Get the certificates
cd oom/kubernetes/aaf/charts/aaf-sms mkdir -p resources/certs
copy the 2 cert files into that folder from here https://github.com/onap/aaf-sms/tree/master/sms-service/src/sms/certs
the command
wget -O aaf-sms.pr https://raw.githubusercontent.com/onap/aaf-sms/master/sms-service/src/sms/certs/aaf-sms.pr
wget -O aaf-sms.pub https://raw.githubusercontent.com/onap/aaf-sms/master/sms-service/src/sms/certs/aaf-sms.pub
might be useful
aaf-sms.pub aaf-sms.pr
Update the Configmap
Add the following to the end of templates/configmap.yaml
--- apiVersion: v1 kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-certs namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }}-preload chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/certs/*").AsConfig . | indent 2 }}
Update the Deployment
Add the following lines in templates/deployment.yaml under volumeMounts:
- mountPath: /sms/certs/aaf-sms.pub name: {{ include "common.name" .}}-certs subPath: aaf-sms.pub - mountPath: /sms/certs/aaf-sms.pr name: {{ include "common.name" .}}-certs subPath: aaf-sms.pr
Add the following lines in templates/deployment.yaml under volumes:
- name : {{ include "common.name" . }}-certs configMap: name: {{ include "common.fullname" . }}-certs
This chart is now ready to use the new certificates.
After this you need to "make" the charts to push them to the repository and then upgrade your helm
4 Comments
Brian Freeman
We had to use Secret not ConfigMap for a similar change for APPC last night. Could check with Taka and determine if the binary P12 file should really be handled as a Secret.
Takamune Cho
the wiki page for override p12 file in APPC helm chart: Modify APPC Helm Chart to override the pk12 certificate FYI
Joey Sullivan
The pub cert is only valid for these DNS
What are the steps to create a pub/private key with additional DNS values?
sailakshmi ch
what are the steps to generate .pr and .pub file using root CA cert in case of expiry?