From 8c1d77239dd43b1b7f4da74729e53ead88a9bdcf Mon Sep 17 00:00:00 2001 From: Remigiusz Janeczek Date: Tue, 1 Dec 2020 14:30:05 +0100 Subject: [PLATFORM] Update cert service images to 2.3.1 Update cert service and cert service client to allow IPAddresses, E-mails and URIs as SANs. Update ejbca configuration with IPAddresses, E-mail and URIs. Fix dcae bp inputs to use comma as SANs delimiter (from to allow use of IPv6) Issue-ID: OOM-2559 Signed-off-by: Remigiusz Janeczek Change-Id: I71bea7f63540eb5d345bce6867fa25e098353d6d --- kubernetes/common/cmpv2Config/values.yaml | 4 +- .../entityprofile_Custom_EndEntity-1356531849.xml | 179 ++++++++++++++++++++- .../resources/inputs/k8s-hv_ves-inputs.yaml | 2 +- .../resources/inputs/k8s-ves-inputs-tls.yaml | 2 +- kubernetes/onap/values.yaml | 2 +- .../components/oom-cert-service/values.yaml | 2 +- kubernetes/sdnc/values.yaml | 2 +- 7 files changed, 182 insertions(+), 11 deletions(-) diff --git a/kubernetes/common/cmpv2Config/values.yaml b/kubernetes/common/cmpv2Config/values.yaml index f6feee6e06..c22f9731b5 100644 --- a/kubernetes/common/cmpv2Config/values.yaml +++ b/kubernetes/common/cmpv2Config/values.yaml @@ -14,7 +14,7 @@ global: platform: certServiceClient: - image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0 + image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.1 secretName: oom-cert-service-client-tls-secret envVariables: # Certificate related @@ -29,5 +29,5 @@ global: keystorePassword: "secret" truststorePassword: "secret" certPostProcessor: - image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.1.0 + image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.1 diff --git a/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml b/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml index 19d872fe12..ec51a80d5e 100644 --- a/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml +++ b/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml @@ -60,19 +60,19 @@ 1 - 0 + 3 3 - 0 + 3 0 - 0 + 3 0 @@ -354,6 +354,33 @@ 1802 + + 1700 + + + 1701 + + + 1702 + + + 1900 + + + 1901 + + + 1902 + + + 2100 + + + 2101 + + + 2102 + @@ -570,7 +597,7 @@ 37 - -1501801709 + -29939301 20037 @@ -932,5 +959,149 @@ 30218 true + + 17 + + + + 20017 + false + + + 10017 + false + + + 30017 + true + + + 117 + + + + 20117 + false + + + 10117 + false + + + 30117 + true + + + 217 + + + + 20217 + false + + + 10217 + false + + + 30217 + true + + + 19 + + + + 20019 + false + + + 10019 + true + + + 30019 + true + + + 119 + + + + 20119 + false + + + 10119 + true + + + 30119 + true + + + 219 + + + + 20219 + false + + + 10219 + true + + + 30219 + true + + + 21 + + + + 20021 + false + + + 10021 + true + + + 30021 + true + + + 121 + + + + 20121 + false + + + 10121 + true + + + 30121 + true + + + 221 + + + + 20221 + false + + + 10221 + true + + + 30221 + true + diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml index 08a3c357ba..0108d9a8ce 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml @@ -25,6 +25,6 @@ use_tls: true security_ssl_disable: false external_cert_ca_name: "RA" external_cert_common_name: "dcae-hv-ves-collector" -external_cert_sans: "dcae-hv-ves-collector:hv-ves-collector:hv-ves" +external_cert_sans: "dcae-hv-ves-collector,hv-ves-collector,hv-ves" external_cert_cert_type: "JKS" external_cert_use_external_tls: false diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml index e09e37dd31..c284612c79 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml @@ -40,6 +40,6 @@ ves_3gpp_performance_assurance_publish_url: "http://{{ .Values.config.address.me user_list: "sample1,$2a$10$0buh.2WeYwN868YMwnNNEuNEAMNYVU9.FSMJGyIKV3dGET/7oGOi6|demouser,$2a$10$1cc.COcqV/d3iT2N7BjPG.S6ZKv2jpb9a5MV.o7lMih/GpjJRX.Ce" external_cert_ca_name: "RA" external_cert_common_name: "dcae-ves-collector" -external_cert_sans: "dcae-ves-collector:ves-collector:ves" +external_cert_sans: "dcae-ves-collector,ves-collector,ves" external_cert_cert_type: "JKS" external_cert_use_external_tls: false diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 3c8b1e9d90..5b29afc194 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -164,7 +164,7 @@ global: cmpv2Enabled: true platform: certServiceClient: - image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0 + image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.1 secret: name: oom-cert-service-client-tls-secret mountPath: /etc/onap/oom/certservice/certs/ diff --git a/kubernetes/platform/components/oom-cert-service/values.yaml b/kubernetes/platform/components/oom-cert-service/values.yaml index ee51ec7a7d..759ebc300b 100644 --- a/kubernetes/platform/components/oom-cert-service/values.yaml +++ b/kubernetes/platform/components/oom-cert-service/values.yaml @@ -38,7 +38,7 @@ certificateGenerationImage: onap/integration-java11:7.1.0 # Deployment configuration repository: "nexus3.onap.org:10001" -image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.1.0 +image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.3.1 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index edac61b24e..7282f305c5 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -33,7 +33,7 @@ global: cmpv2Enabled: true platform: certServiceClient: - image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0 + image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.1 secret: name: oom-cert-service-client-tls-secret mountPath: /etc/onap/oom/certservice/certs/ -- cgit 1.2.3-korg