Hello, I would like to advocate this topic, pods being able to trust infrastructure nexus is fundamental part of offline deployments.
Any idea which will help us to integrate this solution more closer to relevant pods that is better than patching OOM files from this file https://gerrit.onap.org/r/gitweb?p=oom/offline-installer.git;a=blob;f=patches/casablanca_3.0.0.patch;h=e0ea0ec5340a2eef3e4fbfc59b76c8816018945e;hb=refs/heads/master would be very appreciated ... thanks, Michal -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Michal Zegan Sent: Monday, February 11, 2019 11:53 AM To: [email protected] Subject: [onap-discuss] [oom] adding ca certificates to policy pods Hello. This is in relation to this epic: https://jira.onap.org/browse/OOM-1610 As described in epic description, there is a way needed to inject ca certificates to some pods in order to allow the pods to connect to intranet nexus when looking for artifacts, for example. Main use we have in mind is offline onap installation. The problem is how to do it correctly (for dublin). I don't remember details right now, but for beijing certificates were needed to be injected to java truststores (this is probably the easier case), and for some even to system cacerts (and this is the more tricky case). There is no clean way to achieve this right now, it requires some hacky init containers and such like. Making it possible would definitely require modification of helm charts, and possibly even components that make use the certificates. Any thoughts? -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#15571): https://lists.onap.org/g/onap-discuss/message/15571 Mute This Topic: https://lists.onap.org/mt/29733494/21656 Group Owner: [email protected] Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
