summaryrefslogtreecommitdiffstats
path: root/kubernetes/aai/components/aai-sparky-be/values.yaml
diff options
context:
space:
mode:
authorSylvain Desbureaux <sylvain.desbureaux@orange.com>2021-02-16 11:08:25 +0100
committerKrzysztof Opasiak <k.opasiak@samsung.com>2021-03-02 18:52:26 +0000
commita9a41d84026f059aae70f9042c0b99af5b72e619 (patch)
tree00697370438a8e2b3942840f04c5fcb005435ee4 /kubernetes/aai/components/aai-sparky-be/values.yaml
parenta62fb750442e6ea93c950d933adf8fc2713eb801 (diff)
[AAI][SPARKY] Automatically retrieve certs
Instead of using hardcoded certificates, use certInitializer in order to retrieve them automatically. Issue-ID: OOM-2683 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I63ce5d1bb2e9c287729425f2fd7146e7b69c33f7
Diffstat (limited to 'kubernetes/aai/components/aai-sparky-be/values.yaml')
-rw-r--r--kubernetes/aai/components/aai-sparky-be/values.yaml45
1 files changed, 39 insertions, 6 deletions
diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml
index ed21030dc8..147feb13c8 100644
--- a/kubernetes/aai/components/aai-sparky-be/values.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/values.yaml
@@ -27,6 +27,45 @@ global: # global defaults
searchData:
serviceName: aai-search-data
+
+#################################################################
+# Certificate configuration
+#################################################################
+certInitializer:
+ nameOverride: aai-sparky-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: "aai"
+ app_ns: "org.osaaf.aaf"
+ fqi_namespace: "org.onap.aai"
+ fqi: "aai@aai.onap.org"
+ public_fqdn: "aaf.osaaf.org"
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: |
+ echo "*** changing passwords into shell safe ones"
+ export KEYSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+ export TRUSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+ cd {{ .Values.credsPath }}
+ keytool -storepasswd -new "${KEYSTORE_PASSWD}" \
+ -storepass "${cadi_keystore_password_jks}" \
+ -keystore {{ .Values.fqi_namespace }}.jks
+ keytool -storepasswd -new "${TRUSTORE_PASSWD}" \
+ -storepass "${cadi_truststore_password}" \
+ -keystore {{ .Values.fqi_namespace }}.trust.jks
+ echo "*** set key password as same password as keystore password"
+ keytool -keypasswd -new "${KEYSTORE_PASSWD}" \
+ -keystore {{ .Values.fqi_namespace }}.jks \
+ -keypass "${cadi_keystore_password_jks}" \
+ -storepass "${KEYSTORE_PASSWD}" -alias {{ .Values.fqi }}
+ echo "*** save the generated passwords"
+ echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWD}" > mycreds.prop
+ echo "TRUSTSTORE_PASSWORD=${TRUSTORE_PASSWD}" >> mycreds.prop
+ echo "*** change ownership of certificates to targeted user"
+ chown -R 1000 {{ .Values.credsPath }}
+
# application image
image: onap/sparky-be:2.0.2
pullPolicy: Always
@@ -44,13 +83,7 @@ config:
portalPassword: OBF:1t2v1vfv1unz1vgz1t3b
portalCookieName: UserId
portalAppRoles: ui_view
- aafUsername: aai@aai.onap.org
- aafNamespace: org.onap.aai
- aafPassword: enc:xxYw1FqXU5UpianbPeH5Rezg0YfjzuwQrSiLcCmJGfz
- cadiKeyFile: /opt/app/sparky/config/portal/keyFile
- cadiTrustStore: /opt/app/sparky/config/auth/truststoreONAPall.jks
cadiFileLocation: /opt/app/sparky/config/portal/cadi.properties
- cadiTrustStorePassword: changeit
cookieDecryptorClass: org.onap.aai.sparky.security.BaseCookieDecryptor
# ONAP Cookie Processing - During initial development, the following flag, if true, will