summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPiotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>2021-06-29 16:15:49 +0200
committerPiotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>2021-09-06 10:42:00 +0200
commit31dceea4851d67ec706185f9d6f5bd0bf427b2c3 (patch)
treec66e3b75b83cb4ef6f5aff7d81bbcb0c02f0145b
parentf94a5f639cb670fbc4d3902f80d3b5b6714b1ec6 (diff)
[CONTRIB] Introduce certificate update use case in CertService
1. Make changes in order to allow performing KUR/CR in EJBCA: - Add Certificate Update Admin role - Enable EndEntityAuthentication module - Create and set CA with constant UID - Add configuration for provider. 2. Update CertService, which provides with new certificate update endpoint. 3. Update release-notes. Issue-ID: OOM-2753 Issue-ID: OOM-2754 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: I9cb0cb4d6d6939ad229a4ea254f2bc35d45a3d52 Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com>
-rw-r--r--docs/release-notes-honolulu.rst162
-rw-r--r--docs/release-notes.rst76
-rw-r--r--kubernetes/common/cmpv2Config/values.yaml2
-rw-r--r--kubernetes/contrib/components/ejbca/requirements.yaml3
-rwxr-xr-xkubernetes/contrib/components/ejbca/resources/ejbca-config.sh24
-rw-r--r--kubernetes/contrib/components/ejbca/templates/deployment.yaml2
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml2
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml2
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml2
-rw-r--r--kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml5
-rw-r--r--kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml1
-rw-r--r--kubernetes/platform/components/cmpv2-cert-provider/values.yaml3
-rw-r--r--kubernetes/platform/components/oom-cert-service/resources/test/cmpServers.json6
-rw-r--r--kubernetes/platform/components/oom-cert-service/values.yaml2
14 files changed, 227 insertions, 65 deletions
diff --git a/docs/release-notes-honolulu.rst b/docs/release-notes-honolulu.rst
new file mode 100644
index 0000000000..0c8d81f164
--- /dev/null
+++ b/docs/release-notes-honolulu.rst
@@ -0,0 +1,162 @@
+.. This work is licensed under a Creative Commons Attribution 4.0
+ International License.
+.. http://creativecommons.org/licenses/by/4.0
+.. (c) ONAP Project and its contributors
+.. _release_notes_honolulu:
+
+:orphan:
+
+*************************************
+ONAP Operations Manager Release Notes
+*************************************
+
+Previous Release Notes
+======================
+
+- :ref:`Guilin <release_notes_guilin>`
+- :ref:`Frankfurt <release_notes_frankfurt>`
+- :ref:`El Alto <release_notes_elalto>`
+- :ref:`Dublin <release_notes_dublin>`
+- :ref:`Casablanca <release_notes_casablanca>`
+- :ref:`Beijing <release_notes_beijing>`
+- :ref:`Amsterdam <release_notes_amsterdam>`
+
+Abstract
+========
+
+This document provides the release notes for the Honolulu release.
+
+Summary
+=======
+
+The focus of this release is to strengthen the foundation of OOM installer.
+
+Release Data
+============
+
++--------------------------------------+--------------------------------------+
+| **Project** | OOM |
+| | |
++--------------------------------------+--------------------------------------+
+| **Docker images** | N/A |
+| | |
++--------------------------------------+--------------------------------------+
+| **Release designation** | Honolulu |
+| | |
++--------------------------------------+--------------------------------------+
+| **Release date** | 2021/04/29 |
+| | |
++--------------------------------------+--------------------------------------+
+
+New features
+------------
+
+* Kubernetes support for version up to 1.20
+* Helm support for version up to 3.5
+* Limits are set for most of the components
+* Portal-Cassandra image updated to Bitnami, supporting IPv4/IPv6 Dual Stack
+* CMPv2 external issuer implemented which extends Cert-Manager with ability to
+ enroll X.509 certificates from CMPv2 servers
+* New version for mariadb galera using Bitnami image, supporting IPv4/IPv6 Dual
+ Stack
+* Bump version of common PostgreSQL and ElasticSearch
+* Move to automatic certificates retrieval for 80% of the components
+* Consistent retrieval of docker images, with ability to configure proxy for
+ the 4 repositories used by ONAP
+
+**Bug fixes**
+
+A list of issues resolved in this release can be found here:
+https://jira.onap.org/projects/OOM/versions/11073
+
+major issues solved:
+
+* Better handling of persistence on PostgreSQL
+* Better Ingress templating
+* Better Service templating
+
+**Known Issues**
+
+- `OOM-2554 <https://jira.onap.org/browse/OOM-2554>`_ Common pods have java 8
+- `OOM-2435 <https://jira.onap.org/browse/OOM-2435>`_ SDNC karaf shell:
+ log:list: Error executing command: Unrecognized configuration
+- `OOM-2629 <https://jira.onap.org/browse/OOM-2629>`_ NetBox demo entry setup
+ not complete
+- `OOM-2706 <https://jira.onap.org/browse/OOM-2706>`_ CDS Blueprint Processor
+ does not work with local DB
+- `OOM-2713 <https://jira.onap.org/browse/OOM-2713>`_ Problem on onboarding
+ custom cert to SDNC ONAP during deployment
+- `OOM-2698 <https://jira.onap.org/browse/OOM-2698>`_ SO helm override fails in
+ for value with multi-level replacement
+- `OOM-2697 <https://jira.onap.org/browse/OOM-2697>`_ SO with local MariaDB
+ deployment fails
+- `OOM-2538 <https://jira.onap.org/browse/OOM-2538>`_ strange error with
+ CertInitializer template
+- `OOM-2547 <https://jira.onap.org/browse/OOM-2547>`_ Health Check failures
+ seen after bringing down/up control plane & worker node VM instances on which
+ ONAP hosted
+- `OOM-2699 <https://jira.onap.org/browse/OOM-2699>`_ SO so-mariadb
+ readinessCheck fails for local MariaDB instance
+- `OOM-2705 <https://jira.onap.org/browse/OOM-2705>`_ SDNC DB installation fails
+ on local MariaDB instance
+- `OOM-2603 <https://jira.onap.org/browse/OOM-2603>`_ [SDNC] allign password for
+ scaleoutUser/restconfUser/odlUser
+
+Deliverables
+------------
+
+Software Deliverables
+~~~~~~~~~~~~~~~~~~~~~
+
+OOM provides `Helm charts <https://git.onap.org/oom/>`_ that needs to be
+"compiled" into Helm package. see step 6 in
+:doc:`quickstart guide <oom_quickstart_guide>`.
+
+Documentation Deliverables
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- :doc:`Project Description <oom_project_description>`
+- :doc:`Cloud Setup Guide <oom_cloud_setup_guide>`
+- :doc:`Quick Start Guide <oom_quickstart_guide>`
+- :doc:`Setup Ingress Controller <oom_setup_ingress_controller>`
+- :doc:`Developer Guide <oom_developer_guide>`
+- :doc:`Hardcoded Certificates <oom_hardcoded_certificates>`
+
+Known Limitations, Issues and Workarounds
+=========================================
+
+Known Vulnerabilities
+---------------------
+
+- Hard coded password used for all OOM deployments
+ [`OJSI-188 <https://jira.onap.org/browse/OJSI-188>`_]
+- :doc:`Hard coded certificates <oom_hardcoded_certificates>` in Helm packages
+
+Workarounds
+-----------
+
+- `<https://github.com/bitnami/bitnami-docker-mariadb-galera/issues/35>`_
+ Workaround is to generate a password with "short" strenght or pregenerate
+ passwords without single quote in it. Default deployment is using "short"
+ password generation for mariadb.
+
+Security Notes
+--------------
+
+**Fixed Security Issues**
+
+References
+==========
+
+For more information on the ONAP Frankfurt release, please see:
+
+#. `ONAP Home Page`_
+#. `ONAP Documentation`_
+#. `ONAP Release Downloads`_
+#. `ONAP Wiki Page`_
+
+
+.. _`ONAP Home Page`: https://www.onap.org
+.. _`ONAP Wiki Page`: https://wiki.onap.org
+.. _`ONAP Documentation`: https://docs.onap.org
+.. _`ONAP Release Downloads`: https://git.onap.org
diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index ae0ea457f5..730acd5eea 100644
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -11,6 +11,7 @@ ONAP Operations Manager Release Notes
Previous Release Notes
======================
+- :ref:`Honolulu <release_notes_honolulu>`
- :ref:`Guilin <release_notes_guilin>`
- :ref:`Frankfurt <release_notes_frankfurt>`
- :ref:`El Alto <release_notes_elalto>`
@@ -22,12 +23,12 @@ Previous Release Notes
Abstract
========
-This document provides the release notes for the Honolulu release.
+This document provides the release notes for the Istanbul release.
Summary
=======
-The focus of this release is to strengthen the foundation of OOM installer.
+
Release Data
============
@@ -39,66 +40,25 @@ Release Data
| **Docker images** | N/A |
| | |
+--------------------------------------+--------------------------------------+
-| **Release designation** | Honolulu |
+| **Release designation** | Istanbul |
| | |
+--------------------------------------+--------------------------------------+
-| **Release date** | 2021/04/29 |
+| **Release date** | |
| | |
+--------------------------------------+--------------------------------------+
New features
------------
-* Kubernetes support for version up to 1.20
-* Helm support for version up to 3.5
-* Limits are set for most of the components
-* Portal-Cassandra image updated to Bitnami, supporting IPv4/IPv6 Dual Stack
-* CMPv2 external issuer implemented which extends Cert-Manager with ability to
- enroll X.509 certificates from CMPv2 servers
-* New version for mariadb galera using Bitnami image, supporting IPv4/IPv6 Dual
- Stack
-* Bump version of common PostgreSQL and ElasticSearch
-* Move to automatic certificates retrieval for 80% of the components
-* Consistent retrieval of docker images, with ability to configure proxy for
- the 4 repositories used by ONAP
**Bug fixes**
A list of issues resolved in this release can be found here:
-https://jira.onap.org/projects/OOM/versions/11073
-
-major issues solved:
+https://jira.onap.org/projects/OOM/versions/11074
-* Better handling of persistence on PostgreSQL
-* Better Ingress templating
-* Better Service templating
**Known Issues**
-- `OOM-2554 <https://jira.onap.org/browse/OOM-2554>`_ Common pods have java 8
-- `OOM-2435 <https://jira.onap.org/browse/OOM-2435>`_ SDNC karaf shell:
- log:list: Error executing command: Unrecognized configuration
-- `OOM-2629 <https://jira.onap.org/browse/OOM-2629>`_ NetBox demo entry setup
- not complete
-- `OOM-2706 <https://jira.onap.org/browse/OOM-2706>`_ CDS Blueprint Processor
- does not work with local DB
-- `OOM-2713 <https://jira.onap.org/browse/OOM-2713>`_ Problem on onboarding
- custom cert to SDNC ONAP during deployment
-- `OOM-2698 <https://jira.onap.org/browse/OOM-2698>`_ SO helm override fails in
- for value with multi-level replacement
-- `OOM-2697 <https://jira.onap.org/browse/OOM-2697>`_ SO with local MariaDB
- deployment fails
-- `OOM-2538 <https://jira.onap.org/browse/OOM-2538>`_ strange error with
- CertInitializer template
-- `OOM-2547 <https://jira.onap.org/browse/OOM-2547>`_ Health Check failures
- seen after bringing down/up control plane & worker node VM instances on which
- ONAP hosted
-- `OOM-2699 <https://jira.onap.org/browse/OOM-2699>`_ SO so-mariadb
- readinessCheck fails for local MariaDB instance
-- `OOM-2705 <https://jira.onap.org/browse/OOM-2705>`_ SDNC DB installation fails
- on local MariaDB instance
-- `OOM-2603 <https://jira.onap.org/browse/OOM-2603>`_ [SDNC] allign password for
- scaleoutUser/restconfUser/odlUser
Deliverables
------------
@@ -126,17 +86,25 @@ Known Limitations, Issues and Workarounds
Known Vulnerabilities
---------------------
-- Hard coded password used for all OOM deployments
- [`OJSI-188 <https://jira.onap.org/browse/OJSI-188>`_]
-- :doc:`Hard coded certificates <oom_hardcoded_certificates>` in Helm packages
Workarounds
-----------
-- `<https://github.com/bitnami/bitnami-docker-mariadb-galera/issues/35>`_
- Workaround is to generate a password with "short" strenght or pregenerate
- passwords without single quote in it. Default deployment is using "short"
- password generation for mariadb.
+- `OOM-2754 <https://jira.onap.org/browse/OOM-2754>`_
+ Because of *updateEndpoint* property added to *cmpv2issuer* CRD
+ it is impossible to upgrade platform component from Honolulu to Istanbul
+ release without manual steps. Actions that should be performed:
+
+ #. Update the CRD definition::
+
+ > kubectl -n onap apply -f cmpv2-cert-provider/crds/cmpv2issuer.yaml
+ #. Upgrade the component
+ #. Make sure that *cmpv2issuer* contains correct value for
+ *spec.updateEndpoint*. The value should be: *v1/certificate-update*.
+ If it's not, edit the resource::
+
+ > kubectl -n onap edit cmpv2issuer cmpv2-issuer-onap
+
Security Notes
--------------
@@ -146,7 +114,7 @@ Security Notes
References
==========
-For more information on the ONAP Frankfurt release, please see:
+For more information on the ONAP Istanbul release, please see:
#. `ONAP Home Page`_
#. `ONAP Documentation`_
diff --git a/kubernetes/common/cmpv2Config/values.yaml b/kubernetes/common/cmpv2Config/values.yaml
index 02595b348d..4b8438ace2 100644
--- a/kubernetes/common/cmpv2Config/values.yaml
+++ b/kubernetes/common/cmpv2Config/values.yaml
@@ -35,5 +35,5 @@ global:
truststorePasswordSecretName: oom-cert-service-truststore-password
truststorePasswordSecretKey: password
certPostProcessor:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.3
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.4.0
diff --git a/kubernetes/contrib/components/ejbca/requirements.yaml b/kubernetes/contrib/components/ejbca/requirements.yaml
index 31db08aa3a..8762d969f9 100644
--- a/kubernetes/contrib/components/ejbca/requirements.yaml
+++ b/kubernetes/contrib/components/ejbca/requirements.yaml
@@ -26,3 +26,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: cmpv2Config
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh b/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh
index ad10240b94..2c672e2f07 100755
--- a/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh
+++ b/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh
@@ -8,16 +8,31 @@ waitForEjbcaToStart() {
}
configureEjbca() {
+ ejbca.sh ca init \
+ --caname ManagementCA \
+ --dn "O=EJBCA Container Quickstart,CN=ManagementCA,UID=12345" \
+ --tokenType soft \
+ --keyspec 3072 \
+ --keytype RSA \
+ -v 3652 \
+ --policy null \
+ -s SHA256WithRSA \
+ -type "x509"
ejbca.sh config cmp addalias --alias cmpRA
ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra
ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value ${RA_IAK}
- ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value pbe
+ ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value signature
+ ejbca.sh config cmp updatealias --alias cmpRA --key authenticationmodule --value 'HMAC;EndEntityCertificate'
+ ejbca.sh config cmp updatealias --alias cmpRA --key authenticationparameters --value '-;ManagementCA'
+ ejbca.sh config cmp updatealias --alias cmpRA --key allowautomatickeyupdate --value true
#Custom EJBCA cert profile and endentity are imported to allow issuing certificates with correct extended usage (containing serverAuth)
ejbca.sh ca importprofiles -d /opt/primekey/custom_profiles
#Profile name taken from certprofile filename (certprofile_<profile-name>-<id>.xml)
ejbca.sh config cmp updatealias --alias cmpRA --key ra.certificateprofile --value CUSTOM_ENDUSER
#ID taken from entityprofile filename (entityprofile_<profile-name>-<id>.xml)
ejbca.sh config cmp updatealias --alias cmpRA --key ra.endentityprofileid --value 1356531849
+ caSubject=$(ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout | grep 'Subject' | sed -e "s/^Subject: //" | sed -n '1p')
+ ejbca.sh config cmp updatealias --alias cmpRA --key defaultca --value "$caSubject"
ejbca.sh config cmp dumpalias --alias cmpRA
ejbca.sh config cmp addalias --alias cmp
ejbca.sh config cmp updatealias --alias cmp --key allowautomatickeyupdate --value true
@@ -27,6 +42,13 @@ configureEjbca() {
ejbca.sh config cmp updatealias --alias cmp --key extractusernamecomponent --value CN
ejbca.sh config cmp dumpalias --alias cmp
ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout > cacert.pem
+ #Add "Certificate Update Admin" role to allow performing KUR/CR for certs within specific organization (e.g. Linux-Foundation)
+ ejbca.sh roles addrole "Certificate Update Admin"
+ ejbca.sh roles changerule "Certificate Update Admin" /ca/ManagementCA/ ACCEPT
+ ejbca.sh roles changerule "Certificate Update Admin" /ca_functionality/create_certificate/ ACCEPT
+ ejbca.sh roles changerule "Certificate Update Admin" /endentityprofilesrules/Custom_EndEntity/ ACCEPT
+ ejbca.sh roles changerule "Certificate Update Admin" /ra_functionality/edit_end_entity/ ACCEPT
+ ejbca.sh roles addrolemember "Certificate Update Admin" ManagementCA WITH_ORGANIZATION --value "{{ .Values.cmpv2Config.global.certificate.default.subject.organization }}"
}
diff --git a/kubernetes/contrib/components/ejbca/templates/deployment.yaml b/kubernetes/contrib/components/ejbca/templates/deployment.yaml
index 46f7d3521c..fc163ee2e2 100644
--- a/kubernetes/contrib/components/ejbca/templates/deployment.yaml
+++ b/kubernetes/contrib/components/ejbca/templates/deployment.yaml
@@ -61,6 +61,8 @@ spec:
env:
- name: INITIAL_ADMIN
value: ";PublicAccessAuthenticationToken:TRANSPORT_ANY;"
+ - name: NO_CREATE_CA
+ value: "true"
- name: DATABASE_JDBC_URL
value: jdbc:mariadb://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ .Values.mysqlDatabase }}
- name: DATABASE_USER
diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml
index 838e49e9cc..670e6c17dc 100644
--- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml
@@ -34,7 +34,7 @@ filebeatConfig:
#################################################################
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
-certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.3
+certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.4.0
#################################################################
# Application Configuration Defaults.
diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
index 9b943c4fcc..7f17532cb2 100644
--- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
@@ -35,7 +35,7 @@ filebeatConfig:
#################################################################
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
-certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.3
+certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.4.0
#################################################################
# Application configuration defaults.
diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
index 34adba7a3c..bfea92aeb9 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
@@ -35,7 +35,7 @@ filebeatConfig:
#################################################################
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
-certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.3
+certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.4.0
#################################################################
# Application configuration defaults.
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml b/kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml
index 0bc24afe86..e8418355d3 100644
--- a/kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml
+++ b/kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml
@@ -56,7 +56,10 @@ spec:
description: Path of health check endpoint.
type: string
certEndpoint:
- description: Path of cerfificate signing enpoint.
+ description: Path of cerfificate signing endpoint.
+ type: string
+ updateEndpoint:
+ description: Path of certificate update endpoint.
type: string
caName:
description: Name of the external CA server configured on CertService API side.
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml
index ae4ae81f02..52e35375d3 100644
--- a/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml
+++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml
@@ -25,6 +25,7 @@ spec:
url: {{ .Values.cmpv2issuer.url }}
healthEndpoint: {{ .Values.cmpv2issuer.healthcheckEndpoint }}
certEndpoint: {{ .Values.cmpv2issuer.certEndpoint }}
+ updateEndpoint: {{ .Values.cmpv2issuer.updateEndpoint }}
caName: {{ .Values.cmpv2issuer.caName }}
certSecretRef:
name: {{ .Values.cmpv2issuer.certSecretRef.name }}
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml
index 38bddfbdc3..2237811465 100644
--- a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml
+++ b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml
@@ -28,7 +28,7 @@ namespace: onap
# Deployment configuration
deployment:
name: oom-certservice-cmpv2issuer
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.3.2
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.4.0
proxyImage: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0
# fol local development use IfNotPresent
pullPolicy: Always
@@ -50,6 +50,7 @@ cmpv2issuer:
url: https://oom-cert-service:8443
healthcheckEndpoint: actuator/health
certEndpoint: v1/certificate
+ updateEndpoint: v1/certificate-update
caName: RA
certSecretRef:
name: oom-cert-service-client-tls-secret
diff --git a/kubernetes/platform/components/oom-cert-service/resources/test/cmpServers.json b/kubernetes/platform/components/oom-cert-service/resources/test/cmpServers.json
index 06e1087f60..5a967f0405 100644
--- a/kubernetes/platform/components/oom-cert-service/resources/test/cmpServers.json
+++ b/kubernetes/platform/components/oom-cert-service/resources/test/cmpServers.json
@@ -3,7 +3,7 @@
{
"caName": "CLIENT",
"url": "http://ejbca:8080/ejbca/publicweb/cmp/cmp",
- "issuerDN": "CN=ManagementCA",
+ "issuerDN": "O=EJBCA Container Quickstart,CN=ManagementCA,UID=12345",
"caMode": "CLIENT",
"authentication": {
"iak": "${CLIENT_IAK}",
@@ -13,7 +13,7 @@
{
"caName": "RA",
"url": "http://ejbca:8080/ejbca/publicweb/cmp/cmpRA",
- "issuerDN": "CN=ManagementCA",
+ "issuerDN": "O=EJBCA Container Quickstart,CN=ManagementCA,UID=12345",
"caMode": "RA",
"authentication": {
"iak": "${RA_IAK}",
@@ -21,4 +21,4 @@
}
}
]
-} \ No newline at end of file
+}
diff --git a/kubernetes/platform/components/oom-cert-service/values.yaml b/kubernetes/platform/components/oom-cert-service/values.yaml
index 2e149683d7..fbd545c12e 100644
--- a/kubernetes/platform/components/oom-cert-service/values.yaml
+++ b/kubernetes/platform/components/oom-cert-service/values.yaml
@@ -34,7 +34,7 @@ service:
# Deployment configuration
repository: "nexus3.onap.org:10001"
-image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.3.3
+image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.4.0
pullPolicy: Always
replicaCount: 1