Hide
SUMMARY
As mentioned from ONAP, users can now add their custom .pem certificate under cert-wrapper/resources and have them imported automatically by an init-container (i.e., certInitializer) during ONAP deployment. Unfortunately, the importing custom certificate automatically by certInitializer during ONAP deployment have not worked as expected.
OS / ENVIRONMENT
- Kubernetes version:
Client Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.11", GitCommit:"d94a81c724ea8e1ccc9002d89b7fe81d58f89ede", GitTreeState:"clean", BuildDate:"2020-03-12T21:08:59Z", GoVersion:"go1.12.17", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.9", GitCommit:"2e808b7cb054ee242b68e62455323aa783991f03", GitTreeState:"clean", BuildDate:"2020-01-18T23:24:23Z", GoVersion:"go1.12.12", Compiler:"gc", Platform:"linux/amd64"}
- Helm version:
Client: &version.Version{SemVer:"v2.16.6", GitCommit:"dd2e5695da88625b190e6b22e9542550ab503a47", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.16.6", GitCommit:"dd2e5695da88625b190e6b22e9542550ab503a47", GitTreeState:"clean"}
OOM VERSION
Guilin (optionally with Honolulu)
STEPS TO REPRODUCE
- Step-1: for example we have A1-Simulator certificate (public key) stored in the .pem format, namelly a1simcert.pem. Copying a1simcert.pem to helm charts under: "/opt/onap/resources/helm_charts/common/cert-wrapper/resources/"
- Step-2: enabling the import custom cert feature by setting Values.global.importCustomCertsEnabled to true, i.e., "importCustomCertsEnabled: true", from " /opt/onap/resources/helm_charts/common/certInitializer/values.yaml"
- Step-3: redeploying full ONAP (or just only SDNC), for example redeploying only SDNC by the following commands:**
- cd /opt/onap/resources/helm_charts/
- export SKIP_LINT=TRUE
- make common && make sdnc && make onap
- redeploy "onap-sdnc" using helm-healer
EXPECTED RESULTS
The expectation: the "import-custom-certs.sh" shell script is executed and the custom a1simcert.pem certificate within "cert-wrapper/resources/" is added/onboarded/imported to SDNC's "truststoreONAPall.jks". And the "truststoreONAPall.jks" should have 108 certs (by default, truststoreONAPall.jsk has 107 imported certs) after importing a1simcert.pem automatically during deployment.
ACTUAL RESULTS
The actual results: the "import-custom-certs.sh" shell script did not executed at all. And of course, cannot search the custom cert for A1-Simulator from truststoreONAPall.jks (it still had 107 certs on truststoreONAPall.jks).
Show
SUMMARY
As mentioned from ONAP, users can now add their custom .pem certificate under cert-wrapper/resources and have them imported automatically by an init-container (i.e., certInitializer) during ONAP deployment. Unfortunately, the importing custom certificate automatically by certInitializer during ONAP deployment have not worked as expected.
OS / ENVIRONMENT
Kubernetes version:
Client Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.11", GitCommit:"d94a81c724ea8e1ccc9002d89b7fe81d58f89ede", GitTreeState:"clean", BuildDate:"2020-03-12T21:08:59Z", GoVersion:"go1.12.17", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.9", GitCommit:"2e808b7cb054ee242b68e62455323aa783991f03", GitTreeState:"clean", BuildDate:"2020-01-18T23:24:23Z", GoVersion:"go1.12.12", Compiler:"gc", Platform:"linux/amd64"}
Helm version:
Client: &version.Version{SemVer:"v2.16.6", GitCommit:"dd2e5695da88625b190e6b22e9542550ab503a47", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.16.6", GitCommit:"dd2e5695da88625b190e6b22e9542550ab503a47", GitTreeState:"clean"}
OOM VERSION
Guilin (optionally with Honolulu)
STEPS TO REPRODUCE
Step-1: for example we have A1-Simulator certificate (public key) stored in the .pem format, namelly a1simcert.pem. Copying a1simcert.pem to helm charts under: "/opt/onap/resources/helm_charts/common/cert-wrapper/resources/"
Step-2: enabling the import custom cert feature by setting Values.global.importCustomCertsEnabled to true, i.e., "importCustomCertsEnabled: true" , from " /opt/onap/resources/helm_charts/common/certInitializer/values.yaml "
Step-3: redeploying full ONAP (or just only SDNC), for example redeploying only SDNC by the following commands:**
cd /opt/onap/resources/helm_charts/
export SKIP_LINT=TRUE
make common && make sdnc && make onap
redeploy "onap-sdnc" using helm-healer
EXPECTED RESULTS
The expectation: the "import-custom-certs.sh" shell script is executed and the custom a1simcert.pem certificate within "cert-wrapper/resources/" is added/onboarded/imported to SDNC's "truststoreONAPall.jks". And the "truststoreONAPall.jks" should have 108 certs (by default, truststoreONAPall.jsk has 107 imported certs) after importing a1simcert.pem automatically during deployment.
ACTUAL RESULTS
The actual results : the "import-custom-certs.sh" shell script did not executed at all. And of course, cannot search the custom cert for A1-Simulator from truststoreONAPall.jks (it still had 107 certs on truststoreONAPall.jks).