summaryrefslogtreecommitdiffstats
path: root/kubernetes/platform/components/oom-cert-service
AgeCommit message (Collapse)AuthorFilesLines
2021-10-10[DCAEGEN2] Update chart with service accountfarida azmy1-1/+1
Add service account to requirements.yaml, values.yaml and deployment/statefulset. Issue-ID: OOM-2726 Signed-off-by: farida azmy <farida.azmy.ext@orange.com> Co-authored-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I6bafed3c621f4e7b1a307bc9338334586eb6795e Signed-off-by: Abdelmuhaimen Seaudi <abdelmuhaimen.seaudi@orange.com>
2021-09-06[CONTRIB] Introduce certificate update use case in CertServicePiotr Marcinkiewicz2-4/+4
1. Make changes in order to allow performing KUR/CR in EJBCA: - Add Certificate Update Admin role - Enable EndEntityAuthentication module - Create and set CA with constant UID - Add configuration for provider. 2. Update CertService, which provides with new certificate update endpoint. 3. Update release-notes. Issue-ID: OOM-2753 Issue-ID: OOM-2754 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: I9cb0cb4d6d6939ad229a4ea254f2bc35d45a3d52 Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com>
2021-07-19[PLATFORM] Added imagePullSecrets to common template filesandreas-geissler1-0/+2
Added the missing definition for imagePullSecrets in the deployment.yaml of oom-cert-service, cmpv2-cert-provider to support the registryGenerator Issue-ID: OOM-2792 Signed-off-by: andreas-geissler <andreas-geissler@telekom.de> Change-Id: I6cec6b223515de649606f1daba1dd920a8348213
2021-05-10[PLATFORM] Remove certificate generation deploymentPiotr Marcinkiewicz2-35/+0
- remove certificate generation deployment - change certificate secret for provider (from server to client) - correct documentation Issue-ID: OOM-2712 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: I21a8e277e1fd5f5190c7b67fb6ef97c1b3355230
2021-04-22[PLATFORM] Generate Cert-Service certs with Cert-ManagerPiotr Marcinkiewicz7-246/+139
Utilize Cert-Manager to secure communication between Cert-Service and its clients, adjust templates and configs. Issue-ID: OOM-2712 Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com> Change-Id: I96426b1a184b4d254575e76d29214d9deda08cce Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
2021-03-24[DOC][COMMON] Prepare Honolulu releaseSylvain Desbureaux2-3/+3
Updating the documentation and bumping version to 8.0.0 Issue-ID: OOM-1 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I6f942f1466fed64264c44fb8fc0e1ffc93a98f18
2021-01-27[PLATFORM] Update cert service images to 2.3.3Joanna Jeremicz1-2/+2
Enhance CertServiceAPI response (include CMP server error messages) Fix KeyUsage extension sent to CMPv2 server Issue-ID: OOM-2658 Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com> Change-Id: Ic2c68b85fce08d20e423b316a3234e6f00799a42
2021-01-06[PLATFORM] Update cert service images to 2.3.2Remigiusz Janeczek1-1/+1
Align Cert Service Api to RFC4210. Fix Cert Service Client CA_NAME validation. Fix Cert Service External Provider logging. Issue-ID: OOM-2656 Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com> Change-Id: I644946b139bd4879e44cdf705eadcc4c2c81a0e2
2020-12-04Merge "[CMPv2-CERT-PROVIDER] Add helm chart for K8s external provider"Sylvain Desbureaux6-6/+60
2020-12-03[CMPv2-CERT-PROVIDER] Add helm chart for K8s external providerJan Malkiewicz6-6/+60
Cert Service K8s external provider ia a part of certificate distribution infrastructure in ONAP. The main functionality of the provider is to forward Certificate Signing Requests (CSRs) created by cert-mananger (https://cert-manager.io) to CertServiceAPI. More information can found on a dedicated page: https://wiki.onap.org/display/DW/CertService+and+K8s+Cert-Manager+integration. Issue-ID: OOM-2560 Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com> Change-Id: Ibc94d5db5cac9649d47143406b47ce179beddd14
2020-12-02[PLATFORM] Update cert service images to 2.3.1Remigiusz Janeczek1-1/+1
Update cert service and cert service client to allow IPAddresses, E-mails and URIs as SANs. Update ejbca configuration with IPAddresses, E-mail and URIs. Fix dcae bp inputs to use comma as SANs delimiter (from to allow use of IPv6) Issue-ID: OOM-2559 Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com> Change-Id: I71bea7f63540eb5d345bce6867fa25e098353d6d
2020-11-30[COMMON][DOC] Bump version GuilinSylvain Desbureaux2-3/+3
Update charts and requirements to 7.0.0. Create release notes for Guilin Update documentation Issue-ID: OOM-2638 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I965ed6b6ebb7d74bfddaff73edd3dd55a657841c
2020-11-27[PLATFORM] Small fix of name of the userPawel1-2/+2
Issue-ID: OOM-2588 Signed-off-by: Pawel <pawel.kasperkiewicz@nokia.com> Change-Id: I978428b63d769c7fa226d8d95a5dbd892630b662
2020-11-25Fix "fake" deployment image nameBartek Grzybowski1-1/+1
Change-Id: Iaf5ca63623a72e46f54911c07626da2d145a5762 Issue-ID: OOM-2588 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
2020-11-23[PLATFORM] Add new fake deployment to fix offline certificates generationAdam Wudzinski3-3/+44
Add new fake deployment to CertService, controlled by new global flag global.offlineDeployment, which is disabled as default. Change Makefile to use java image from ONAP Nexus for certificate generation. Signed-off-by: Adam Wudzinski <adam.wudzinski@nokia.com> Issue-ID: OOM-2588 Change-Id: I2f9fe4b626604c5bfd8512449d893015bdc6ca98
2020-11-21[PLATFORM] Uses new tpls for repos / imagesSylvain Desbureaux3-18/+7
This commit makes platform chart to use the new generator for repositories and images. Issue-ID: OOM-2364 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I95c238eff8e7e166fb4d70d388e7952c2f1c1dd2
2020-11-20[GENERIC] move from registry.hub.docker.com to docker.ioSylvain Desbureaux1-2/+2
`registry.hub.docker.com` needs authentication now, in contrary to previous behavior. As OOM deployments is unauthenticated when using docker hib repository, all OOM deployments is broken. `docker.io` seems to be still OK with unauthenticated requests so let's move to this endpoint. Issue-ID: OOM-2636 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Iea81b882d347124af22b0a9c408081706b1c6c6d
2020-09-28[PLATFORM] Change yaml comment to helm commentJakub Latusek3-6/+6
Signed-off-by: Jakub Latusek <j.latusek@samsung.com> Issue-ID: OOM-2562 Change-Id: I3fbc4b8c29fb8c69be3ee91030a1cb23953c3db8
2020-09-25Merge "[DCAEGEN2][OOM] Update k8splugin configs"Sylvain Desbureaux1-1/+1
2020-09-24Merge "[OOM] Automate certificate generation for CMPv2 Cert Service"Sylvain Desbureaux6-33/+148
2020-09-24[DCAEGEN2][OOM] Update k8splugin configsJan Malkiewicz1-1/+1
Top up certservice-api image Update config for k8splugin 3.4.1: - update images of certservice-client - add certservice-client secret name to config - add certservice-post-processor image to config CertPostProcessor is an application which appends CMPv2 truststore entries to AAF CertMan truststore and allows swapping AAF CertMan keystore for CMPv2 keystore. Issue-ID: DCAEGEN2-2253 Signed-off-by: Jan Malkiewicz <jan.malkiewicz@nokia.com> Change-Id: Icc7020d8e1431f4ba2f49206b84bf3930d3c2c23
2020-09-24[OOM] Automate certificate generation for CMPv2 Cert ServicePawel Kasperkiewicz6-33/+148
Add Makefiles to automatically and dynamically generate certificates, for CertService TLS communication. Makefiles are executed automatically during making project. Makefile uses docker container to generate certificates, because openssl and keytool is needed, so this solution was choosed to not add additional requirements for RKE Node. Certificates generated in docker container are mounted to resources directory. Removed hardcoded certificates as they are no longer needed. Issue-ID: OOM-2526 Signed-off-by: Pawel <pawel.kasperkiewicz@nokia.com> Change-Id: Ide350ee50a1d458d798ca655f7e83bac4096121c
2020-09-21[SDNC] Deploy external TLC cert in ODLegernug1-0/+1
Changes for 111973 Issue-ID: SDNC-1136 Signed-off-by: esobmar <mariusz.sobucki@est.tech> Change-Id: If185ee3658b8f51a969bb3505f8bfb163cfea2a3 Signed-off-by: egernug <gerard.nugent@est.tech> Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> [Access EJBCA secret from cert service] Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2020-09-18[OOM] Moving cert-service to platformMaciej Malewski14-0/+474
aaf-cert-service has been renamed to oom-cert-service and moved from oom/kubernetes/aaf/components to oom/kubernetes/platform/components. All aaf-cert-service references have been replaced with oom-cert-service. Issue-ID: OOM-2526 Change-Id: I70ef4bf3ee7085a5ef7075bde68eb0ea0a95ebf7 Signed-off-by: Maciej Malewski <maciej.malewski@nokia.com>