Since the specification defined the API should support
mTLS (Mutual TLS). This commit will enable the mTLS support in the O2
IMS API.
Test Plan:
1. Request the O2 API with client key and client cert, the
API works as expected.
2. The O2 API which is configured with the client CA cert can serve
the client requests as expected.
Issue-ID: INF-448
Change-Id: If53fb4fea1dac33968f167b0f40e83d34615faec
Signed-off-by: Zhang Rong(Jon) <rong.zhang@windriver.com>
#!/bin/bash
# The gunicorn start with [::] to listen on both IPv4 and IPv6
#!/bin/bash
# The gunicorn start with [::] to listen on both IPv4 and IPv6
-gunicorn -b [::]:80 o2app.entrypoints.flask_application:app --certfile /configs/server.crt --keyfile /configs/server.key
+gunicorn -b [::]:80 o2app.entrypoints.flask_application:app \
+--certfile /configs/server.crt \
+--keyfile /configs/server.key \
+--ca-certs /configs/smoca.crt \
+--cert-reqs 2
mountPath: /configs/server.key
subPath: config.json
readOnly: true
mountPath: /configs/server.key
subPath: config.json
readOnly: true
+ - name: smocacrt
+ mountPath: /configs/smoca.crt
+ subPath: config.json
{{- if .Values.o2dms.helm_cli_enable }}
- name: helmcli
image: "{{ .Values.o2ims.images.tags.o2service }}"
{{- if .Values.o2dms.helm_cli_enable }}
- name: helmcli
image: "{{ .Values.o2ims.images.tags.o2service }}"