diff options
author | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2021-02-28 14:59:22 +0100 |
---|---|---|
committer | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2021-11-10 08:31:39 +0000 |
commit | 1e99719c0224863cf26c5362243a4fa1b955c362 (patch) | |
tree | 4cb228fdce7a331a4c16afe3ae24da79a2020f9e /kubernetes/aai/components/aai-babel/values.yaml | |
parent | 8e67e73081c7ca3b7a0236c8f6cd291f18f69de7 (diff) |
[AAI][BABEL] Remove Hardcoded certificates
Use Certinitializer in order to retrieve needed certificates.
Change ModelLoader also as it needs valid certificate to communicate
with Babel.
Issue-ID: OOM-2693
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I64b8ede24643f942dc99956030c202c50d41ad1e
Diffstat (limited to 'kubernetes/aai/components/aai-babel/values.yaml')
-rw-r--r-- | kubernetes/aai/components/aai-babel/values.yaml | 40 |
1 files changed, 35 insertions, 5 deletions
diff --git a/kubernetes/aai/components/aai-babel/values.yaml b/kubernetes/aai/components/aai-babel/values.yaml index 0c34deae13..3b68f4defe 100644 --- a/kubernetes/aai/components/aai-babel/values.yaml +++ b/kubernetes/aai/components/aai-babel/values.yaml @@ -20,6 +20,41 @@ global: {} ################################################################# +# Certificate configuration +################################################################# +certInitializer: + nameOverride: aai-babel-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: aai + fqi: aai@aai.onap.org + public_fqdn: aai.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + fqi_namespace: org.onap.aai + aaf_add_config: | + echo "*** changing them into shell safe ones" + export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + export TRUSTSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + cd {{ .Values.credsPath }} + keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \ + -storepass "${cadi_keystore_password_p12}" \ + -keystore {{ .Values.fqi_namespace }}.p12 + keytool -storepasswd -new "${TRUSTSTORE_PASSWORD}" \ + -storepass "${cadi_truststore_password}" \ + -keystore {{ .Values.fqi_namespace }}.trust.jks + echo "*** writing passwords into prop file" + echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > {{ .Values.credsPath }}/mycreds.prop + echo "KEY_STORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.credsPath }}/mycreds.prop + echo "KEY_MANAGER_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.credsPath }}/mycreds.prop + echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.credsPath }}/mycreds.prop + echo "*** change ownership of certificates to targeted user" + chown -R 1000 {{ .Values.credsPath }} + +################################################################# # Application configuration defaults. ################################################################# @@ -29,11 +64,6 @@ image: onap/babel:1.9.1 flavor: small flavorOverride: small -# application configuration -config: - keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 - keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 - # default number of instances replicaCount: 1 |