From ed6e62100249bf099ec8b90a8ad147532b40372b Mon Sep 17 00:00:00 2001
From: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
Date: Tue, 8 Sep 2020 13:00:50 +0200
Subject: [CONTRIB] Adjust EJBCA to issue certificates usable by servers.

Add configuration to EJBCA that allows to create keystores with
extendedKeyUsage containing serverAuth.

Issue-ID: AAF-1121
Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
Change-Id: I6fc1d228acb4edc089be11d66186cfb5006e9ad1
---
 kubernetes/contrib/components/ejbca/templates/configmap.yaml  | 8 ++++++++
 kubernetes/contrib/components/ejbca/templates/deployment.yaml | 6 ++++++
 2 files changed, 14 insertions(+)

(limited to 'kubernetes/contrib/components/ejbca/templates')

diff --git a/kubernetes/contrib/components/ejbca/templates/configmap.yaml b/kubernetes/contrib/components/ejbca/templates/configmap.yaml
index d336bc9a94..d61af076a0 100644
--- a/kubernetes/contrib/components/ejbca/templates/configmap.yaml
+++ b/kubernetes/contrib/components/ejbca/templates/configmap.yaml
@@ -18,3 +18,11 @@ metadata:
   name: "{{ include "common.fullname" . }}-config-script"
 data:
 {{ tpl (.Files.Glob "resources/ejbca-config.sh").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: "{{ include "common.fullname" . }}-profiles"
+data:
+{{ tpl (.Files.Glob "resources/certprofile_CUSTOM_ENDUSER-1834889499.xml").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/entityprofile_Custom_EndEntity-1356531849.xml").AsConfig . | indent 2 }}
diff --git a/kubernetes/contrib/components/ejbca/templates/deployment.yaml b/kubernetes/contrib/components/ejbca/templates/deployment.yaml
index 1b1843476d..495b816bc5 100644
--- a/kubernetes/contrib/components/ejbca/templates/deployment.yaml
+++ b/kubernetes/contrib/components/ejbca/templates/deployment.yaml
@@ -51,6 +51,8 @@ spec:
         volumeMounts:
           - name: "{{ include "common.fullname" . }}-volume"
             mountPath: /opt/primekey/scripts/
+          - name: "{{ include "common.fullname" . }}-profiles-volume"
+            mountPath: /opt/primekey/custom_profiles/
         ports: {{ include "common.containerPorts" . | nindent 10 }}
         env:
         - name: INITIAL_ADMIN
@@ -90,3 +92,7 @@ spec:
           name: "{{ include "common.fullname" . }}-config-script"
           defaultMode: 0755
         name: "{{ include "common.fullname" . }}-volume"
+      - configMap:
+          name: "{{ include "common.fullname" . }}-profiles"
+          defaultMode: 0755
+        name: "{{ include "common.fullname" . }}-profiles-volume"
-- 
cgit 1.2.3-korg