtQSkNcraFAdarZG8HbdOKq4BycW6g_7mfhphLhOZo6ht +cadi_keystore_password=enc:_JJT2gAEkRzXla5xfDIHal8pIoIB5iIos3USvZQT6sL-l14LpI5fRFR_QIGUCh5W cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US - cadi_loglevel=INFO cadi_protocols=TLSv1.1,TLSv1.2 cadi_latitude=37.78187 -cadi_longitude=-122.26147 +cadi_longitude=-122.26147 \ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/templates/secrets.yaml b/kubernetes/dmaap/components/message-router/templates/secrets.yaml index 023b5a1614..90f63ec98a 100644 --- a/kubernetes/dmaap/components/message-router/templates/secrets.yaml +++ b/kubernetes/dmaap/components/message-router/templates/secrets.yaml @@ -26,3 +26,17 @@ metadata: data: {{ (.Files.Glob "resources/config/dmaap/mykey").AsSecrets | indent 2 }} type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-aaf-certs-secret + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ (.Files.Glob "resources/cert/*").AsSecrets | indent 2 }} +type: Opaque \ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml index f6d67214a6..9f64b99d50 100644 --- a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml @@ -87,6 +87,18 @@ spec: - mountPath: /appl/dmaapMR1/etc/keyfile subPath: mykey name: mykey + - mountPath: /bundleconfig/etc/org.onap.dmaap.mr.jks + subPath: org.onap.dmaap.mr.jks + name: aaf-certs-secret + - mountPath: /appl/dmaapMR1/etc/org.onap.dmaap.mr.trust.jks + subPath: org.onap.dmaap.mr.trust.jks + name: aaf-certs-secret + - mountPath: /appl/dmaapMR1/etc/org.onap.dmaap.mr.keyfile + subPath: org.onap.dmaap.mr.keyfile + name: aaf-certs-secret + - mountPath: /appl/dmaapMR1/etc/org.onap.dmaap.mr.p12 + subPath: org.onap.dmaap.mr.p12 + name: aaf-certs-secret resources: {{ include "common.resources" . | indent 12 }} volumes: @@ -105,5 +117,8 @@ spec: - name: mykey secret: secretName: {{ include "common.fullname" . }}-secret + - name: aaf-certs-secret + secret: + secretName: {{ include "common.fullname" . }}-aaf-certs-secret imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" -- 2.16.6