From c6559a91495469d62d73761c022bba47a245d9fc Mon Sep 17 00:00:00 2001 From: Taka Cho Date: Tue, 31 Mar 2020 13:52:56 -0400 Subject: [PATCH] move AAF cert to APPC helm chart move AAF cert out of APPC docker to APPC helm chart new AAF cert: Validity Not Before: Mar 27 18:03:32 2020 GMT Not After : Mar 27 18:03:32 2021 GMT Issue-ID: APPC-1857 Change-Id: I25adc3fce2bed234c6748a87d975c46f1e607260 Signed-off-by: Taka Cho --- .../opt/onap/appc/data/properties/cadi.properties | 4 +-- .../resources/config/certs/org.onap.appc.keyfile | 27 +++++++++++++++++++++ .../appc/resources/config/certs/org.onap.appc.p12 | Bin 0 -> 4143 bytes kubernetes/appc/templates/secrets.yaml | 14 +++++++++++ kubernetes/appc/templates/statefulset.yaml | 12 +++++++++ 5 files changed, 55 insertions(+), 2 deletions(-) create mode 100644 kubernetes/appc/resources/config/certs/org.onap.appc.keyfile create mode 100644 kubernetes/appc/resources/config/certs/org.onap.appc.p12 diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/cadi.properties b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/cadi.properties index e7399f6f04..2986ee9e5b 100644 --- a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/cadi.properties +++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/cadi.properties @@ -29,11 +29,11 @@ cadi_bath_convert=/opt/onap/appc/data/properties/bath_config.csv cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US cadi_keyfile=/opt/onap/appc/data/stores/org.onap.appc.keyfile cadi_keystore=/opt/onap/appc/data/stores/org.onap.appc.p12 -cadi_keystore_password=enc:tQTHVtbdCuzqrQY1TBRt9SkFL9tCY3OzwbsfaVyAa2dOfZlI0krFOJSBnkm1WdGr +cadi_keystore_password=enc:j5wAY4JjI6Gg8KbPRT3CK55kCaBZcrSq9XMe0vU2Hj3_TWfhln414p_og8-0u4EV #cadi_key_password=enc: cadi_alias=appc@appc.onap.org cadi_truststore=/opt/onap/appc/data/stores/truststoreONAPall.jks -cadi_truststore_password=enc:O3Vtv5e77OQWJ_OiLC9Atj3ngyYfulRK519JYFmbKl7 +cadi_truststore_password=enc:9WJ6CRlrFmHiQrFlckhHybFXOwPW3tRetofp3AZ5nyt ## ## org.osaaf.location.props diff --git a/kubernetes/appc/resources/config/certs/org.onap.appc.keyfile b/kubernetes/appc/resources/config/certs/org.onap.appc.keyfile new file mode 100644 index 0000000000..b7dd5ff9e7 --- /dev/null +++ b/kubernetes/appc/resources/config/certs/org.onap.appc.keyfile @@ -0,0 +1,27 @@ +EVYIj42lKzRyMicebf8OOUa9CVwvaKie3N7fTGeDT-GjiR6M6AHQCwBD9Bj95VxgVWOyXGAYy7eT +SSfnkVBgcdZWXlRL7HSUocs52DneRTGYcYGIBGz24O6EpmeZQyWluCKBcVCALKClPzqBNsHa2W06 +XwAccZzYPkDV-taGqF5kP10RiYvKe5YoZEQYBfauS3lDqf47AP-Dh1wLUIpvTSAUfBgDW9FBx9Ay +8Wy2geTuAXcPduBtTGIj3law-5ePDFRqwVVkXmSaEmEn34NvJ4z6Ww7VHqzqBxKAvLErV-KCEHEa +L3L1CCqNCXjUUa_D8CReDA-LPAG_v0yrjQxrdqzcYJ76Q0uIlNmEi_85AlAUXx6KGC03TqaGqICW +nNs4ouxM6U4ekiDi9qbFh7RlTEXw6bHhJPCq-G5ID-crWDHSarQ3IUR5qOmgIFIxpkPksBSGmUI4 +OIScgb2TtqG94EAZ3qu3PmzVlJrxbHYHVFlNLEecu7tGtiQJTLUHpJ0Z8O2GOc8bBz6o6NBT72Pv +i068VkLyUyrSNnVo9rNVFWAc3HREFi85KszBdk58kPTr2AQFH9iK2hmrXTdnPMjhmQgRh4xiAn4J +v5Gsb4DL2si3ZjD2E36Fy5XlPhyFFc8gdB6-v-Et1XJTU6mwV5DgKgg5o3WdHTuHZjYgWmcATZiQ +yLOQ6ZdjTF_004yOSkUzHbArOEmS6LIPTuLibvN6CY1Q0u_ucl5iaIbcwo_sVFisnVXQBHYXblBm +MgZZFg0n5ugL-bdUSdJtU7yIU5t79n0aMxnN84QhuREMSvCUioCrBD5c5H22iqbY7UCPO9Yy7lM- +aPVDRPwHAKEVjYqf4Z4k0Jthn7wqWS2iAKVOEi4R1oniAuuIcM9xoha0-LdRe8hWTV-qXDbtCVDz +h6Rw3dqtS5mCGBMC0TCrLJzG5n3Ed_4kGl5Emb3SXHWNqI_BuIalU4uot7seCv464E3QWQgAkv8w +wTk_IEWIFZhKJIcy5Brsw7Fz-XWQWkExEU3xKButC9hFXpdszF0y8CYUI6EPt2mPqaxB6zu3s4Bv +bKrVxFPX97mOeD8TpmxElmF0vpdhJ9Ee8clvBrGtLl1UIP6B80PrAPEZMLNhLV8S-ZJMKL5PTZh0 +_HNpj1EfiXnBz02cbes5Fuq9M8Dk7f16tP8prYzJ1JbnLTNHHcW4Z1quKrN8RIoYw3qzlXuYRm6Y +8rbuPlZ1wTllIxf00omnonJw8Fx9XzArv_UvqTvAYrv22YliUSl-lcFi8cOK58bmM5rBmkWoFObK +DsCMicfyPWhKf3DEwg1Y0j0qKppFqtKcSxnIbQ-VPRCrRv2yTjauEW6iNlq3RQKSJqFjUVmSUn2w +7tYQzeNv0tYgfRtHgSy_CA9q_ANJFFlxDtqtrFTsgrEH4jOlLs2_UN96RNUhVqSu95X5hEukI574 +kQBUMc5gGQvQ2_Xug15O_-cFfhtalI7NBZkGNNPY5K8h7xYZp2aAl-pNPwKHAmrOWAvFwy64A1NT +_RrZxrtVkj-k3f8Mv_p56yChUpujZ_ZDwLgYKWraqDxyEctpXyMMgjOYRy2CZ6oZfuAygrN5Gw4k +zMKBDkz_5LO_rYU2RUa2NRDLlh2Y47Gxt90IEw_i8y7nxn7K6y3nApI11tfsiiotYq8DLk6jYh07 +mJg-D8lb0q9JRYmnJcNkIQNVJ06bmJnaJQZ7GXUz9MF8_zuTdm4D8m_Ly2Ai4KFq_lw5CBVrLM5k +pfJveSw_6_uF5pda_EZoR4bBoWdrFvLNwob3lsdgiIYGTafQx2SFfQiiEB_CwpGuj4_Dv-TkUT2O +Ui2UWI9Gr-HxSITnvUR0UHStrDb5miXEr8E_Znwc4Db2juh30L57aEtl5N0TYwKI925qLNLHbFg0 +FKEvIt-o7HmvPY6UqajwAtIAdKpxWpWD-hl-eNVNsT4mVzdegIrM2wzzKIcLOvCEEvyWei_E8mIp +nqYw9LoFrQf3dCh8XeamqYkbPE00E8p1zXPNRow5iz9NQ-BNksp1e-ghqF_xr3L4eh7BkEu2 \ No newline at end of file diff --git a/kubernetes/appc/resources/config/certs/org.onap.appc.p12 b/kubernetes/appc/resources/config/certs/org.onap.appc.p12 new file mode 100644 index 0000000000000000000000000000000000000000..352c4f562a6c090b413806861f469752d45576b8 GIT binary patch literal 4143 zcmY*ZbyO6N(p_p{>F!<$0qIm)xk}Lyw-aChYW`hr!a!zD}DsU)L(i` zG=c!}KO+Kf{0IW*U)ud|Is-}mPen?MgIgGZe#Pe<%pA%b(lgDE`u{>2Y%S2z}%(in8%NI5JF+eqrH3 ztkTF!_qsv59o3QG8TRv(RKrE~X2u`JRgCGx4BL}7Z~ge6e(xQV02vS`!1u+wphWFH zO9NX8B5Ckg8pwhN8)cDOHKhNg_OZMCd;U3;Pzcki4TejJ<1-yk>X*lukqNe7+2+o4 z9bKG_hB)qX?}2X*2tujVRtQjSA(8#HNa2kh=9fM9-5lrQVo96w8E zt5wP8>1DLFhbIBM(ZRXgp(MMDpt6oW)7*7?nlDT$t3hqSE& zug>Rf=W1geo+zm(jUSGx1SFdIR}4OnQy0*0Y-2CZ5|9Dqt^#;E8xkIn@49ZW@CBl& z9jz*+FJZp3d;P`6HPIw7r=SrNU2~xZ!K=-jnDffY9(iv!Xw~6~8sXZ`GIURNRw8I! zkCe0|F38?(;!W!KkdvfR`t^wCwq6O1n$gekrP{%^%q>6F)r0FzM|F&!F`=vI0++jl z`Ug%8!4jTZmLEF^yy3(&Nu6p+ai=u*hJ6Gt&TRX^mfJLt&Wn%SXQ&{CqQEJsftx6| z+%zZVLVXY!8$~}_IrDN%s880nGNdQ}gEaD&r(vUXPtw=qMH{LI+f))hJV*XL6SuKG zo^?wfUG!e0YAR6dN&t&OYWagHy$%z7f2 z@duUb^=Pwz&ezGZN@(v1-y6`O#se;@TiZ2dkoMJpsm<$U5}xw$=?#Wlc^XzZWm039 zvs2K|SY;cw%Qad44PZ|$gQS1iGEJ+*NKp4^DujRoEIJM$>@J)u)O#C zn)DHnP%`_*J=;7tLdf{UN_IzVVs$By6Zw_=3Zu5FhCEt(^^ql;a_MRMWv}=ryOH;l z=<;b!fYID?9mP6ks2>e}A21~6q$W|lth^$j?{1yDi3h z`;gn$o6SHI`1)m&&y3C_XBf0%@j1tX^I%s6=Qar%>jvq$>~RO{1MKEhblz76M{KiBUS#LGo+gpfx%Y{4Ns&wrxtQl5HDBBdc*J zi#f2S-9#BbkXfuTJFMfFC#+8IJPCu+RG)|{f4*p}3i0VqrV457AMQ$~)ilo1_dM9? z%c@J*$6V?9C-~{Kl;l{D$f|F0f^)j?DTnd0LJH2+T(QfAaE9TU6QbV@&A)_{Gtw+{ zeG}igGq505`3a?K?-sRA15`{U%exzU2IMOCysVj#lQk~iW%@%!K6Wdvb(LhwEr?l) zO8jG$AX+hA_Im(FfY;x64p9CF2?JmN=zqF@BX59 z6k;adg!3Qg4UYgF%&byZ>^$9xrN(ZSuU(gVMl3~=*3b($-ZwYL9Hb4K^CVyhN*gD* zK+lL|THNe7AuZ^oIPK;)!BafUFJI#Fd}Vn1V@Z7vAv+Bkxz@o4nxw873N(}y6fU{E zgH|<%@?SiyhH=M=q|uzv-(M%(O;8`+t^LmLiq+N~a9S`GA)jHieu1k$8G?RS9>8QS zpm~8@Rh>UpE-Pz&cIZ9^sx{X26f*v`x{P$=@1(H9-ZKt%T4jMx##ZM!ZIHVwLUqcp zSjNW?=kxv*whWTk8z;pj)hC)Hg>NLODPyUCX7uo(O3vNpN5oD#p>H!fO_xN-$b}5g zh&pH#L*0HjU3-Z~<9Rwhi9JNP1lf0-y|NU^y-ihZ{v*G)2ts~LZy+tX|<{p#fFcztAs7CCz9LG}ai|SV{w?L05#i>szE56Hl zOllu%36reM0HDj`k(6d;XM?<%(HhcOiiSH5=$-lVJl@I}80p1SdEUD>a4GNjRYJ*t zDUV@gOtwgfF4WY9%W+m7P(5i@^9Wp+`3BJbCSMd$Gx}~VH3ss0IZi~ zZ;|S*rXBi%c)yy9P7RP;XMdSr(KP8M7W?Ev+|pXhsLb<*h)bBbX%{NONy=_MBRiK^ome+OE|P%(>ex5}sU$uPbYk-ImQC-DUoiFzl3PHj7t$SFzZ%^Od_>xUVnY*`P<=D~!U~Bl*s=v}Mtm(IZSr@ZQnyF-7XlGNocp{PcQHO={ zA!;_}eJ%Sd?fQXF-WE{|pMWc?RDEzN*4#6zvxsSaD2uRv@u-Cm0FEJpRQZ0nf-(vI(#GXm<2{(c_!YiystB?sxT;FA`8jmY*p|!GolJa@!55QBU!PTKEQ9F1f$0 zF4N+K14;?iCA%(W{Z-Bz%+qM>Zy3p( z!z(3w%ukr570DC^xx4CJdtI$a>r&q;^cnnC5$i2g^D*E$@btWz_wl zr-g=kZ{+?>6kh4_;!#PBsp}b}t%eMrMdg+jOS>tV=cnmce>cMzWH=?jaY^f%eJPje z+OVnll;*Rw0^o(o$YESwjcdBSdx++zMD=*p7VibR5jF^$UBPe9@7>B3snMo96!Z`h=-|~R!VG4L?cDaX++kh?Tp&kAyJWOSD6E5=euqtVU{F!*T@goGfB=Dp> zi8?h#D3b<94PVKf5!&zzC6}Hk+{H9N?7701yHXdUhYVfAXS?1SB1jY=s6R88XFe@1 zZdTRfJ`FzKXdqOGHfS$ete1$HKeeD~_6~DvvHTz-x7Z{wg<9Z_OPpd%24%CD$sah-O1L&R)S@)<|@#&u1G(=V{TKkMA@#UQTnn&}LYzQkeT@oRo z9@7@*lFPxhGn*~ll9~6Z0F}&`!P4+ia8XQJ_`ZGRhUX&nnbg#gWX76(ZcA&4q$`o) zy}$&|!PH3Nm0i}}AddL=4L#^|&Yx=f1SletV^hn6fr`2OkX|02OWEMVA23o2Y&0aP zbwu)TUSEhq#sSQgdOZ~=HMSH@Ksm>N6Rjv6+(lV>q<(Gtsh&q}Zg>#U=wmh16Nn>{ zT*%ko_Bg3LbJ}htR_E#L$qCNQ{q57zBy#;Ch;N{69fh(HV^DkK?nw{TvhAzsWkK+o zhW?qpy|WCigs_>f=g||P(!U+QrDoNW*cc1P zf#WLyM6kVzIgcBGTymY(aNmL}UG^BCv$!PM(s@JUqtxX#}lIYYQvJL2+ z#llB@y~>&XXz>#XtMHz%k3U+b7<2#i$)8csYA?jS$i*tbW8oG40etJH=@SEiwC$ootFtHwT ze5TV6{Pv4~g$O+Es#JN~%Wk3TE?#3Gi#|V6dw#N1Cpoj#l!cvae{Gc1n|M40CC@_- zGgwXXoGwU9hxJBva;KTF1B<|`ji+lj!dYl6eav9G$M9;ecEwd?v=t3m+@WydjM5nQ zIBJ&YQrevaA9@oo6T#b57n%Q&M(Rvm1wW3gUH;Ijm3j?(B7g`<_)g|yWn*M+?M(7` zB3XO#ji{n1mnaBGAV`jf%S-^kr+u}PiV(W9$00!4WK*kI0nStttng{^9_0oQ3(xTw Vn2j8LG-f|V5f?P!;^Dk5{1@Fy!;Sy| literal 0 HcmV?d00001 diff --git a/kubernetes/appc/templates/secrets.yaml b/kubernetes/appc/templates/secrets.yaml index 075c24a064..c6aeb1e102 100644 --- a/kubernetes/appc/templates/secrets.yaml +++ b/kubernetes/appc/templates/secrets.yaml @@ -13,3 +13,17 @@ # limitations under the License. {{ include "common.secretFast" . }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-certs + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }} diff --git a/kubernetes/appc/templates/statefulset.yaml b/kubernetes/appc/templates/statefulset.yaml index 68e108d9b7..5fd34ece79 100644 --- a/kubernetes/appc/templates/statefulset.yaml +++ b/kubernetes/appc/templates/statefulset.yaml @@ -190,6 +190,12 @@ spec: - mountPath: /opt/onap/appc/data/org.ops4j.pax.logging.cfg name: log-config subPath: org.ops4j.pax.logging.cfg + - mountPath: /opt/onap/appc/data/stores/org.onap.appc.p12 + name: p12-certs + subPath: org.onap.appc.p12 + - mountPath: /opt/onap/appc/data/stores/org.onap.appc.keyfile + name: keyfile-certs + subPath: org.onap.appc.keyfile resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -214,6 +220,12 @@ spec: - mountPath: /usr/share/filebeat/data name: data-filebeat volumes: + - name: keyfile-certs + secret: + secretName: {{ include "common.fullname" . }}-certs + - name: p12-certs + secret: + secretName: {{ include "common.fullname" . }}-certs - name: localtime hostPath: path: /etc/localtime -- 2.16.6