...
Code Block |
---|
@Test public void testServerWithRealUrl() throws CmpClientException { setValidCsrMetaValuesAndDateValues(); csrMeta.externalCaUrl("http://127.0.0.1/ejbca/publicweb/cmp/cmpRA"); csrMeta.password("mypassword"); CmpClientImpl cmpClient = new CmpClientImpl(); try { cmpClient.createCertRequest("data", "RA", csrMeta, cert, notBefore, notAfter); } catch (CAOfflineException e) { e.printStackTrace(); } } private void setValidCsrMetaValuesAndDateValues() { ArrayList<RDN> rdns = new ArrayList<>(); try { rdns.add(new RDN("O=CommonCompany")); } catch (CertException e) { e.printStackTrace(); } csrMeta = new CSRMeta(rdns); csrMeta.cn("Node123"); csrMeta.san("CommonName.com"); csrMeta.password("password"); csrMeta.email("CommonName@cn.com"); csrMeta.issuerCn("ManagementCA"); when(kpg.generateKeyPair()).thenReturn(keyPair); csrMeta.keypair(trans); csrMeta.externalCaUrl("http://127.0.0.1/ejbca/publicweb/cmp/cmpRA"); try { notBefore = Optional.ofNullable(new SimpleDateFormat("yyyy/MM/dd HH:mm:ss").parse("2019/11/11 12:00:00")); notAfter = Optional.ofNullable(new SimpleDateFormat("yyyy/MM/dd HH:mm:ss").parse("2020/11/11 12:00:00")); } catch (ParseException e) { e.printStackTrace(); } } |
Usage
Docker
Run CertService as docker via following command: TBA
Code Block |
---|
Kubernetes
For Kubernetes helm chart is provided. Just fill in all values and deploy helm chart using following command: TBA
Code Block |
---|
CertService's client
CertService's client properties
...
File interface (names, passwords) should be defined
Usage
Docker
Run CertService's client as docker via following command: TBA
Code Block |
---|
Kuberenetes
Cause ONAP is deployed in K8s, CertService's client will be delivered as independent container and should run as init container for end component. Both init container and end component must mount the same volume (persistent or ephemeral) to transfer generated artifacts.
Example
Volume to transfer generated artifacts should be mounted to application container (lines 46-49). Within K8s workload, CertService's client as init container should be added (lines 10-13). All needed ENV variables should be passed to CertService's client (lines 14-36). CertService's client should mount the same volume as application container (lines 37-39). Volume to transfer generated artifacts can be an emptyDir type (lines 51-53).
Code Block | ||
---|---|---|
| ||
... # WARNING - work in progress so still can change kind: Deployment metadata: ... spec: ... template: ... spec: initContainers: - name: cert-service-client image: {{ .Values.global.csClientRepository }}/{{ .Values.global.csClientImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: REQUEST_URL value: {{ .Values.certService.url }} - name: REQUEST_TIMEOUT value: {{ .Values.certService.timeout }} - name: OUTPUT_PATH value: {{ .Values.certService.outputPath }} - name: CA_NAME value: {{ .Values.global.certService.caName }} - name: COMMON_NAME value: {{ .Values.certService.commonName }} - name: ORGANIZATION value: {{ .Values.global.certService.organization }} - name: ORGANIZATION_UNIT value: {{ .Values.global.certService.organizationUnit }} - name: LOCATION value: {{ .Values.global.certService.location }} - name: STATE value: {{ .Values.global.certService.state }} - name: COUNTRY value: {{ .Values.global.certService.country }} - name: SANS value: {{ .Values.certService.sans }} volumeMounts: - mountPath: {{ .Values.certService.outputPath }} name: {{ include "common.fullname" . }}-cmpv2-certs containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} resources: {{ include "common.resources" . | indent 12 }} volumeMounts: - mountPath: /certificates/external name: {{ include "common.fullname" . }}-cmpv2-certs readOnly: true ... volumes: - name: {{ include "common.fullname" . }}-cmpv2-certs emptyDir: {} |
...