diff options
| author |   Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2020-12-15 12:00:26 +0100 |
|---|---|---|
| committer | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2021-02-22 15:52:53 +0100 |
| commit | b4e038d2e2e7f39fc69a234bb132f43ff6a69712 (patch) | |
| tree | 02c1f1f8f18bcf86754a02864256308064709121 /kubernetes/aai/components/aai-resources/values.yaml | |
| parent | 740de6d5e3e0744966114440583df27d141dfd03 (diff) | |
[AAI][RESOURCES] Remove Hardcoded certificates
Use Certinitializer in order to retrieve needed certificates.
Issue-ID: OOM-2655
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ie05936be0f513c76ea4dce31b8a460056b79a4b0
Diffstat (limited to 'kubernetes/aai/components/aai-resources/values.yaml')
| -rw-r--r-- | kubernetes/aai/components/aai-resources/values.yaml | 56 |
1 files changed, 32 insertions, 24 deletions
diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml index 5210a249d2..ade5935808 100644 --- a/kubernetes/aai/components/aai-resources/values.yaml +++ b/kubernetes/aai/components/aai-resources/values.yaml @@ -24,9 +24,6 @@ global: # global defaults #Override it to aai-cassandra if localCluster is enabled. serviceName: cassandra - initContainers: - enabled: true - # Specifies a list of jobs to be run jobs: # When enabled, it will create the schema based on oxm and edge rules @@ -95,21 +92,6 @@ global: # global defaults edge: label: v12 - # Keystore configuration password and filename - keystore: - filename: aai_keystore - passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 - - # Truststore configuration password and filename - truststore: - filename: aai_keystore - passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 - - # Specifies a list of files to be included in auth volume - auth: - files: - - aai_keystore - # Specifies which clients should always default to realtime graph connection realtime: clients: SDNC,MSO,SO,robot-ete @@ -138,6 +120,38 @@ aai_enpoints: url: network - name: aai-externalSystem url: external-system +################################################################# +# Certificate configuration +################################################################# +certInitializer: + nameOverride: aai-resources-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: aai-resources + fqi: aai-resources@aai-resources.onap.org + public_fqdn: aai-resources.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + fqi_namespace: org.onap.aai-resources + aaf_add_config: | + echo "*** retrieving password for keystore and trustore" + export $(/opt/app/aaf_config/bin/agent.sh local showpass \ + {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c' | xargs -0) + if [ -z "$cadi_keystore_password_p12" ] + then + echo " /!\ certificates retrieval wasn't good" + exit 1 + else + echo "*** writing passwords into prop file" + echo "KEYSTORE_PASSWORD=${cadi_keystore_password_p12}" > {{ .Values.credsPath }}/mycreds.prop + echo "TRUSTSTORE_PASSWORD=${cadi_truststore_password}" >> {{ .Values.credsPath }}/mycreds.prop + echo "*** change ownership of certificates to targeted user" + chown -R 1000 {{ .Values.credsPath }} + fi + truststoreAllPassword: changeit # application image image: onap/aai-resources:1.7.2 @@ -190,12 +204,6 @@ readiness: initialDelaySeconds: 60 periodSeconds: 10 -# application configuration -sidecar: - keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 - keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 - trustStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 - service: type: ClusterIP portName: aai-resources-8447 |