Hi James / Harysh,
I was able to make add our signed certificate to aai by modifying
“oom/kubernets/aai/templates/deployment.yaml”:
containers:
volumeMounts:
- mountPath: /etc/ssl/private/aai.pem
subPath: aai.pem
name: aai-haproxy-sec
volumes:
- name: aai-haproxy-sec
secret:
secretName: aai-haproxy-secret
And, by putting the signed certificate in
“oom/kubernetes/aai/resources/config/haproxy/aai.pem”
Thanks,
Abdelmuhaimen Seaudi
Orange Labs Egypt
Email: abdelmuhaimen.sea...@orange.com<mailto:abdelmuhaimen.sea...@orange.com>
Mobile: +2012 84644 733
From: FORSYTH, JAMES [mailto:jf2...@att.com]
Sent: Friday, June 29, 2018 3:35 PM
To: onap-discuss@lists.onap.org
Cc: SEAUDI Abdelmuhaimen OBS/CSO
Subject: FW: [onap-discuss] How to add a signed cerificate to AAI OOM BEIJING
Hi, Seaudi,
See below.
Thanks,
jimmy
From: HARISH V KAJUR <vk2...@att.com>
Date: Thursday, June 28, 2018 at 3:52 PM
To: "FORSYTH, JAMES" <jf2...@att.com>
Subject: RE: [onap-discuss] How to add a signed cerificate to AAI OOM BEIJING
Hi Jimmy,
Yes we weren’t able to keep the certificate in oom due to limitations of the
secret.
I believe the file is stored as a secret in the config map but we didn’t add
the file here:
oom/kubernetes/aai/resources/config/haproxy/aai.pem
[cid:image002.jpg@01D40EF7.F2ED83B0]
They would need to update this file:
https://git.onap.org/oom/tree/kubernetes/aai/templates/deployment.yaml
under volumes add this with same spacing:
- name: aai-haproxy-sec
configMap:
name: aai-haproxy-secret
And under volumeMounts:
- mountPath: /etc/ssl/private/aai.pem
subPath: aai.pem
name: aai-haproxy-sec
Thanks,
Harish
From: FORSYTH, JAMES
Sent: Thursday, June 28, 2018 2:16 PM
To: KAJUR, HARISH V <vk2...@att.com>
Subject: Re: [onap-discuss] How to add a signed cerificate to AAI OOM BEIJING
Harish,
We couldn’t keep the cert file in OOM because of the limitations on the
secrets, right, so it’s baked into the haproxy docker image?
Thanks,
jimmy
From: <onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>> on
behalf of Abdelmuhaimen Seaudi
<abdelmuhaimen.sea...@orange.com<mailto:abdelmuhaimen.sea...@orange.com>>
Date: Thursday, June 28, 2018 at 2:05 PM
To: "onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>"
<onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>>
Cc: SEAUDI Abdelmuhaimen OBS/CSO
<abdelmuhaimen.sea...@orange.com<mailto:abdelmuhaimen.sea...@orange.com>>
Subject: [onap-discuss] How to add a signed cerificate to AAI OOM BEIJING
Hi
When I try to add a signed certificate to AAI pod in OOM Beijing, I find that I
am still getting the original AAI certificate when I try to access AAI.
This means I need to restart the haproxy docker container ?
I tried deleting the haproxy pod, but this builds a new container and my signed
certificate disappears.
I tried looking up the node hosting the haproxy container and restarting the
k8s_haproxy_xxx container and it worked and the new certificate is working.
Is there a better way to add a signed certificate to AAI OOM Beijing ?
Thanks
A. Seaudi
Sent from Samsung tablet.
_________________________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations
confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce
message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages
electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou
falsifie. Merci.
This message and its attachments may contain confidential or privileged
information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete
this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been
modified, changed or falsified.
Thank you.
_________________________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations
confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce
message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages
electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou
falsifie. Merci.
This message and its attachments may contain confidential or privileged
information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete
this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been
modified, changed or falsified.
Thank you.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#11023): https://lists.onap.org/g/onap-discuss/message/11023
Mute This Topic: https://lists.onap.org/mt/23245114/21656
Group Owner: onap-discuss+ow...@lists.onap.org
Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
