aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/a1policymanagement/values.yaml
diff options
context:
space:
mode:
authorSylvain Desbureaux <sylvain.desbureaux@orange.com>2021-02-15 11:30:29 +0100
committerSylvain Desbureaux <sylvain.desbureaux@orange.com>2021-02-28 14:45:10 +0100
commitb5353c9977f4c1545b706fe0dbbaa75da635dd50 (patch)
treeb91da6beee99869f6c2de97f2819e0c3bc77b084 /kubernetes/a1policymanagement/values.yaml
parentb83415937b6459c208f27b680c45c2539c0c1b46 (diff)
[A1P] Retrieve the certificates automatically
Instead of using hardcoded certificates in the container, let's retrieve them automatically. Issue-ID: OOM-2681 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: If08469469fecdc8bf86d080980f221e5941a2329
Diffstat (limited to 'kubernetes/a1policymanagement/values.yaml')
-rw-r--r--kubernetes/a1policymanagement/values.yaml38
1 files changed, 38 insertions, 0 deletions
diff --git a/kubernetes/a1policymanagement/values.yaml b/kubernetes/a1policymanagement/values.yaml
index a1602c569c..e118b35cfd 100644
--- a/kubernetes/a1policymanagement/values.yaml
+++ b/kubernetes/a1policymanagement/values.yaml
@@ -29,6 +29,44 @@ secrets:
password: '{{ .Values.a1controller.password }}'
passwordPolicy: required
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ nameOverride: a1p-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: a1p
+ fqi: a1p@a1p.onap.org
+ public_fqdn: a1p.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ fqi_namespace: org.onap.a1p
+ aaf_add_config: |
+ echo "*** changing them into shell safe ones"
+ export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+ export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+ cd {{ .Values.credsPath }}
+ keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
+ -storepass "${cadi_keystore_password_p12}" \
+ -keystore {{ .Values.fqi_namespace }}.p12
+ keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \
+ -storepass "${cadi_truststore_password}" \
+ -keystore {{ .Values.fqi_namespace }}.trust.jks
+ echo "*** set key password as same password as keystore password"
+ keytool -keypasswd -new "${KEYSTORE_PASSWORD}" \
+ -keystore {{ .Values.fqi_namespace }}.p12 \
+ -keypass "${cadi_keystore_password_p12}" \
+ -storepass "${KEYSTORE_PASSWORD}" -alias {{ .Values.fqi }}
+ echo "*** save the generated passwords"
+ echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
+ echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop
+ echo "*** change ownership of certificates to targeted user"
+ chown -R 1000 .
+
image: onap/ccsdk-oran-a1policymanagementservice:1.0.1
userID: 1000 #Should match with image-defined user ID
groupID: 999 #Should match with image-defined group ID