diff options
author | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2021-02-15 11:30:29 +0100 |
---|---|---|
committer | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2021-02-28 14:45:10 +0100 |
commit | b5353c9977f4c1545b706fe0dbbaa75da635dd50 (patch) | |
tree | b91da6beee99869f6c2de97f2819e0c3bc77b084 /kubernetes/a1policymanagement/values.yaml | |
parent | b83415937b6459c208f27b680c45c2539c0c1b46 (diff) |
[A1P] Retrieve the certificates automatically
Instead of using hardcoded certificates in the container, let's retrieve
them automatically.
Issue-ID: OOM-2681
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: If08469469fecdc8bf86d080980f221e5941a2329
Diffstat (limited to 'kubernetes/a1policymanagement/values.yaml')
-rw-r--r-- | kubernetes/a1policymanagement/values.yaml | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/kubernetes/a1policymanagement/values.yaml b/kubernetes/a1policymanagement/values.yaml index a1602c569c..e118b35cfd 100644 --- a/kubernetes/a1policymanagement/values.yaml +++ b/kubernetes/a1policymanagement/values.yaml @@ -29,6 +29,44 @@ secrets: password: '{{ .Values.a1controller.password }}' passwordPolicy: required +################################################################# +# AAF part +################################################################# +certInitializer: + nameOverride: a1p-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: a1p + fqi: a1p@a1p.onap.org + public_fqdn: a1p.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + fqi_namespace: org.onap.a1p + aaf_add_config: | + echo "*** changing them into shell safe ones" + export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + cd {{ .Values.credsPath }} + keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \ + -storepass "${cadi_keystore_password_p12}" \ + -keystore {{ .Values.fqi_namespace }}.p12 + keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \ + -storepass "${cadi_truststore_password}" \ + -keystore {{ .Values.fqi_namespace }}.trust.jks + echo "*** set key password as same password as keystore password" + keytool -keypasswd -new "${KEYSTORE_PASSWORD}" \ + -keystore {{ .Values.fqi_namespace }}.p12 \ + -keypass "${cadi_keystore_password_p12}" \ + -storepass "${KEYSTORE_PASSWORD}" -alias {{ .Values.fqi }} + echo "*** save the generated passwords" + echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop + echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop + echo "*** change ownership of certificates to targeted user" + chown -R 1000 . + image: onap/ccsdk-oran-a1policymanagementservice:1.0.1 userID: 1000 #Should match with image-defined user ID groupID: 999 #Should match with image-defined group ID |