Merge "[CCSDK] Add hardcoded dgbuilder certificates" into frankfurt6.0.1

7 files changed, 78 insertions, 0 deletions

diff --git a/docs/oom_hardcoded_certificates.rst b/docs/oom_hardcoded_certificates.rst
index 8943910eb0..922cd5f01d 100644
--- a/docs/oom_hardcoded_certificates.rst
+++ b/docs/oom_hardcoded_certificates.rst
@@ -80,3 +80,5 @@ Here's the list of these certificates:
  +------------------+------------------+------------------+---------------------------------------------------------------------------------------------------+
  | CDS BP Executor  | Yes              | No              | No               | kubernetes/cds/charts/cds-blueprints-processor/resources/config/ONAP_RootCA.cer |
  +------------------+------------------+------------------+---------------------------------------------------------------------------------------------------+
+ | CCSDK dgbuilder  | No               | Yes             | No               | kubernetes/common/dgbuilder/resources/certs                                     |
+ +------------------+------------------+------------------+---------------------------------------------------------------------------------------------------+
diff --git a/kubernetes/common/dgbuilder/resources/certs/node-cert.cer b/kubernetes/common/dgbuilder/resources/certs/node-cert.cer
new file mode 100644
index 0000000000..d944fc702d
--- /dev/null
+++ b/kubernetes/common/dgbuilder/resources/certs/node-cert.cer
diff --git a/kubernetes/common/dgbuilder/resources/certs/node-cert.pem b/kubernetes/common/dgbuilder/resources/certs/node-cert.pem
new file mode 100644
index 0000000000..13a4046d83
--- /dev/null
+++ b/kubernetes/common/dgbuilder/resources/certs/node-cert.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDATCCAekCFC8zGpHciUlQB1u+pmfkprCO65ASMA0GCSqGSIb3DQEBCwUAMD0x
+CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOSjENMAsGA1UECgwET05BUDESMBAGA1UE
+AwwJZGdidWlsZGVyMB4XDTIwMDcxNTE5NTAwMVoXDTIxMDcxNTE5NTAwMVowPTEL
+MAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5KMQ0wCwYDVQQKDARPTkFQMRIwEAYDVQQD
+DAlkZ2J1aWxkZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8p5VL
+FX+kneXJEwcO1fTy2AThZyhzjxGCllEKx5WVRc7vLBVdmFQr8jTbnGGIgPcXOFHz
+GyO8dYRra0tz+sIeBdkNDNRcmDyRVD0ThjDLTCbZ3KZJp8LKDE0iOO4NZVAm6lb8
+ZNLz8hX6rtw9YBOKQXW/WZ0kWIzC0/qnVQUPbtS6kvDcaWIacpGwUkLq0NcNCo9q
+b14ADChMpVtfBj7RRpqEVS9QVQ8VTK9kKT26GPSj4se2jN4Zu7m5ReVO1GcdxmyK
+AAaB0w/bmIfploRehuNFhPVkFJJD5BGjF/YiGhrvJCgqrmrueIwgu3sLXyMXakeJ
+7sPzkg/iLzt5ee93AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAKhP8mTxEF2+cX6p
+V9lIX0M8sIN5ENEfF64QcNHWdoZK+8hr7xfV6l36F8SNNQJG5/o+R6doYQ4DkoH8
+UtIWz0JMA7C9Mo+/8fEpHUeg+co5KDsEYNkhoGi5RELRFon0Q/kCaVIhcpuOJkna
+0ZoIxExSzKOWfJeybtZMMHJVJbmCyPkcnx5m5yZ/Q5VcWA2b11lvldfjkaTR27C1
+2N2m9qgi93frv+wilbwAMLv+tCarjaxS5IZO0YhrCmjIwCRQtg7tLW7j8DSfohPo
+xG3TmoNdt0m3xUsiC+M7Th+V/xtwimaaHuqu1iwN/c67wV3XlBn76zqBx88YoRvM
+b8lj6Qc=
+-----END CERTIFICATE-----
diff --git a/kubernetes/common/dgbuilder/resources/certs/node-csr.pem b/kubernetes/common/dgbuilder/resources/certs/node-csr.pem
new file mode 100644
index 0000000000..28a6a370d5
--- /dev/null
+++ b/kubernetes/common/dgbuilder/resources/certs/node-csr.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICgjCCAWoCAQAwPTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5KMQ0wCwYDVQQK
+DARPTkFQMRIwEAYDVQQDDAlkZ2J1aWxkZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC8p5VLFX+kneXJEwcO1fTy2AThZyhzjxGCllEKx5WVRc7vLBVd
+mFQr8jTbnGGIgPcXOFHzGyO8dYRra0tz+sIeBdkNDNRcmDyRVD0ThjDLTCbZ3KZJ
+p8LKDE0iOO4NZVAm6lb8ZNLz8hX6rtw9YBOKQXW/WZ0kWIzC0/qnVQUPbtS6kvDc
+aWIacpGwUkLq0NcNCo9qb14ADChMpVtfBj7RRpqEVS9QVQ8VTK9kKT26GPSj4se2
+jN4Zu7m5ReVO1GcdxmyKAAaB0w/bmIfploRehuNFhPVkFJJD5BGjF/YiGhrvJCgq
+rmrueIwgu3sLXyMXakeJ7sPzkg/iLzt5ee93AgMBAAGgADANBgkqhkiG9w0BAQsF
+AAOCAQEAE5Qgik0whJkv4WJVCbCPpbHvpXXXNqMeuxybCixKVTZGY9xxxYOPe/OL
+5UqMTqes8Tb56e0feOweCecFLX+AatiDjPg9ZlPW/1LQEWEmvG2uh/0AeNt2nTA5
+WnmqgEwdJszopumVfCDg8vqcaGuDxRXE38mD1jnJYPjjQIumGhpHtqjIfp5CSXJb
+2HXpMQUOqs9dJJATyKvjIpnAJPInlxp3c24pehuMT/IXtbAAGUlGl4wCEQOREzHi
+3fLqJ9eZ3/96jlWAY8KHeAne+IOV8QRf6XsdpJ/TIFGBxlGokqSY1lE3kbAhlfgP
++vnPsK4kQP0JuQ7Mr5cLnSknOMxICw==
+-----END CERTIFICATE REQUEST-----
diff --git a/kubernetes/common/dgbuilder/resources/certs/node-key.pem b/kubernetes/common/dgbuilder/resources/certs/node-key.pem
new file mode 100644
index 0000000000..c6f44914b1
--- /dev/null
+++ b/kubernetes/common/dgbuilder/resources/certs/node-key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAvKeVSxV/pJ3lyRMHDtX08tgE4Wcoc48RgpZRCseVlUXO7ywV
+XZhUK/I025xhiID3FzhR8xsjvHWEa2tLc/rCHgXZDQzUXJg8kVQ9E4Ywy0wm2dym
+SafCygxNIjjuDWVQJupW/GTS8/IV+q7cPWATikF1v1mdJFiMwtP6p1UFD27UupLw
+3GliGnKRsFJC6tDXDQqPam9eAAwoTKVbXwY+0UaahFUvUFUPFUyvZCk9uhj0o+LH
+tozeGbu5uUXlTtRnHcZsigAGgdMP25iH6ZaEXobjRYT1ZBSSQ+QRoxf2Ihoa7yQo
+Kq5q7niMILt7C18jF2pHie7D85IP4i87eXnvdwIDAQABAoIBAAnKRJQd7H7VdtxF
+cYNSlSCZFz+/Q7kjfowhUtlVXCzf74o35m/x/MQ/EIEpD2KvFqOM16vfB667BoEw
+kzzUkYhPU2E6/jZD7Di6f2To/NVAAXAi5DpES3aCxun0vF3TmSI73QHCFbR1JrDY
+rDM/LiRpmzuv4djGA6AEsihG4DlZtzRjgf6E7bISEv0GKJKnSotFsygvCxFj4n87
+gILsRpbcJgfCyCt5AYHN2Slw0N588WLMm2ShzFT1BoXDX2F2rZFPsHYM/DaFkHHe
+5Q8GlMou0OLnpH+9eJIR9TWXqjCokuEVu5nMLwccsEcujkc5OSt3R0U9HZqpvAPY
+K1l/rkkCgYEA6ZaIgI1w9lGt26rmYD87dlfrPAk/y3qeWbnADE9TcGf1A+qLntuK
+MWGTCzQ25nmQykAjBLt+688EaVBmeL3M33EIsUco1G3wM0y3UYoJ3YOgiYwMz+bm
+4xrWm388H+fwwR8XsmdgVlQ4/ssbPlIZVwiKP16Fe5TEKnj/VkJnxZUCgYEAzsFh
+f+NDEx0qZiZ0a+e8bdZzEjPuq0DI0bn2Q6nL1VOCcrPrvjPRyuX655v2ruvKMEe/
+mLwwH2XwCHcurLXog/y8ZMsMnm5hPufmoyWxP3L6l+uPho+fUk8s+rpWPtS2cgAt
+OhuKPGYub5yesnc4q5BibD4MtcHWM0YYsm54BdsCgYB/hxPXO2Fk2YsV1uQXv+3y
+2mUvTc1qhfNWATd8gQKI5/i4vqCjhjCYbTEeeM9QXSZThViZCNRuYYODC8YmPVlQ
+1CFux+7eq3bsSwH6nmZsbaSD89Y621FKxChOlNR6huLGTPdfC1lpSGolkTW6fJAh
+GCSCHFS796hxl8WvjmmhUQKBgGcMSyQKiSvFpZQ0JmKBpZC5CbFQ4OvJ5k1hejRP
+NKCmdqXktuKdwTp3VY6KVXDpZGSb3gqqAPIlRHVzsXezUqg2F0/FRAzSxvUrb/Bw
+oN8W139QkMBoZOgJPknZBZNbQXOgUupbP5LK+un2DcK1WTFpTSTV6E/OxIvZrAWC
+uZ9xAoGBAJufbS/h8Yo1sQMuIZEZhC6jFiPqA5fnIyQgaZu+zgpy3zjYXHpJ0THE
+wYZMEMKKxRFgZ7XXTWDkgdEfoJXMtnq/bN4BFxJ5Ns0FkitXmIc96+UYaKjC2KJK
+9TXMGe4bMJtFDhHZ0lzBqs0U88Yy/7AIupusuBnyupU5vLDUujh3
+-----END RSA PRIVATE KEY-----
diff --git a/kubernetes/common/dgbuilder/templates/deployment.yaml b/kubernetes/common/dgbuilder/templates/deployment.yaml
index e1fac77a97..ac15055a81 100644
--- a/kubernetes/common/dgbuilder/templates/deployment.yaml
+++ b/kubernetes/common/dgbuilder/templates/deployment.yaml
@@ -113,6 +113,8 @@ spec:
           - name: config
             mountPath: /opt/onap/ccsdk/dgbuilder/releases/sdnc1.0/customSettings.js
             subPath: customSettings.js
+          - name: certificates
+            mountPath: /opt/onap/ccsdk/dgbuilder/certs
           resources:
 {{ include "common.resources" . | indent 12 }}
         {{- if .Values.nodeSelector }}
@@ -133,5 +135,8 @@ spec:
         - name: config
           emptyDir:
             medium: Memory
+        - name: certificates
+          secret:
+            secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "{{.Release.Name}}-dgbuilder-onap-certs") }}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml
index a1f637b199..6f8beef576 100644
--- a/kubernetes/common/dgbuilder/values.yaml
+++ b/kubernetes/common/dgbuilder/values.yaml
@@ -78,6 +78,15 @@ secrets:
     externalSecret: '{{ tpl (default "" .Values.config.restconfCredsExternalSecret) . }}'
     login: '{{ .Values.config.restconfUser }}'
     password: '{{ .Values.config.restconfPassword }}'
+  - uid: "{{.Release.Name}}-dgbuilder-onap-certs"
+    name: '{{.Release.Name}}-dgbuilder-certs'
+    externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+    type: generic
+    filePaths:
+      - resources/certs/node-cert.cer
+      - resources/certs/node-cert.pem
+      - resources/certs/node-csr.pem
+      - resources/certs/node-key.pem
 
 #################################################################
 # Application configuration defaults.