diff options
| author |   Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2021-03-11 08:31:57 +0100 |
|---|---|---|
| committer |   Morgan Richomme <morgan.richomme@orange.com> | 2021-03-25 07:18:38 +0000 |
| commit | 4d9702f7d3a9f7015d28874a37841c20e5a49efe (patch) | |
| tree | 26c33d72d7bd16a4afb361d2413ae4de24561729 | |
| parent | 152c430f7f7914d72a7820aba3264ab780b056c2 (diff) | |
[CDS] Update hardcoded certificates
Update CDS UI certificates in order to have validity for one year
Issue-ID: CCSDK-3207
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Id7a0dbdfb6a59ac7e76e00fd106855f05482b041
| -rw-r--r-- | kubernetes/cds/charts/cds-ui/resources/certs/org.onap.sdnc-cds.p12 | bin | 0 -> 4383 bytes | |||
| -rw-r--r-- | kubernetes/cds/charts/cds-ui/templates/deployment.yaml | 16 | ||||
| -rw-r--r-- | kubernetes/cds/charts/cds-ui/templates/secret.yaml | 31 | ||||
| -rw-r--r-- | kubernetes/cds/charts/cds-ui/values.yaml | 14 |
4 files changed, 61 insertions, 0 deletions
diff --git a/kubernetes/cds/charts/cds-ui/resources/certs/org.onap.sdnc-cds.p12 b/kubernetes/cds/charts/cds-ui/resources/certs/org.onap.sdnc-cds.p12 Binary files differnew file mode 100644 index 0000000000..8240f4c590 --- /dev/null +++ b/kubernetes/cds/charts/cds-ui/resources/certs/org.onap.sdnc-cds.p12 diff --git a/kubernetes/cds/charts/cds-ui/templates/deployment.yaml b/kubernetes/cds/charts/cds-ui/templates/deployment.yaml index 4d3d8347db..a0774ec859 100644 --- a/kubernetes/cds/charts/cds-ui/templates/deployment.yaml +++ b/kubernetes/cds/charts/cds-ui/templates/deployment.yaml @@ -52,6 +52,13 @@ spec: initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end }} + command: + - sh + args: + - -c + - | + echo "cadi_keystore_password_p12=$PASSPHRASE_VALUE" > .enc + node . env: - name: HOST value: 0.0.0.0 @@ -71,6 +78,10 @@ spec: value: "{{ .Values.config.api.processor.grpc.port }}" - name: API_BLUEPRINT_PROCESSOR_GRPC_AUTH_TOKEN value: {{ .Values.config.api.processor.grpc.authToken }} + - name: KEYSTORE + value: "/certs/org.onap.sdnc-cds.p12" + - name: PASSPHRASE_VALUE + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-certs-pass" "key" "password") | indent 14 }} readinessProbe: tcpSocket: port: {{ .Values.service.internalPort }} @@ -80,6 +91,8 @@ spec: - mountPath: /etc/localtime name: localtime readOnly: true + - mountPath: /certs + name: certs resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -94,5 +107,8 @@ spec: - name: localtime hostPath: path: /etc/localtime + - name: certs + secret: + secretName: {{ include "common.fullname" . }}-certs imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/cds/charts/cds-ui/templates/secret.yaml b/kubernetes/cds/charts/cds-ui/templates/secret.yaml new file mode 100644 index 0000000000..6dcf31f6ca --- /dev/null +++ b/kubernetes/cds/charts/cds-ui/templates/secret.yaml @@ -0,0 +1,31 @@ +{{/* +# Copyright © 2021 Orange +# Modifications Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-certs + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }} +--- +{{ include "common.secretFast" . }} diff --git a/kubernetes/cds/charts/cds-ui/values.yaml b/kubernetes/cds/charts/cds-ui/values.yaml index 496aa85fea..d94c59f02a 100644 --- a/kubernetes/cds/charts/cds-ui/values.yaml +++ b/kubernetes/cds/charts/cds-ui/values.yaml @@ -21,6 +21,20 @@ global: loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: cds-certs-pass + type: password + externalSecret: '{{ tpl (default "" .Values.certs.certsExternalSecret) . }}' + password: '{{ .Values.certs.password }}' + +certs: + password: "DG*HkOIe5W^F}XYI6o!2sD(6" + #certsExternalSecret: + subChartsOnly: enabled: true |