[OOM] Update Linux SSL Truststore /etc/ssl

Add update for /etc/ssl/cacerts/ca-certificates.crt

Issue-ID: CCSDK-3356
Change-Id: I797aea054bb80db805f4791a288e89b102e1d662
Signed-off-by: Abdelmuhaimen Seaudi <abdelmuhaimen.seaudi@orange.com>

diff --git a/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh
index 6df7505..0667ae2 100755 (executable)
--- a/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh
+++ b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh
@@ -22,6 +22,7 @@ WORK_DIR=${WORK_DIR:-/updatedTruststore}
 ONAP_TRUSTSTORE=${ONAP_TRUSTSTORE:-truststoreONAPall.jks}
 JRE_TRUSTSTORE=${JRE_TRUSTSTORE:-$JAVA_HOME/lib/security/cacerts}
 TRUSTSTORE_OUTPUT_FILENAME=${TRUSTSTORE_OUTPUT_FILENAME:-truststore.jks}
+SSL_WORKDIR=${SSL_WORKDIR:-/usr/local/share/ca-certificates}
 
 mkdir -p $WORK_DIR
 
@@ -76,3 +77,15 @@ for f in $WORK_DIR/*; do
     fi
   fi
 done
+
+# Import certificates to Linux SSL Truststore
+cp $CERTS_DIR/*.crt $SSL_WORKDIR/.
+cp $MORE_CERTS_DIR/*.crt $SSL_WORKDIR/.
+update-ca-certificates
+if [ $? != 0 ]
+  then
+    echo "failed importing certificates"
+    exit 1
+  else
+    cp /etc/ssl/certs/ca-certificates.crt $WORK_DIR/.
+fi
\ No newline at end of file

diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
index f3ba8a2..32bba45 100644 (file)
--- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml
+++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
@@ -174,6 +174,9 @@
 - mountPath: {{ $initRoot.truststoreMountpath }}/{{ $initRoot.truststoreOutputFileName }}
   name: updated-truststore
   subPath: {{ $initRoot.truststoreOutputFileName }}
+- mountPath: /etc/ssl/certs/ca-certificates.crt
+  name: updated-truststore
+  subPath: ca-certificates.crt
 {{- end -}}
 {{- end -}}