From 6f902b73494027acd5282a4b27ed6c7919f1f8ff Mon Sep 17 00:00:00 2001 From: Dan Timoney Date: Wed, 15 Jul 2020 17:31:43 -0400 Subject: [CCSDK] Add hardcoded dgbuilder certificates Add hard coded certificate for CCSDK dgbuilder (design time tool) Issue-ID: CCSDK-2541 Signed-off-by: Dan Timoney Change-Id: I9fe61a1bdf17cbdf22a3d518ded27582e86c2c07 --- docs/oom_hardcoded_certificates.rst | 2 ++ .../common/dgbuilder/resources/certs/node-cert.cer | Bin 0 -> 818 bytes .../common/dgbuilder/resources/certs/node-cert.pem | 19 +++++++++++++++ .../common/dgbuilder/resources/certs/node-csr.pem | 16 ++++++++++++ .../common/dgbuilder/resources/certs/node-key.pem | 27 +++++++++++++++++++++ .../common/dgbuilder/templates/deployment.yaml | 5 ++++ kubernetes/common/dgbuilder/values.yaml | 9 +++++++ 7 files changed, 78 insertions(+) create mode 100644 kubernetes/common/dgbuilder/resources/certs/node-cert.cer create mode 100644 kubernetes/common/dgbuilder/resources/certs/node-cert.pem create mode 100644 kubernetes/common/dgbuilder/resources/certs/node-csr.pem create mode 100644 kubernetes/common/dgbuilder/resources/certs/node-key.pem diff --git a/docs/oom_hardcoded_certificates.rst b/docs/oom_hardcoded_certificates.rst index 8943910eb0..922cd5f01d 100644 --- a/docs/oom_hardcoded_certificates.rst +++ b/docs/oom_hardcoded_certificates.rst @@ -80,3 +80,5 @@ Here's the list of these certificates: +------------------+------------------+------------------+---------------------------------------------------------------------------------------------------+ | CDS BP Executor | Yes | No | No | kubernetes/cds/charts/cds-blueprints-processor/resources/config/ONAP_RootCA.cer | +------------------+------------------+------------------+---------------------------------------------------------------------------------------------------+ + | CCSDK dgbuilder | No | Yes | No | kubernetes/common/dgbuilder/resources/certs | + +------------------+------------------+------------------+---------------------------------------------------------------------------------------------------+ diff --git a/kubernetes/common/dgbuilder/resources/certs/node-cert.cer b/kubernetes/common/dgbuilder/resources/certs/node-cert.cer new file mode 100644 index 0000000000..d944fc702d Binary files /dev/null and b/kubernetes/common/dgbuilder/resources/certs/node-cert.cer differ diff --git a/kubernetes/common/dgbuilder/resources/certs/node-cert.pem b/kubernetes/common/dgbuilder/resources/certs/node-cert.pem new file mode 100644 index 0000000000..13a4046d83 --- /dev/null +++ b/kubernetes/common/dgbuilder/resources/certs/node-cert.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDATCCAekCFC8zGpHciUlQB1u+pmfkprCO65ASMA0GCSqGSIb3DQEBCwUAMD0x +CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOSjENMAsGA1UECgwET05BUDESMBAGA1UE +AwwJZGdidWlsZGVyMB4XDTIwMDcxNTE5NTAwMVoXDTIxMDcxNTE5NTAwMVowPTEL +MAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5KMQ0wCwYDVQQKDARPTkFQMRIwEAYDVQQD +DAlkZ2J1aWxkZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8p5VL +FX+kneXJEwcO1fTy2AThZyhzjxGCllEKx5WVRc7vLBVdmFQr8jTbnGGIgPcXOFHz +GyO8dYRra0tz+sIeBdkNDNRcmDyRVD0ThjDLTCbZ3KZJp8LKDE0iOO4NZVAm6lb8 +ZNLz8hX6rtw9YBOKQXW/WZ0kWIzC0/qnVQUPbtS6kvDcaWIacpGwUkLq0NcNCo9q +b14ADChMpVtfBj7RRpqEVS9QVQ8VTK9kKT26GPSj4se2jN4Zu7m5ReVO1GcdxmyK +AAaB0w/bmIfploRehuNFhPVkFJJD5BGjF/YiGhrvJCgqrmrueIwgu3sLXyMXakeJ +7sPzkg/iLzt5ee93AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAKhP8mTxEF2+cX6p +V9lIX0M8sIN5ENEfF64QcNHWdoZK+8hr7xfV6l36F8SNNQJG5/o+R6doYQ4DkoH8 +UtIWz0JMA7C9Mo+/8fEpHUeg+co5KDsEYNkhoGi5RELRFon0Q/kCaVIhcpuOJkna +0ZoIxExSzKOWfJeybtZMMHJVJbmCyPkcnx5m5yZ/Q5VcWA2b11lvldfjkaTR27C1 +2N2m9qgi93frv+wilbwAMLv+tCarjaxS5IZO0YhrCmjIwCRQtg7tLW7j8DSfohPo +xG3TmoNdt0m3xUsiC+M7Th+V/xtwimaaHuqu1iwN/c67wV3XlBn76zqBx88YoRvM +b8lj6Qc= +-----END CERTIFICATE----- diff --git a/kubernetes/common/dgbuilder/resources/certs/node-csr.pem b/kubernetes/common/dgbuilder/resources/certs/node-csr.pem new file mode 100644 index 0000000000..28a6a370d5 --- /dev/null +++ b/kubernetes/common/dgbuilder/resources/certs/node-csr.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICgjCCAWoCAQAwPTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5KMQ0wCwYDVQQK +DARPTkFQMRIwEAYDVQQDDAlkZ2J1aWxkZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQC8p5VLFX+kneXJEwcO1fTy2AThZyhzjxGCllEKx5WVRc7vLBVd +mFQr8jTbnGGIgPcXOFHzGyO8dYRra0tz+sIeBdkNDNRcmDyRVD0ThjDLTCbZ3KZJ +p8LKDE0iOO4NZVAm6lb8ZNLz8hX6rtw9YBOKQXW/WZ0kWIzC0/qnVQUPbtS6kvDc +aWIacpGwUkLq0NcNCo9qb14ADChMpVtfBj7RRpqEVS9QVQ8VTK9kKT26GPSj4se2 +jN4Zu7m5ReVO1GcdxmyKAAaB0w/bmIfploRehuNFhPVkFJJD5BGjF/YiGhrvJCgq +rmrueIwgu3sLXyMXakeJ7sPzkg/iLzt5ee93AgMBAAGgADANBgkqhkiG9w0BAQsF +AAOCAQEAE5Qgik0whJkv4WJVCbCPpbHvpXXXNqMeuxybCixKVTZGY9xxxYOPe/OL +5UqMTqes8Tb56e0feOweCecFLX+AatiDjPg9ZlPW/1LQEWEmvG2uh/0AeNt2nTA5 +WnmqgEwdJszopumVfCDg8vqcaGuDxRXE38mD1jnJYPjjQIumGhpHtqjIfp5CSXJb +2HXpMQUOqs9dJJATyKvjIpnAJPInlxp3c24pehuMT/IXtbAAGUlGl4wCEQOREzHi +3fLqJ9eZ3/96jlWAY8KHeAne+IOV8QRf6XsdpJ/TIFGBxlGokqSY1lE3kbAhlfgP ++vnPsK4kQP0JuQ7Mr5cLnSknOMxICw== +-----END CERTIFICATE REQUEST----- diff --git a/kubernetes/common/dgbuilder/resources/certs/node-key.pem b/kubernetes/common/dgbuilder/resources/certs/node-key.pem new file mode 100644 index 0000000000..c6f44914b1 --- /dev/null +++ b/kubernetes/common/dgbuilder/resources/certs/node-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAvKeVSxV/pJ3lyRMHDtX08tgE4Wcoc48RgpZRCseVlUXO7ywV +XZhUK/I025xhiID3FzhR8xsjvHWEa2tLc/rCHgXZDQzUXJg8kVQ9E4Ywy0wm2dym +SafCygxNIjjuDWVQJupW/GTS8/IV+q7cPWATikF1v1mdJFiMwtP6p1UFD27UupLw +3GliGnKRsFJC6tDXDQqPam9eAAwoTKVbXwY+0UaahFUvUFUPFUyvZCk9uhj0o+LH +tozeGbu5uUXlTtRnHcZsigAGgdMP25iH6ZaEXobjRYT1ZBSSQ+QRoxf2Ihoa7yQo +Kq5q7niMILt7C18jF2pHie7D85IP4i87eXnvdwIDAQABAoIBAAnKRJQd7H7VdtxF +cYNSlSCZFz+/Q7kjfowhUtlVXCzf74o35m/x/MQ/EIEpD2KvFqOM16vfB667BoEw +kzzUkYhPU2E6/jZD7Di6f2To/NVAAXAi5DpES3aCxun0vF3TmSI73QHCFbR1JrDY +rDM/LiRpmzuv4djGA6AEsihG4DlZtzRjgf6E7bISEv0GKJKnSotFsygvCxFj4n87 +gILsRpbcJgfCyCt5AYHN2Slw0N588WLMm2ShzFT1BoXDX2F2rZFPsHYM/DaFkHHe +5Q8GlMou0OLnpH+9eJIR9TWXqjCokuEVu5nMLwccsEcujkc5OSt3R0U9HZqpvAPY +K1l/rkkCgYEA6ZaIgI1w9lGt26rmYD87dlfrPAk/y3qeWbnADE9TcGf1A+qLntuK +MWGTCzQ25nmQykAjBLt+688EaVBmeL3M33EIsUco1G3wM0y3UYoJ3YOgiYwMz+bm +4xrWm388H+fwwR8XsmdgVlQ4/ssbPlIZVwiKP16Fe5TEKnj/VkJnxZUCgYEAzsFh +f+NDEx0qZiZ0a+e8bdZzEjPuq0DI0bn2Q6nL1VOCcrPrvjPRyuX655v2ruvKMEe/ +mLwwH2XwCHcurLXog/y8ZMsMnm5hPufmoyWxP3L6l+uPho+fUk8s+rpWPtS2cgAt +OhuKPGYub5yesnc4q5BibD4MtcHWM0YYsm54BdsCgYB/hxPXO2Fk2YsV1uQXv+3y +2mUvTc1qhfNWATd8gQKI5/i4vqCjhjCYbTEeeM9QXSZThViZCNRuYYODC8YmPVlQ +1CFux+7eq3bsSwH6nmZsbaSD89Y621FKxChOlNR6huLGTPdfC1lpSGolkTW6fJAh +GCSCHFS796hxl8WvjmmhUQKBgGcMSyQKiSvFpZQ0JmKBpZC5CbFQ4OvJ5k1hejRP +NKCmdqXktuKdwTp3VY6KVXDpZGSb3gqqAPIlRHVzsXezUqg2F0/FRAzSxvUrb/Bw +oN8W139QkMBoZOgJPknZBZNbQXOgUupbP5LK+un2DcK1WTFpTSTV6E/OxIvZrAWC +uZ9xAoGBAJufbS/h8Yo1sQMuIZEZhC6jFiPqA5fnIyQgaZu+zgpy3zjYXHpJ0THE +wYZMEMKKxRFgZ7XXTWDkgdEfoJXMtnq/bN4BFxJ5Ns0FkitXmIc96+UYaKjC2KJK +9TXMGe4bMJtFDhHZ0lzBqs0U88Yy/7AIupusuBnyupU5vLDUujh3 +-----END RSA PRIVATE KEY----- diff --git a/kubernetes/common/dgbuilder/templates/deployment.yaml b/kubernetes/common/dgbuilder/templates/deployment.yaml index e1fac77a97..ac15055a81 100644 --- a/kubernetes/common/dgbuilder/templates/deployment.yaml +++ b/kubernetes/common/dgbuilder/templates/deployment.yaml @@ -113,6 +113,8 @@ spec: - name: config mountPath: /opt/onap/ccsdk/dgbuilder/releases/sdnc1.0/customSettings.js subPath: customSettings.js + - name: certificates + mountPath: /opt/onap/ccsdk/dgbuilder/certs resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -133,5 +135,8 @@ spec: - name: config emptyDir: medium: Memory + - name: certificates + secret: + secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "{{.Release.Name}}-dgbuilder-onap-certs") }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml index a1f637b199..6f8beef576 100644 --- a/kubernetes/common/dgbuilder/values.yaml +++ b/kubernetes/common/dgbuilder/values.yaml @@ -78,6 +78,15 @@ secrets: externalSecret: '{{ tpl (default "" .Values.config.restconfCredsExternalSecret) . }}' login: '{{ .Values.config.restconfUser }}' password: '{{ .Values.config.restconfPassword }}' + - uid: "{{.Release.Name}}-dgbuilder-onap-certs" + name: '{{.Release.Name}}-dgbuilder-certs' + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: + - resources/certs/node-cert.cer + - resources/certs/node-cert.pem + - resources/certs/node-csr.pem + - resources/certs/node-key.pem ################################################################# # Application configuration defaults. -- cgit 1.2.3-korg