From be14f4b3af5349069527bed510d36648fb45ca92 Mon Sep 17 00:00:00 2001 From: "Zhang Rong(Jon)" Date: Wed, 22 May 2024 22:44:02 +0800 Subject: [PATCH 1/1] Support mTLS (Mutual TLS) with O2 API Since the specification defined the API should support mTLS (Mutual TLS). This commit will enable the mTLS support in the O2 IMS API. Test Plan: 1. Request the O2 API with client key and client cert, the API works as expected. 2. The O2 API which is configured with the client CA cert can serve the client requests as expected. Issue-ID: INF-448 Change-Id: If53fb4fea1dac33968f167b0f40e83d34615faec Signed-off-by: Zhang Rong(Jon) --- charts/resources/scripts/init/o2api_start.sh | 6 +++++- charts/templates/deployment.yaml | 3 +++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/charts/resources/scripts/init/o2api_start.sh b/charts/resources/scripts/init/o2api_start.sh index 4581db5..e790a6f 100644 --- a/charts/resources/scripts/init/o2api_start.sh +++ b/charts/resources/scripts/init/o2api_start.sh @@ -15,6 +15,10 @@ #!/bin/bash # The gunicorn start with [::] to listen on both IPv4 and IPv6 -gunicorn -b [::]:80 o2app.entrypoints.flask_application:app --certfile /configs/server.crt --keyfile /configs/server.key +gunicorn -b [::]:80 o2app.entrypoints.flask_application:app \ +--certfile /configs/server.crt \ +--keyfile /configs/server.key \ +--ca-certs /configs/smoca.crt \ +--cert-reqs 2 sleep infinity diff --git a/charts/templates/deployment.yaml b/charts/templates/deployment.yaml index 72e3580..29e387f 100644 --- a/charts/templates/deployment.yaml +++ b/charts/templates/deployment.yaml @@ -179,6 +179,9 @@ spec: mountPath: /configs/server.key subPath: config.json readOnly: true + - name: smocacrt + mountPath: /configs/smoca.crt + subPath: config.json {{- if .Values.o2dms.helm_cli_enable }} - name: helmcli image: "{{ .Values.o2ims.images.tags.o2service }}" -- 2.16.6