Merge "Support mTLS (Mutual TLS) with O2 API"

author Jon Zhang <rong.zhang@windriver.com>

Fri, 24 May 2024 01:38:38 +0000 (01:38 +0000)

committer Gerrit Code Review <gerrit@o-ran-sc.org>

Fri, 24 May 2024 01:38:38 +0000 (01:38 +0000)
author Jon Zhang <rong.zhang@windriver.com>
Fri, 24 May 2024 01:38:38 +0000 (01:38 +0000)
committer Gerrit Code Review <gerrit@o-ran-sc.org>
Fri, 24 May 2024 01:38:38 +0000 (01:38 +0000)
diff --git a/charts/resources/scripts/init/o2api_start.sh b/charts/resources/scripts/init/o2api_start.sh

index 4581db5..e790a6f 100644 (file)
--- a/charts/resources/scripts/init/o2api_start.sh
+++ b/charts/resources/scripts/init/o2api_start.sh
@@ -15,6 +15,10 @@
  #!/bin/bash
  
  # The gunicorn start with [::] to listen on both IPv4 and IPv6
-gunicorn -b [::]:80 o2app.entrypoints.flask_application:app --certfile /configs/server.crt  --keyfile /configs/server.key
+gunicorn -b [::]:80 o2app.entrypoints.flask_application:app \
+--certfile /configs/server.crt \
+--keyfile /configs/server.key \
+--ca-certs /configs/smoca.crt \
+--cert-reqs 2
  
  sleep infinity
diff --git a/charts/templates/deployment.yaml b/charts/templates/deployment.yaml

index 72e3580..29e387f 100644 (file)
--- a/charts/templates/deployment.yaml
+++ b/charts/templates/deployment.yaml
@@ -179,6 +179,9 @@ spec:
                mountPath: /configs/server.key
                subPath: config.json
                readOnly: true
+            - name: smocacrt
+              mountPath: /configs/smoca.crt
+              subPath: config.json
          {{- if .Values.o2dms.helm_cli_enable }}
          - name: helmcli
            image: "{{ .Values.o2ims.images.tags.o2service }}"
author	Jon Zhang <rong.zhang@windriver.com>
	Fri, 24 May 2024 01:38:38 +0000 (01:38 +0000)
committer	Gerrit Code Review <gerrit@o-ran-sc.org>
	Fri, 24 May 2024 01:38:38 +0000 (01:38 +0000)
charts/resources/scripts/init/o2api_start.sh		patch \| blob \| history
charts/templates/deployment.yaml		patch \| blob \| history