-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TLS on SBI Interfaces #131
Comments
Hi Luis, We do not actually support setting cacert, key and cert in the helm chart values (check https://github.com/Gradiant/openverso-charts/blob/master/charts/open5gs-ausf/values.yaml). You can try to provide the full ausf configuration in the "customOpen5gsConfig" helm chart value key. Another option is, on runtime, to edit the corresponding open5gs-ausf configmap to add the 'cacert' 'key' and 'cert' and restart the pod. To check with curl you have to add the flag |
Hi Luis, As Carlos said, we don't provide support for TLS, so, we don't have expertise resolving these kind of issues. Nevertheless, I think you can comment your issue in the open5gs repo, as I believe this problem is more related with the framework rather than the chart. Best regards, |
Sorry Luis, but I don't know what is the cause of your problem. I think you can put your issue in the open5gs repo and try to get better help for this. BR, |
Hi!
I am trying to configure and enable TLS in SBI interfaces. I used your project to deploy Open5GS inside a kubernetes cluster. I started by changing the config files, setting the "no_tls" value to "false".
After that i used openssl to generate the CA and create certificates to the NFs (i only created for the AUSF for now). Then i tried to move the ca.crt, ausf.key and ausf.crt to the pod container of the AUSF with the command:
kubectl cp file-spec-src file-spec-dest -c specific-container
However, i was getting erros due to permissions, and even when i tried to move to the /tmp directory, everytime i restarted the pod, the files just got deleted so it was not a solution. So i tried this, with "no_tls" as "true", so it can create the pod AND to create the certificates in the /tmp/tls directory:
and then run this command
helm upgrade --install -f open5gs.yaml open5gs openverso/open5gs -n open5gs ,
And then run it again, but with value of "false"
and then run this command again
helm upgrade --install -f open5gs.yaml open5gs openverso/open5gs -n open5gs
Now when i go into the /tmp/tls directory i see the certificates. (I checked with cat and the certificates seem all okay):
and when i look into the ausf.yaml file it looks like this
However, isn't the ausf.yaml file supposed to have the path of certificates?
Also, how can i check if tls is actually working with curl? When i executed curl commands with https i get an error:
Can someone help me on this please?
Regards,
Luís Loureiro
The text was updated successfully, but these errors were encountered: