From 533bbdb33f904216d405cf27e019792b1e187983 Mon Sep 17 00:00:00 2001
From: Bartosz Gardziejewski <bartosz.gardziejewski@nokia.com>
Date: Wed, 7 Aug 2019 14:49:10 +0200
Subject: [PATCH] moving certificates from vid image to mounted catalog

Issue-ID: VID-494
Change-Id: Ie1a3a9b362618d6b1821583bc6b3c39c28eb82c0
Signed-off-by: Bartosz Gardziejewski <bartosz.gardziejewski@nokia.com>
---
 kubernetes/vid/resources/certs/org.onap.vid.jks       | Bin 0 -> 3576 bytes
 kubernetes/vid/resources/certs/org.onap.vid.trust.jks | Bin 0 -> 1413 bytes
 kubernetes/vid/templates/deployment.yaml              |   5 +++++
 kubernetes/vid/templates/secrets.yaml                 |  14 ++++++++++++++
 4 files changed, 19 insertions(+)
 create mode 100644 kubernetes/vid/resources/certs/org.onap.vid.jks
 create mode 100644 kubernetes/vid/resources/certs/org.onap.vid.trust.jks

diff --git a/kubernetes/vid/resources/certs/org.onap.vid.jks b/kubernetes/vid/resources/certs/org.onap.vid.jks
new file mode 100644
index 0000000000000000000000000000000000000000..3c2ce9157dd4ea65147d960f4da883daa3a599c0
GIT binary patch
literal 3576
zcmb`JcTiLL7RS>m2_PNar3eBd?S@_isR4u3fKmiOnxO?klqM~(bc6tc^j=g@6r}{D
zsUWD7r6U4S%F@LGQhl)dcE{a)Z{F<8`{T^L-}@`~{N|kVIlujt{S^=h1UWG9uXf}b
z-bv%YqzGOP-ckgj>%jn?NUpU9f#6Vp4EqK!BN)XIU>NumgcS^igJ5LXlBd*kr%$ax
z)fICu(Pqzq)8+*+eoufs?T(`GZ(kk8acq|U{+v0XWt)?n{Fm8P;?q8CJSmvuJ1(4y
zlNhtnSFW88P}-aSc)Jwq2Ub7Vj+L*b-m%pus;pi_B-L~Q?Hju9%Brk|Hm6fuKP=jY
z7}K>(NzIW$+E%Z_c@uAlshTytQeDo>x9xH(w$kI&_2=Q{`MH-`^nlLKAVGs!0soei
zyV!K{+*e1CZV%d;y35~QulOVrpWM=rdAiFjBhrvz#MV6s9oKpy&|y6D^ZTxvfzGVx
z-gLV0O4!GztrXs-H^)7gcV1VwX%}5vf{09TTCjq3CC~FK>j>HP>|D_fl*B4*`CK*H
zvS^YFDOI=qndy8=KB=^lZES6!d=>A+bWhLY=I&yroi!sdw<>y9>C>Z1>8&z3md94_
zPwY*q3k}EWtv(9kYR(O)UXQeQ`)2W`+0!3AzDMSjogVHljH`O7LKI!Rk~qBl{$5Al
zD?QY-2QfrP0e`yY%d?amf#9HL9KA;j*L!_kA`{yQA(7)rPL5R~L-fR<(p4vOIo%zK
zCfDbU6s&iwyvc`dxrDmpocWNfO#c9Ff2S)&+2p&FFl_@)ko{;jBc^6%w$MW2VSU{e
z!fl^T{;Xl6uJy4eq%Sh_)utga(W{W_-dUP8&&{-D>8aFsDc#Bb1veXAgT@8yhX?M%
zg;#F$Y9NPjkDu`_1WlYPtILj9v{}Bj+${W(YG2LPCzl=B7DYP^O0D{U;g7Ii5AAiN
zU3R3c3kKes(7CpEt2(@B(=vUHE;Y4Ar*4ri3FZAo$45T1Tv;}_N^R}orFX)&1M{0R
zCOGXSRzuIiQM(45x!#dCO4@(PIThBr9QNp8pNCIs*3uT8dN{`TXMNjkGl*`ic;x=Y
z*pJ5hX=bE~m6{YvBl`|Z?_!Af_OT-B8slc_9nI$yP38E4FMPZP&Q}P-#_98pl!j3r
z6%4&ZRk!;RQ_Y7eTb<!vMtf-~2DfjM+G$aA;$O*uqkdOMtk+Xnxko3?r0$1)Q_d9;
zE`Lm&FJJQC*-cTSSPqR{7MFRtY3l&*<t#7dxOJn$clgzM{7-}C=dv7!rqH4nUAx$)
za<s&^j?Fc#xwM9C4<{IE$7Hver}dYRbOv+JO+0P8bX9wkZ`ae(r!O3d+%Nbg$G^9f
zWR_1A%6wGUKru8PeV`YBm|Zg+rM|6miMVslcRCnBgGxW{eCb~5i|91Vewg`K!yNAH
zRkZoWKTJ7u<iSrOi7ifDM8lDofk@|I_+Im_r=m#vOtU<RYWMj?zH7ibti_IxXQ^6q
zrjDW_ud3crAz1#r6Iwo^y<yq3mNmV7+NeIc%kaiV$wx+_gEDu0MR(EY!;*(b9#q}g
z^yL@I8k;7=S2&|_I!j}l0kaVh!P?%Y1REqoBu^T5{yrQSkdtP=hP3%snN7cs$zJmF
zZGKIy5LT#K&5z6Mz&&2KEEKy+8fUKg%olw*Srumf)Ub)iF<i2i!}*?-f{bhBoTbT`
zfN=zYpdyNOOXuveSkp}JwHe`D5hD$=Z)&r+*_0+!a4{iG-0~u=893y!)9+6;aw&?c
zc;O`I+kUudS5b?a!kmh!2x#BGm4~yIE4Jv|EH1uQxo}bJcv6O!C+2iz;|ev>WNtb)
zA3yePFh}Jnqyh0OEa8??@_;f31QR$Q;*S6s3M+s@zz_&MHYs3fs%KgdU_vmQiqenT
zWCDYca1fw}Mgj~7s09qc4za+YnE>RWU_`-;jWkWr%mC_8B2jQ-oTerQeH7q6)KJtB
zycfxt=;`c)cOW@yYhF?Y__&$S%783d1}!h60HCe8nPh<PB;bNZ0gS&bh8|EH&GMZm
z3}7zM?|UOre*^vB-1v)^-=6>=ga35KgFXNygIPca-x(ofFc{QB^Sg9?sG(CcwN84g
z#9X~|<(+M6o!Il)D4t;VU~j@vsMc5qNkLcd)lc&Z$mQg=>!?S!+Vp{bxXcgIOs+3<
zws?~ANh4>FH(QuQrET4=MvQe2#i-!JGgw-Z=nCEuZV#3%`S5P(nQiILwTMk6*;=(b
zyG^oBDDqw}D_U(~8)oQ^=F!=SS+&FP9(zaVs0eabP-_k6(Nl6D)ZYA%L4%}!L}x)G
z$L^kp+nyQlvGY?MaGp4~Vf0>kU1U2@Wq5wBKWvZnwS+fn?<eZfuGFbFD8wV*luH_+
zb?5J??M0Nkj}?<l=xF9+PIE8Bc({EA78Wq0t$Wn@@QnB|2owwg7l$tc;S0Y8o|hd4
z0YC@66KcWB0tSDB!JrWMG$3%Og%33sz=5DY=&Nuz9Tfb>8w4;voFN1=1PsDB!Z$N*
zjx@YTnEYgBw`hbf&{nT}TL_d$0TTZtc4ROez<anWGmHzy;guphVo}eal9T4SSmK@)
zWh33-0>~c@v%(HGCLd-I`G>;`frB?*$`|kH?cwa?>`D0Jen6)G{kHI3svRc%K|+8*
zlKhc5G@t(3=&0yBqw?VeB6HZC6w)2rYb8n)wIhou-mIn-<E3&T5Y3i}%eQRK)F;)+
zz+h+JoATpVvaWtAt<93SM$HSH?u-r1!26F?N{HfwGE6IqM74rFqUd}Xe_>&)H_Ozx
zoEAZB3Cn9K>QcJyP}YjmzaSWjA3c_+R;Vf@y3R3}sbwSPdV#~eK7>Bc<%F=g9oa;Y
z_O&azPBz;?jLFP3v3hWsr7f2uk(yWL^5hd2-;xjr8?+=-5M{2LILJ+-aqU_0G%r?o
z9Y3n1-0bbPi`(-HYruLELN5{PN|LX-P_u{`w*21W2ox(-<>ZNe&jhJHgCHG#&>yG>
zI6%c!fDEzy4HXAL_zNTcQ4oIxffAsERzxewqh%EjK_L5`{QnW>e^vVZKA%BKZC(8v
zLm~g(Q(|d8lN3dULVZDl-1l5%{)^@LtzW(4Uc7<f)n!JSX>twZ?2UwMo7xl6?<l=Z
zt=M=50nIaKl78mTEnYghVq9N1Blvolr$o>9$J~@yTBrNVmB!cNxPYF~e)^O-$Q#WG
zvEz~%ozG8oDdydFa9qL!lZ_4ipvoZT_Zm1NqH02NRe&;Mnc|NTU(GQ>vds{_pyI+%
zs`s=kTIP4ii?>}YJ}ykOrp&6^Y7G+^m1nw+roTKHgMHP6Ig6jPw!GW#=&yQPe_Xqg
zc_fD!jAexr0t4o(2;%nnT{51n#GP5b_oFPe43B|J-Dya%zSgaOS9%l>9`RjS{ijj|
z_<yTq9)K&117{)o(O{|1^g)|{R@+H*(Awh4S%B?u0{bBj=mEsR0|EyB85!WH-~J)|
zUwQH8q=J$mU=RyCF-suvzH8m8V1HoLgHtYq_5_lTQX;rwC$_x5$Ai8wap>aOk$66R
zhi-q)64hW^$L{>r%#!jKe%mTtq#Ayfj%O!StC6)6ShM;muTN$c8Vbmr*~ZL9Q!|6(
z2D(hi=iROkV)5(`$em>ZOq`J1vEB)sb%w9Rw6LiT=f#IVj=`7X)wgeTe17fF2JR_T
ze%4?pKe0bD>@b-+bAk2iSsS`Wvkq5SnYB|{pUWzZZ9L8@E>x>+I!^`Z5OloXe(V03
zIXZ3}Nv5O3I-LbrBy=xd4h-*!1DZQ3FFfB>7CYIZxw0O6tiKD+Kau}YO{?8ycJYl@
zk#AwD<m-JDk}Y91T53S819L%QvdQi<<$7a;Nk$3<BYK?9F3vq|w270C{%gOlha%P8
z6<*AAR`HUC=x_kW$YuGph{i@Tjax7U@N*+Cg9T!ZJdH|ddZDb0F`V^M-F~J$p}H+r
z@^vroGp0MUt9s2o4)QCJy1f$KAX8ryqaS!vWckb!pV?vA%N|&@ui43;o*UNFiLAI`
z%wqT$s)``E0iyO;pmai8K2V#zZY(0~q|wCWF*;;YyE$8{m?0f)Xg6xumto8`BD4K=
z{BC&v(YF@GJ#jqo(YFzf+(z3{HZ<q%P2d}r-RBd@OW;M_Su!P0OVe_Sr$zhRoMZr>
b!_$T4jR2Gt*WIG3_2=baMsD<MIhgBTfc@)^

literal 0
HcmV?d00001

diff --git a/kubernetes/vid/resources/certs/org.onap.vid.trust.jks b/kubernetes/vid/resources/certs/org.onap.vid.trust.jks
new file mode 100644
index 0000000000000000000000000000000000000000..4caf7be6528f488678373331e4a4f5a1fe877819
GIT binary patch
literal 1413
zcmb7DYdF&j9NvEy9hYrM&2kBmvmEL_Yc)li6*(>;&4jQDt3>L^{TVxLvB)jAGS?1a
zVKMjXQtoT=q>~5ZQBTToi7pazIM4aehx6rp_&x9QzQ6bRJ--j{E1#9mLLd<6#sL4I
z(s_n=K+t(cfH$}y`Ih!pj6x7@`-q?!1cIP~Y{XHJ4KvJ#K>;XK5t3Um+g>6O@j;}5
zq7m1I`xOZQ$_NN(j7Nbg3NRX6Sq0(fVrglOM}o?mTuBA)c+%1duM8?~QUx_A%>~@0
zj>MC|10WH908ca}xvL`yB#=PB|4aYpH8ynjkM95o2#gIyLqIlE3Ce~7kan|T8`bJ+
z1~zcllT>D-R@NmOtc#wz=2_AA<*3pcew_`CDvwyEkY4hdJej$(7#O9}Aq%h?SDI6s
z%bZv4iNjr7Hs;TD*z;Q(8koVVqptP?u?FrFEaJ~P&#2E7*hL{-6RU6cYSo&+6}P59
z#omK{7pPvi{<_STTTiEblVnEJ9N%<fH)+BjhY!vO^qbN4o(=q1^^_#XN&#->prDmI
zs)#<qj0-9BSxNhl1aJ1&O&BRk&xs@+^IqucQ_(8Jd9`+6y4sw1ccRx_abr^{L5uZ|
zt!|!-b1i8RMI_wnNL@$!iY8t=4GVAUmOP;}_uH=QiMl$^P7AlxXWX&K5N|7Uq#e{W
zv0oAPx8L2fK>dA5h3nSAtqa$g@Tn!ntQD#{OROFq3aB0_8K%E+g!$PI5lPdni*FW+
z+1Xz;oWubN(lKb}cHZdc!JfgMOrkJ)LXG|vl_MpTM=Re)(G3{L&T^x&s-V|3wgV(j
zcnhXCfgFNisFWdp6Q)zJ7g-h~^M-V{;M}qN#FkoXcXd#bR=9LXXw+k8zh&jDza%t*
zNt228KbuUqq2={OTb!%D`KU;L_<}Jg_7pwujX$<J$;)+!z5DSP%J6nGC`<m+Lb{b?
zq>=ck5_4FPjvlqZw&Ax{47D-BUB5*uz8moHe{fnA3IiZO(Rq*oYHvhP8wJO}x4X~?
zi*_?oXJJR!y$&2ca{j~Yub|H6S|5%DF){ybKyMn<0AL-C0AU*dqBaHerU2h42=~Vr
zZnR<}h5&@D)6J|5%X6qAYxpzFTTM=NcWt>Ox2__N#|7#W_DhzshG1Et3RhNCmB^@6
z&HPxFU6;2wRfEpEoFz=-Q1^Lcw9T!^4fUFI1DP#z<Q%7~&xcGGuYIcQEST-%+ll=$
zKUaXs+2Q>=NJl)hS6NribQret*D_u_gy#oeAK!UBEa866BP&MHciZ0ns&-GS(t=zM
zwY0uH<uUIm;!aapb?{YAO;bHd_vvj}k^$$9Q=%$4EI+S!QSve@a{6+261M!6fX5FN
zJ=qlzZ%DJPY-q7N(I2D-eC)2Z9?C??LgT*>8#UlH_7C!IT|yW|MIIS2jl!KBMx#EB
zeVK^a@s?xaJ`P6+LjxH{+g(zU&A1tD0(7yFJch-wbT$0tWB+nUvS2$dkjL@5GJlS(
zAxqF%e^^qAAv{&aE#bxjrK!d10W32OVG1Epvp2Nf9H;wNVfG0%5n=z7pUj7Be!TcW
zsUBTzu+^XXmYENfF85B2kZarbev{bczjn(wRluJ)IR?>wRIqTvr*0a{WNQr$AEwXq
zDZ$xaPDe{8uRSht@HCLd?{2!cjK1F`m>ko}m@)k+rG^@CT<%1!zt@J*>%2LB+1dAu
zKZhcjBD2=cCD6^cea1$~?F14bNB>lE5mBtwI2w5a{T{P3>K%Xn#jA^2>LJ{s523k|
TonDPFT;^JDJ&?Vc8Y2B0TWn;V

literal 0
HcmV?d00001

diff --git a/kubernetes/vid/templates/deployment.yaml b/kubernetes/vid/templates/deployment.yaml
index 8bce2cf1dc..a4e821ed78 100644
--- a/kubernetes/vid/templates/deployment.yaml
+++ b/kubernetes/vid/templates/deployment.yaml
@@ -109,6 +109,8 @@ spec:
             - name: VID_MYSQL_MAXCONNECTIONS
               value: "{{ .Values.config.vidmysqlmaxconnections }}"
           volumeMounts:
+          - mountPath: /opt/app/vid/etc
+            name: vid-certs
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
@@ -140,6 +142,9 @@ spec:
           - mountPath: /usr/share/filebeat/data
             name: vid-data-filebeat
       volumes:
+        - name: vid-certs
+          secret:
+            secretName: {{ include "common.fullname" . }}-certs
         - name: localtime
           hostPath:
             path: /etc/localtime
diff --git a/kubernetes/vid/templates/secrets.yaml b/kubernetes/vid/templates/secrets.yaml
index 729e0b17c0..222a3d582a 100644
--- a/kubernetes/vid/templates/secrets.yaml
+++ b/kubernetes/vid/templates/secrets.yaml
@@ -25,3 +25,17 @@ metadata:
 type: Opaque
 data:
   vid-password: {{ .Values.config.vidmysqlpassword | b64enc | quote }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.fullname" . }}-certs
+  namespace: {{ include "common.namespace" . }}
+  labels:
+    app: {{ include "common.name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }}
-- 
2.16.6