diff options
| author |   Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2021-02-16 11:08:25 +0100 |
|---|---|---|
| committer |   Krzysztof Opasiak <k.opasiak@samsung.com> | 2021-03-02 18:52:26 +0000 |
| commit | a9a41d84026f059aae70f9042c0b99af5b72e619 (patch) | |
| tree | 00697370438a8e2b3942840f04c5fcb005435ee4 /kubernetes/aai/components/aai-sparky-be/values.yaml | |
| parent | a62fb750442e6ea93c950d933adf8fc2713eb801 (diff) | |
[AAI][SPARKY] Automatically retrieve certs
Instead of using hardcoded certificates, use certInitializer in order to
retrieve them automatically.
Issue-ID: OOM-2683
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I63ce5d1bb2e9c287729425f2fd7146e7b69c33f7
Diffstat (limited to 'kubernetes/aai/components/aai-sparky-be/values.yaml')
| -rw-r--r-- | kubernetes/aai/components/aai-sparky-be/values.yaml | 45 |
1 files changed, 39 insertions, 6 deletions
diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml index ed21030dc8..147feb13c8 100644 --- a/kubernetes/aai/components/aai-sparky-be/values.yaml +++ b/kubernetes/aai/components/aai-sparky-be/values.yaml @@ -27,6 +27,45 @@ global: # global defaults searchData: serviceName: aai-search-data + +################################################################# +# Certificate configuration +################################################################# +certInitializer: + nameOverride: aai-sparky-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: "aai" + app_ns: "org.osaaf.aaf" + fqi_namespace: "org.onap.aai" + fqi: "aai@aai.onap.org" + public_fqdn: "aaf.osaaf.org" + cadi_longitude: "0.0" + cadi_latitude: "0.0" + credsPath: /opt/app/osaaf/local + aaf_add_config: | + echo "*** changing passwords into shell safe ones" + export KEYSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + export TRUSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + cd {{ .Values.credsPath }} + keytool -storepasswd -new "${KEYSTORE_PASSWD}" \ + -storepass "${cadi_keystore_password_jks}" \ + -keystore {{ .Values.fqi_namespace }}.jks + keytool -storepasswd -new "${TRUSTORE_PASSWD}" \ + -storepass "${cadi_truststore_password}" \ + -keystore {{ .Values.fqi_namespace }}.trust.jks + echo "*** set key password as same password as keystore password" + keytool -keypasswd -new "${KEYSTORE_PASSWD}" \ + -keystore {{ .Values.fqi_namespace }}.jks \ + -keypass "${cadi_keystore_password_jks}" \ + -storepass "${KEYSTORE_PASSWD}" -alias {{ .Values.fqi }} + echo "*** save the generated passwords" + echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWD}" > mycreds.prop + echo "TRUSTSTORE_PASSWORD=${TRUSTORE_PASSWD}" >> mycreds.prop + echo "*** change ownership of certificates to targeted user" + chown -R 1000 {{ .Values.credsPath }} + # application image image: onap/sparky-be:2.0.2 pullPolicy: Always @@ -44,13 +83,7 @@ config: portalPassword: OBF:1t2v1vfv1unz1vgz1t3b portalCookieName: UserId portalAppRoles: ui_view - aafUsername: aai@aai.onap.org - aafNamespace: org.onap.aai - aafPassword: enc:xxYw1FqXU5UpianbPeH5Rezg0YfjzuwQrSiLcCmJGfz - cadiKeyFile: /opt/app/sparky/config/portal/keyFile - cadiTrustStore: /opt/app/sparky/config/auth/truststoreONAPall.jks cadiFileLocation: /opt/app/sparky/config/portal/cadi.properties - cadiTrustStorePassword: changeit cookieDecryptorClass: org.onap.aai.sparky.security.BaseCookieDecryptor # ONAP Cookie Processing - During initial development, the following flag, if true, will |