From 653b7d53bbb3a67e2a9965c9f17cbfc6e9497c01 Mon Sep 17 00:00:00 2001 From: garciagenrique Date: Fri, 28 Jun 2024 17:36:35 +0200 Subject: [PATCH] add grid CA secret for server --- infrastructure/scripts/3-rucio_server_secrets.sh | 7 +++++++ .../rucio-dev/ss_servers-dev-server-gridca.yaml | 15 +++++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 infrastructure/secrets/rucio-dev/ss_servers-dev-server-gridca.yaml diff --git a/infrastructure/scripts/3-rucio_server_secrets.sh b/infrastructure/scripts/3-rucio_server_secrets.sh index 96f3b6a..a8f1468 100755 --- a/infrastructure/scripts/3-rucio_server_secrets.sh +++ b/infrastructure/scripts/3-rucio_server_secrets.sh @@ -58,3 +58,10 @@ kubectl create secret generic ${HELM_RELEASE_SERVER_AUTH}-server-cafile --dry-ru kubeseal --controller-name=${CONTROLLER_NAME} --controller-namespace=${CONTROLLER_NS} --format yaml --namespace=${RUCIO_NS} > ${SECRETS_STORE}/ss_${HELM_RELEASE_SERVER_AUTH}-server-cafile.yaml kubectl apply -f ${SECRETS_STORE}/ss_${HELM_RELEASE_SERVER_AUTH}-server-cafile.yaml + +# Create server secret for the GridCA file +# The content of this file is the same as in /etc/pki/tls/certs/CERN-GridCA.pem but mv'd. +kubectl create secret generic ${HELM_RELEASE_SERVER}-server-gridca --dry-run=client --from-file=${RAW_SECRETS_SERVERS}/CERN-GridCA.pem -o yaml | \ +kubeseal --controller-name=${CONTROLLER_NAME} --controller-namespace=${CONTROLLER_NS} --format yaml --namespace=${RUCIO_NS} > ${SECRETS_STORE}/ss_${HELM_RELEASE_SERVER}-server-gridca.yaml + +kubectl apply -f ${SECRETS_STORE}/ss_${HELM_RELEASE_SERVER}-server-gridca.yaml \ No newline at end of file diff --git a/infrastructure/secrets/rucio-dev/ss_servers-dev-server-gridca.yaml b/infrastructure/secrets/rucio-dev/ss_servers-dev-server-gridca.yaml new file mode 100644 index 0000000..818aaff --- /dev/null +++ b/infrastructure/secrets/rucio-dev/ss_servers-dev-server-gridca.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: servers-dev-server-gridca + namespace: rucio-dev +spec: + encryptedData: + CERN-GridCA.pem: AgA89mQsbo5zCR2Y7XjEZT7X0Mlzrdkd4o3jVXIh3cZIgV6MJXDaeCFkZyxQsAtaCGaS7GFUNSoWE72VRPvHZ+GDFEiZdSeKwHVgbYpG1dPv93i4DvSOWKHyaBorHfGBaK7puE8iZC7jRcMVugwRCCtC+Uar8ouduWEC1rHsqOWhmqeRv5TmzWGoZV3yXtsxFwV4FpQj1E8RrCPS/pJokSeiwe0GZ12/kh7ivNQwYvwg1FgShrR/S68PYxuR1Z/xCpSFbxmzCawpJY4bJwOfslpDRr8AoM19aijJuEspsQlEcPNuDsxULamUiY6b1asFatRrhz6CmJSVRNaaOUhvvR45wh8djXuXK6tHki6hKqTM05Tr2mkEmp5EPW8CV4++/baToykFLiANpaVZiUQ+t9AgNsPY5Sac3pOE8giM20PlDQJVcHrTDixTyLDvPGJrNxTlGUTiFgDwMd1ZLkKc+XovWmxcK1VB8CXv2f5UdR9cvyESRfqBJ3DQpQb1m4GgO9yMaYt1wRafBcUiY2UWTYfvkn26oO43SRv/u/vwAcPmp8bxWtm7S1LkQRjQh6SCJkOxI/w8ncfbBymZzSbrGm17AI/Me91RTYEeN2CLuctupELvsXrXlrUroygMUTa48soUDA0iOYXm4UG05zIjJkct6ljUk2/DZj2gElAMo+t+VMyICG6698+HY2RYztBYsbH37ohE7BRdDLdfQSOkgFWHsgr9kXBCAG9QfOqDhw6HiNu19njMOPpX+mOcIuXEcyEW+yyD7gDLUvHDSZOYVunpCclHCEVqCMwwDGvVe/8K9cFFsFuy0e/zpkoMFK+yy5sV71h4xyX51vyXfYvpsUqiWUufV/j86yxNU3pSZ4/AHkI823MJPNRfIcVHD0kAH3vHovJuiMcwghd+a+6f7pFzRwrYv3C2brDS56FlUr48VN5I/yQ54xbFT87NX8GA3w5Fdpadxkz7ooBRT/ma/Ty4fF52D5HM3hY2p0J7vP+dsYL/lcVcaPu+YQEYtvoPS9TtSdrOS58WjoN2vSX79MogI1DNKitO7SmpjD4rGALxfpm4qh3XXKa7CTVM+o/Cdi8PA8j9aNZv2vBAPKZVC5HKIfaVG1B9vbTGYn6RPG9/RqIoYjUVAinqouZA3m/Bpgj7Qc//3ec7UwWYYm6D0gxt9D766T8o8jpwbYwe90t3IvJF9kNgxh9GLneqNJQOEtJc88XI5VsL493EuP7j2mMZUtFdV0k2+3fq/wlAFbn/VkfvAnFe4xrmayEs5SsE3QrHcO/F+K/Wue+7kZ8/qEdodklIGIZqR+NWSgCf4kC5Kv1j5W7i2RxK7lkvi/Pq87GJORI0z5bvcPKzlr86HD4jU7CEdEsHhgjN1AL/5N7JXgvM+8DuXQ5hfVLV2p+76DyKXHApMgz0lM8ZCUMRqMrHmLJCe5ijuwkbjO0ajTOZVELKDXtSoSCL2UBuOk2Pw1/aSnr/0DAR9MMCtAdOhUB7HkJ2UbyziIo+imiFUR1q5idtycXpB66lbIvkcSMw6Axx31pdnrKkRp9vJAvc1d/Sks3TGjroOPKQ66PY9JIomvX5RDX0LH3+SvcY6JVBRMvbLxsqQvqW7caCz006vlxPg2O1ncHvddC+VOym2uCRnqT7gWcLpWUoZ3fuMTPPu9T6eTSRB8IKK7T4LMgx75hfZP/XhMnmn0OTKZ2upK3AryJntKwHBU2XiY9s9Y6Ou+payFgmmvb9YPlREPCAUxeKr/bw+rXirI4LtloMFAl5h7GtBJ76SqzZ1qr5FVbOFUgD79bLOhiilHTSwgnb22sjGsthOETP/p2DGIcw4uzRnw4ruLNiLvypsiye2qDV609DNx72xHXNPffaNC+0CaXGIc96OFV/CrWu+wL78my6bNsq5IjQD1Ous25Plh0TVoGB+MpLqomAXrfThNH0fc9QPQM92clzDUENoxoeSOZMgRKfLRpP5vwAx3Sn5VqKJzMAmPdymRHxZgxuEyNKgY9jwcyqLPKeg49u1OiIX/1YdKE8JisETZIVmtw4VGdRON9W6H4WGVwpvQRocvmxRL8zsLFEkOOPuKFpZaGLlwrJ7+32uzk/iEjWdZ0/NEdbXMmuSsxeJFi1vKHTfWqqmFjOQfNHbX9l1Y+alMsCBA4htEK8u0jwzWbrrP/InVKP/1viGMs+L1XfJ1VCHgTXReO+053cuYk7pU//g67aUrK8dI9Pecqm1oMq1BjnreXO22KWVIUax1FhR7k5CI4E/DzNYfbK2mSVadOw+SjSK/FDjUWMwml/xqpzj85R6XCOxdJ41Xt3A5nYbhddpIYGh+lNLdjTHIIoUhXu6ERdaEi8WamT99zIMymr6DLDAQZjOc7eZUcV4KXUruHMO3R+2HsVMFVJRxj1r5zmawDKZKCQr3M9f9aSM2cJBhl+ufJVe551/NfWDJ40FPY6bGW2N7psBgYI/8KRLcRmAJRn4UaRZJ0g4ji29KFiH5Gon0JecsC1lXUoqHyV2dTxt5cb/f0JA1svmJLShJzzf3ocZKvbN2BOYsaPG2DwrjJp/FnqDZlFYTB6zgTdaQiHQ+0VG1K3uodgLrHMCHZUc6U+2Qy1Y0AseaV3FFJfvkSlH2Bs3OufgkM1UIqFyILymbyny76d/H8Z5UMy6/Ks83WMeH/9Dq8lqe+zDXTP98hRjQgKarFxw67RdYuqkmOYOyEV0zSfjsR3205sSC2Oqx5E5UPonQC2QDZ4hu4MPLY7zm0n5lISCqaRLPW+Kk/3ieIGO+yKcr1eez5+XKpKDJmMCUjWqxe48BC7AEAQPsw3tg9VuZx+HdEhl08mayduMjjZ2a5O9kCstl/o7/LAW8LY7gWmvp9WUK5hj+HFxxdBTVymb9/zbSTuZd03IxYYk2evqQ980ZYtDMMf15XzdJ4WtCbQmyPjczCp29ExGy/dEkUyOzu8NJZeN/gFkHAFmQ7g0PCpOEsWG7k+GChzZ1a5UBCbwMzskTHDcDtn8qsNFucF8KJ3zo1FB6LgSSAz5ualfnB2qhaIgZj83nbo0Oe9jXBu77OVDDJCMYFQWAfGiGxmG5d4oWCf5ftLtg54Tz4JFknIBQ/0GaIGE3VjmtqJDnxh0Nz/wN3DFP8YgJ3k5/4HpSjp5u7ryDYW98L39FEuMAVIzRHjAYUNN5o75LVc/V2JhaOmzO5P7RdvXzvILm7jnVq343DHfmj9sWl3JfjC6/nJ2yzDH8o4Z15/6MG9IOyyw5//cTyFHw/jmztgNm1tokhP5NWZ/1MuYhHY4U5HH5pIMERZlzCUYHKaIxge0Bl8pAm4DSfA9aj9UPq37TLpMaxRv9GipYszK+6AAW+8bDu7lQ9XirnVTuLTbYWqM0PhA21i3cNv7BE++RsVX6QVe4cNt2ZFSEBril0uqc1p1+rNsLTRC6Bet9VheLuMgTNPiKR1B6VbPMhW7wvSm5ar0OHHH4pkWq7MWjcXDVF9+ocI7OPE8VwyDGeXAityW+Bhos8Q0KpJNc8xLG28kKNcV5tNKR5xkW1wkC2LMN/q3n0Sirceztr5GTgUXlrt6d83BohaJPSyhxUtsnUDMzfJnzLZTELWTYKW7+2wdGxtsxJIbP9RmexvCpmuGd8W/q/BsCtCZbZEahkQW+ESrFlRxFGSyD8KrwzcABeTUriJcbbiu0ghg850tCgyoGHoAYrowiSG2wTLPyrYevlCJJgVNngYK5yGBfrqApHmvyt41+F6e0JiQG5ZmHQnZBvsc5gf01ysHiQqNswt/9rrKSlrA9TVgG8/QhbMt5RAwSLgmNwFPELAqPzdYcAoLA3nEthVH6KvadB6y6nhoXmI1/SAJPbM1NCuqDaCZct+JfPa710jMf/GZFv7eIxmMwvrBP5oltkv7dw2H9lFyFiwcc605yZxUQ0Igxqm7fb+vvfhc5dLJ1d8FMNuilOQcOZJKC2dgLpV+Om8EZp9Y/nyaPdeqGXbpncms+KWHjcahqNq6EdtW4K76nDz5CRBKQWLzPlcmYODccFSGgAeZ/YWx44moSYwN9o1PqvkBkOhWlio/tVTucQnxtR+Z2JLiokMKqUyjoczGfw0TneSTpWgR5pkja3H3O23kz64FCY3+5YvGt54PzkxO/JIzwRJmNf4vUzTjZRrLjVCrgay6Zi/t6YG9QEH/bGPrv7zYSpssR3shVbiZa+Eagvj20jFogFPxiV54uOrhgMSuxO4f5fsdG/qqi3AA974shydUgg3fF+XGewBcawpFYmGL9zuZKc4cAU3i9kzofYBv5L5QNGrX4j9Ou2Yx5fnScp8XWjXlyQIS7MPLLEZY3v+p2SvgG32jOzRvlCtxA6CuOb05fnM13fq79gX56NBX2WhXF3amq9VEFqsNY+/aPELlaku9xnllrWzJhre9RVz1euhMov/P0fggW8HcptIeMPEWwOhnWYKs2gi1VaI1eyKbo6VAOrPh7H+LNKYMvfx8UQewx4vSgsZ2S+7LHw5wrkiq5ieQGh+Y9950ybiKGUNhK3zZiA4BoJBvE7HDfY8iun20LywIujh+KfuqYd5CuAjtrMJCu4oZapYwnORTEzrmNwocy9utNAxnvlfZjborTmbp2KqNNRn/+zQQmvMj7JBADxrJ2xpJ/p58me/8zDlMquum+WAMqaoblaIeqx7KrPfd2CsCYC94do70j0zDbgcy+YrTR3ytwXIPn/3wGQudy1PhkfqotwZyqCJUPFpOxA8wynaMzozgx6QD+qj2YfcL4mxIKY46k+ImBvLWQXh+JyKRexagIg8Ps7nF0aXkQl7+R2ITXxomYDIlBwgxeYEW4g8DrnF8ige0PQG0gsaogUoD7/keDvA2Clxr+YnfzDRWmUz7Bg3p2rfx9nWGYSmd2J65FpCgWHNSPWrQoPBa2Ihb6ehea9wTFtZE+b6N8D46QZwOG3WdCdT0/r96XUBbGwvYVN02zf3ni+QcqOPhvs1v+BRl8AXPfKV+Iqx79J0216BRN1Tmy/3vd+m9gquiDJcKzNqRYL9NfDE0KvUcRFM9RnicrNv+l41DKQrwlySIzcoalUw0eA7ZjX+7DOfIec1V+xyxRSJ8lcf9vTtjVsWwShQfvbee9pmzH8OBBWmTdHrG8k1OBTJIv1EzRK6vgu/wKAnohZ1xkC7FMAIL16HiAyfOCXqoLkm9o7DvNPdSueGTV5rZciB7TPrrQUmzYgTJd8EWUcMsbLGFR1rDrO0KE7a8AAynFjd + template: + metadata: + creationTimestamp: null + name: servers-dev-server-gridca + namespace: rucio-dev