Skip to content
This repository has been archived by the owner on Aug 27, 2024. It is now read-only.

Commit

Permalink
Temporarily use a self-signed cert for nerc-ocp-test
Browse files Browse the repository at this point in the history 
Install a temporary certificate to resolve the issued noted in [PR 366].
This permits Vault to authenticate the API certificate presented by
nerc-ocp-test.

This is a temporary measure pending a more robust solution for issuing
internally trusted certificates.

[PR 366]: OCP-on-NERC/nerc-ocp-config#366
  • Loading branch information
@larsks
larsks committed Feb 13, 2024
1 parent 8b08553 commit 3668a77
Show file tree
Hide file tree
Showing 2 changed files with 33 additions and 1 deletion.
2 changes: 1 addition & 1 deletion config/clusters/nerc-ocp-test.jsonnet
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ local service_account_namespaces = [
cluster(
"nerc-ocp-test",
"https://api.nerc-ocp-test.rc.fas.harvard.edu:6443",
importstr "certs/letsencrypt_ca.crt",
importstr "certs/nerc_test_api.crt",
importstr "tokens/nerc-ocp-test.txt",
service_account_namespaces,
)
32 changes: 32 additions & 0 deletions lib/certs/nerc_test_api.crt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
-----BEGIN CERTIFICATE-----
MIIFcjCCA1qgAwIBAgIUFO28ksaoJjV1yzYQnJvRxYPg7sgwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAwwkYXBpLm5lcmMtb2NwLXRlc3QucmMuZmFzLmhhcnZhcmQu
ZWR1MB4XDTI0MDIxMTIzMTk0MloXDTM0MDIwODIzMTk0MlowLzEtMCsGA1UEAwwk
YXBpLm5lcmMtb2NwLXRlc3QucmMuZmFzLmhhcnZhcmQuZWR1MIICIjANBgkqhkiG
9w0BAQEFAAOCAg8AMIICCgKCAgEAp9iKDvt1ooW6JtDr0hdfaiMjRpgnvp/vKv2A
uPKh4OyxcNmB+TkHkoVs4rCFwPiR90OZk7sNu1FGOKmowmrNcRUB/n5CmHVgle3E
mvKbJ6rzfDVhfnF6i0jZtc3b2xeBhsSGI1m9jUcd5xM46dorlezYMsvhxJ+VtMmr
NAAVYojzPnCk1p8VA0QDf8vDWqfXjCS62d9W7N46INC0wHsWPlVGy9bm6YxM5p+2
G+Vd0XEj0Q7bZHtFklNqoIpnvD6bH7AU7DFewiZpt+uz/O1mC8Cd+io6gHcBWGT/
vR8hnMI2QPTXKAQXbn1LyG7mi0FinTJfVyRSvuHJMWpkLb2i+3p6yt2k8REPK6yg
hCYO3Q4VyjcqG+VCRnx0r5b0ypjt7o6o3wHrpk1ytTawvAzgFeDr9166AG6b922R
euTym+vWWREK4RLToEqyeAFdoGOckGMs5tEPbfkctj7EEfhxeHl4ycIRPRFm7siq
fSsSSh0amYCU7mEl3ZOseOAL5t3SfbY24McCboetHegV/PyDQ2gGbV3OQBvUKx65
HHoMxeFGRjOv06fne8aluJZcMGMUXVDK6ACw7TbETZok5AJVD7byD0jp1Uik3HfC
uUb+0LHe4R1NogHjYNWoSY24HDByGrNKoQ7T8O/+JiOTZ4e2RqPPWSVhk6sA/ms4
Fj/QTakCAwEAAaOBhTCBgjAdBgNVHQ4EFgQUNaFVjhLeTrSS8fK/sEaBs0xA+usw
HwYDVR0jBBgwFoAUNaFVjhLeTrSS8fK/sEaBs0xA+uswDwYDVR0TAQH/BAUwAwEB
/zAvBgNVHREEKDAmgiRhcGkubmVyYy1vY3AtdGVzdC5yYy5mYXMuaGFydmFyZC5l
ZHUwDQYJKoZIhvcNAQELBQADggIBAIuRrTdy5MRxy45MTbCDlVw7ugWFZ0A3FNvh
oZTgotrYpa3wzAPvfkI3JopQ9+x18lsvGEZB/h/AkQIC4ct6fvflDae1CsuqZiU/
4r5zCZrt/+eo79ODFP23OuZOzoQ7fbSYjASH2d1fv0qZQ5DlUWifgId0RTYlbx50
/N8JDIiK1E2aD4hh5ogTSRLCAU5USa+eEFWfM4ViSFAWkWx5z6dIIzAfVrDcKd+f
823zIxoqNfbnmp77ToUFkdaZrM7oUSvfV1so/KfilOo7Yxqy+S65Am6HCL4mQG0P
Vl/pVatG/XLW+osasF9ggY4pPiKO+eeKkE0xVvrYu0i2mL8hUGZAWGPhcirga2p9
6g1vcvvX0J26mlQTRqPs3wJ6v6M3ODJQ68upAmTY/qSYQp0kBenPes6+lCGfOUGx
i/xIfvSLKMVzYJktba/y8gYmZlnXWcaDsAzBfd7ZL2D2PObwkdmFx5G2sMhYAsrG
lO0FHuil1csydqNn1p/zseV0rLz86wr7EEELI7DtgCt5uoMQayXy5u/UexUnmSC/
SA9tPvJv9ESdovyXclTR6aEjhZz/9u7m39HxRMv1+b77Rny/7vR2PeFRyZn41E5f
0kq/oxI23vRRvjVgTKY0aBYZ/rHuUObV4Hs8A32GAVRd0xkl4UZ9KITnpfI+RTUl
V7N8Njz4
-----END CERTIFICATE-----

0 comments on commit 3668a77

Please sign in to comment.