From 6f831eb1d2a0910566117bcc68fa26c23fb1f775 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Elisamara=20Aoki=20Gon=C3=A7alves?= Date: Tue, 23 Sep 2025 18:15:05 +0000 Subject: [PATCH] Update portieris trusted caCert MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replace "caCert" with "TrustedCACert" Story: 2011331 Task: 52851 Change-Id: If4a783ab23fe993276b82cd82b1a3316482cc992 Signed-off-by: Elisamara Aoki Gonçalves --- .../security/kubernetes/install-portieris.rst | 24 +++++++++---------- ...tieris-server-certificate-a0c7054844bd.rst | 6 ++--- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/doc/source/security/kubernetes/install-portieris.rst b/doc/source/security/kubernetes/install-portieris.rst index f27ae7cea..eee457c24 100644 --- a/doc/source/security/kubernetes/install-portieris.rst +++ b/doc/source/security/kubernetes/install-portieris.rst @@ -10,11 +10,11 @@ You can install Portieris on |prod| from the command line. .. rubric:: |proc| -#. Locate the Portieris tarball in /usr/local/share/applications/helm. +#. Locate the Portieris tarball in ``/usr/local/share/applications/helm``. For example: - /usr/local/share/applications/helm/portieris-.tgz + ``/usr/local/share/applications/helm/portieris-.tgz`` #. Upload the application. @@ -22,32 +22,32 @@ You can install Portieris on |prod| from the command line. ~(keystone_admin)]$ system application-upload /usr/local/share/applications/helm/portieris-.tgz -#. Set caCert helm overrides if applicable. +#. Set TrustedCACert helm overrides if applicable. In order to specify registries or notary servers signed by a custom |CA| - certificate, the caCert: CERTIFICATE override must be added to the - portieris-certs helm chart. This must be passed as the b64enc of the |CA| + certificate, the ``TrustedCACert:`` CERTIFICATE override must be added to + the portieris Helm chart. This must be passed as the ``b64enc`` of the |CA| certificate and may contain 1 or more |CA| Certificates. For example: - #. Create the caCert.yaml override file. + #. Create the TrustedCACert.yaml override file. .. code-block:: none - ~(keystone_admin)]$ echo 'caCert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURYVENDQWtXZ0F3SUJBZ0lKQUpjVHBXcTk4SWNSTUEwR0NTcUdTSWIzRFFFQkN3VUFNRVV4Q3pBSkJnTlYKQkFZVEFrRlZNUk13RVFZRFZRUUlEQXBUYjIxbExWTjBZWFJsTVNFd0h3WURWUVFLREJoSmJuUmxjbTVsZENCWAphV1JuYVhSeklGQjBlU0JNZEdRd0hoY05NVGd3T0RFMk1qQXlPREl3V2hjTk1qRXdOakExTWpBeU9ESXdXakJGCk1Rc3dDUVlEVlFRR0V3SkJWVEVUTUJFR0ExVUVDQXdLVTI5dFpTMVRkRYwWlRFaE1COEdBMVVFQ2d3WVNXNTAKWlhKdVpYUWdWMmxrWjJsMGN5QlFkSGtnVEhSa01JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQgpDZ0tDQVFFQXV4YXJMaVdwMDVnbG5kTWRsL1o3QmhySDFPTFNTVTcwcm9mV3duTmNQS3hsOURmVVNWVTZMTDJnClppUTFVZnA4TzFlVTJ4NitPYUxxekRuc2xpWjIxdzNXaHRiOGp2NmRFakdPdTg3eGlWWDBuSDBmSjF3cHFBR0UKRkVXekxVR2dJM29aUDBzME1Sbm1xVDA4VWZ6S0hCaFgvekNvNHMyVm9NcWxRNyt0Qjc2dTA3V3NKYQ0RFlQVwprR2tFVmRMSk4rWWcwK0pLaisvVU9kbE5WNDB2OE1ocEhkbWhzY1QyakI3WSszT0QzeUNxZ1RjRzVDSDQvK3J6CmR4Qjk3dEpMM2NWSkRQWTVNQi9XNFdId2NKRkwzN1p1M0dVdmhmVGF3NVE0dS85cTFkczgrVGFYajdLbWUxSzcKQnYyMTZ5dTZiN3M1ckpHU2lEZ0p1TWFNcm5YajFRSURBUUFCbzFBd1RqQWRCZ05WSFE0RUZnUVVyQndhbTAreApydUMvY3Vpbkp1RlM4Y1ZibjBBd0h3WURWUjBqQkJnd0ZvQVVyQndhbTAreHJ1Qy9jdWluSnVGUzhjVmJuMEF3CkRBWURWUjBUQFVd0F3RUIvekFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBZzJ5aEFNazVJUlRvOWZLc1IvMXkKMXJ5NzdSWU5KN1R2dTB0clltRElBMVRaanFtanlncFFiSmlGb0FPa255eHYveURLU0x6TXFNU2JIb0I1K1BhSQpnTERub0F6SnYxbzg3OEpkVllURjIyS2RUTU5wNWtITXVGMnpSTFFxc2lvenJQSUpWMDlVb2VHeHpPQ1pkYzZBCnpUblpCSy9DVTlRcnhVdzhIeDV6SEFVcHdVcGxONUE4MVROUmlMYVFVTXB5dzQ4Y08wNFcyOWY1aFA2aGMwVDMKSDJpU212OWY2K3Q5TjBvTTFuWVh1blgwWNJZll1aERmQy83c3N3eDhWcW5uTlNMN0lkQkhodGxhRHJGRXBzdQpGZzZOODBCbGlDclJiN2FPcUk4TWNjdzlCZW9UUk9uVGxVUU5RQkEzTjAyajJvTlhYL2loVHQvZkhNYlZGUFRQCi9nPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=' > caCert.yaml + PEMFILE='/home/sysadmin/mycacert.pem' + CATOTRUST=$( base64 -w0 "$PEMFILE" ) + echo "TrustedCACert: $CATOTRUST" > TrustedCACert.yaml #. Apply the override file. .. code-block:: none - ~(keystone_admin)]$ system helm-override-update portieris portieris-certs portieris --values caCert.yaml + ~(keystone_admin)]$ system helm-override-update portieris portieris portieris --values TrustedCACert.yaml -#. Apply the application. +#. Apply the Portieris application. .. code-block:: none - ~(keystone_admin)]$ system application-apply portieris - - + ~(keystone_admin)]$ system application-apply portieris \ No newline at end of file diff --git a/doc/source/security/kubernetes/portieris-server-certificate-a0c7054844bd.rst b/doc/source/security/kubernetes/portieris-server-certificate-a0c7054844bd.rst index b88dcb344..0bfbc1e81 100644 --- a/doc/source/security/kubernetes/portieris-server-certificate-a0c7054844bd.rst +++ b/doc/source/security/kubernetes/portieris-server-certificate-a0c7054844bd.rst @@ -27,9 +27,9 @@ This server certificate is used by Portieris webhook for secure communication with ``kube-apiserver``. In order for Portieris on the |prod| to securely access registries or notary -servers with certificates signed by a custom |CA| certificate, the caCert: -CERTIFICATE override must be added to the portieris-certs Helm chart so that -Portieris trusts the custom |CA| certificate. +servers with certificates signed by a custom |CA| certificate, the +``TrustedCACert:`` CERTIFICATE override must be added to the portieris Helm +chart so that Portieris trusts the custom |CA| certificate. This must be passed as the base-64 encoded (b64enc) format of the |CA| certificate and may contain one or more |CA| certificates.