diff options
author | Tomasz Wrobel <tomasz.wrobel@nokia.com> | 2021-03-29 11:50:57 +0200 |
---|---|---|
committer | Tomasz Wrobel <tomasz.wrobel@nokia.com> | 2021-04-09 13:08:42 +0200 |
commit | 495e8f8283bd6dfb7b4d4f822b06291a7cf04205 (patch) | |
tree | 7e6e5ea2b7e7e8d060ea5a4c10389776355bbe4f /k8s/configure/configure.py | |
parent | e5f88ea35d88fc4c956d3a7356bc751a0bb11f2d (diff) |
Add configuration of external tls init container - CMPv2
- Add configuration of certificates exists in secret
- Add configuration of secret contains passwords
Issue-ID: OOM-2712
Signed-off-by: Tomasz Wrobel <tomasz.wrobel@nokia.com>
Change-Id: I4e0d6fb3717fdf19b5110a83d9273fd7bcf75757
Diffstat (limited to 'k8s/configure/configure.py')
-rw-r--r-- | k8s/configure/configure.py | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/k8s/configure/configure.py b/k8s/configure/configure.py index 142e2ec..d661631 100644 --- a/k8s/configure/configure.py +++ b/k8s/configure/configure.py @@ -48,8 +48,12 @@ EXT_TLS_STATE = "California" EXT_TLS_ORGANIZATIONAL_UNIT = "ONAP" EXT_TLS_LOCATION = "San-Francisco" EXT_TLS_CERT_SECRET_NAME = "oom-cert-service-client-tls-secret" -EXT_TLS_KEYSTORE_PASSWORD = "secret" -EXT_TLS_TRUSTSTORE_PASSWORD = "secret" +EXT_TLS_KEYSTORE_PASSWORD_SECRET_NAME = "oom-cert-service-keystore-password" +EXT_TLS_TRUSTSTORE_PASSWORD_SECRET_NAME = "oom-cert-service-truststore-password" +EXT_TLS_KEYSTORE_SECRET_KEY = "keystore.jks" +EXT_TLS_TRUSTSTORE_SECRET_KEY = "truststore.jks" +EXT_TLS_KEYSTORE_PASSWORD_SECRET_KEY = "password" +EXT_TLS_TRUSTSTORE_PASSWORD_SECRET_KEY = "password" CERT_POST_PROCESSOR_IMAGE = "nexus3.onap.org:10001/onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.1.0" CBS_BASE_URL = "https://config-binding-service:10443/service_component_all" @@ -88,8 +92,13 @@ def _set_defaults(): "organizational_unit" : EXT_TLS_ORGANIZATIONAL_UNIT, # Organizational unit name, for which certificate will be created "location" : EXT_TLS_LOCATION, # Location name, for which certificate will be created "cert_secret_name": EXT_TLS_CERT_SECRET_NAME, # Name of secret containing keystore and truststore for secure communication of Cert Service Client and Cert Service - "keystore_password" : EXT_TLS_KEYSTORE_PASSWORD, # Password to keystore file - "truststore_password" : EXT_TLS_TRUSTSTORE_PASSWORD # Password to truststore file + "keystore_secret_key" : EXT_TLS_KEYSTORE_SECRET_KEY, # Key for keystore value exists in secret (cert_secret_name) + "truststore_secret_key" : EXT_TLS_TRUSTSTORE_SECRET_KEY, # Key for truststore value exists in secret (cert_secret_name) + "keystore_password_secret_name": EXT_TLS_KEYSTORE_PASSWORD_SECRET_NAME, # Name of secret containing password for keystore for secure communication of Cert Service Client and Cert Service + "truststore_password_secret_name": EXT_TLS_TRUSTSTORE_PASSWORD_SECRET_NAME, # Name of secret containing password for truststore for secure communication of Cert Service Client and Cert Service + "keystore_password_secret_key" : EXT_TLS_KEYSTORE_PASSWORD_SECRET_KEY, # Key for keystore password value exists in secret (keystore_password_secret_name) + "truststore_password_secret_key" : EXT_TLS_TRUSTSTORE_PASSWORD_SECRET_KEY # Key for truststore password value exists in secret (truststore_password_secret_name) + }, "cert_post_processor": { "image_tag": CERT_POST_PROCESSOR_IMAGE # Docker image to use for cert post processor init container |