Kubernetes Secret Creation - Keys and Certificates for Oauth2 Support

In this section, you will learn to configure Oauth Token validation and update Oauth token.

Configuring Oauth Token Validation

To configure Oauth Token Validation:

1. Create NRF access tokens using following private keys.

   ECDSA private key (Example: ecdsa_private_key_pkcs8.pem)

   RSA private key (Example: rsa_private_key_pkcs1.pem)

2. To validate these access tokens, you need to create a secret and configure the public keys fetched from NRF into the ocudr-ingress-gateway. The public key naming format should be:

   <nrfInstanceId>_<AlgorithmUsed>.pem (6faf1bbc-6e4a-4454-a507-a14ef8e1bc5c_ES256.pem

3. To create a secret:
   1. Login to Bastion Host or a server from where you can execute kubectl.
   2. Execute the following command to create a namespace for the secret:

      kubectl create namespace ocudr

   3. Execute the following command to create kubernetes secret for NF access token validation:

      kubectl create secret generic oauthsecret --from-file=6faf1bbc-6e4a-4454-a507
      -a14ef8e1bc5c_ES256.pem--from-file=6faf1bbc-6e4a-4454-a507-a14ef8e1bc5c_RS256.pem -n 
      ocudr

      Note:

      The file names in the above command are same as in Step 1.
   4. Execute the following command to verify whether sceret is created successfully:

      kubectl describe secret oauthsecret -n ocudr

Updating Oauth Token

To update Oauth token:

1. Login to Bastion Host or a server from where you can execute kubectl.
2. To update the secret with new or updated details:
   1. Execute the following command to delete the secret and recreate it:

      kubectl delete secret oauthsecret -n ocudr

   2. Fetch or get the updated public keys from NRF.
   3. Execute the following command to recreate the secret with updated details:

      kubectl create secret generic oauthsecret --from-file=0263663c-f5c2-4d1b-9170-f7b1a9116337_ES256.pem --from-file=0263663c-f5c2-4d1b-9170-f7b1a9116337_RS256.pem -n ocudr