Hi James / Harysh, I was able to make add our signed certificate to aai by modifying “oom/kubernets/aai/templates/deployment.yaml”:
containers: volumeMounts: - mountPath: /etc/ssl/private/aai.pem subPath: aai.pem name: aai-haproxy-sec volumes: - name: aai-haproxy-sec secret: secretName: aai-haproxy-secret And, by putting the signed certificate in “oom/kubernetes/aai/resources/config/haproxy/aai.pem” Thanks, Abdelmuhaimen Seaudi Orange Labs Egypt Email: abdelmuhaimen.sea...@orange.com<mailto:abdelmuhaimen.sea...@orange.com> Mobile: +2012 84644 733 From: FORSYTH, JAMES [mailto:jf2...@att.com] Sent: Friday, June 29, 2018 3:35 PM To: onap-discuss@lists.onap.org Cc: SEAUDI Abdelmuhaimen OBS/CSO Subject: FW: [onap-discuss] How to add a signed cerificate to AAI OOM BEIJING Hi, Seaudi, See below. Thanks, jimmy From: HARISH V KAJUR <vk2...@att.com> Date: Thursday, June 28, 2018 at 3:52 PM To: "FORSYTH, JAMES" <jf2...@att.com> Subject: RE: [onap-discuss] How to add a signed cerificate to AAI OOM BEIJING Hi Jimmy, Yes we weren’t able to keep the certificate in oom due to limitations of the secret. I believe the file is stored as a secret in the config map but we didn’t add the file here: oom/kubernetes/aai/resources/config/haproxy/aai.pem [cid:image002.jpg@01D40EF7.F2ED83B0] They would need to update this file: https://git.onap.org/oom/tree/kubernetes/aai/templates/deployment.yaml under volumes add this with same spacing: - name: aai-haproxy-sec configMap: name: aai-haproxy-secret And under volumeMounts: - mountPath: /etc/ssl/private/aai.pem subPath: aai.pem name: aai-haproxy-sec Thanks, Harish From: FORSYTH, JAMES Sent: Thursday, June 28, 2018 2:16 PM To: KAJUR, HARISH V <vk2...@att.com> Subject: Re: [onap-discuss] How to add a signed cerificate to AAI OOM BEIJING Harish, We couldn’t keep the cert file in OOM because of the limitations on the secrets, right, so it’s baked into the haproxy docker image? Thanks, jimmy From: <onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>> on behalf of Abdelmuhaimen Seaudi <abdelmuhaimen.sea...@orange.com<mailto:abdelmuhaimen.sea...@orange.com>> Date: Thursday, June 28, 2018 at 2:05 PM To: "onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>" <onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>> Cc: SEAUDI Abdelmuhaimen OBS/CSO <abdelmuhaimen.sea...@orange.com<mailto:abdelmuhaimen.sea...@orange.com>> Subject: [onap-discuss] How to add a signed cerificate to AAI OOM BEIJING Hi When I try to add a signed certificate to AAI pod in OOM Beijing, I find that I am still getting the original AAI certificate when I try to access AAI. This means I need to restart the haproxy docker container ? I tried deleting the haproxy pod, but this builds a new container and my signed certificate disappears. I tried looking up the node hosting the haproxy container and restarting the k8s_haproxy_xxx container and it worked and the new certificate is working. Is there a better way to add a signed certificate to AAI OOM Beijing ? Thanks A. Seaudi Sent from Samsung tablet. _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you. _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#11023): https://lists.onap.org/g/onap-discuss/message/11023 Mute This Topic: https://lists.onap.org/mt/23245114/21656 Group Owner: onap-discuss+ow...@lists.onap.org Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-