diff options
author | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2021-02-15 10:14:22 +0100 |
---|---|---|
committer | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2021-02-22 15:55:10 +0100 |
commit | a41dfc0f083a27f3063c6b68b82918df3ba67a1f (patch) | |
tree | 4362b6575bcae5c498ac3189c153700920a90cc9 /kubernetes/aai/components/aai-traversal/values.yaml | |
parent | b4e038d2e2e7f39fc69a234bb132f43ff6a69712 (diff) |
[AAI][TRAVERSAL] Remove Hardcoded certificates
Use Certinitializer in order to retrieve needed certificates.
Issue-ID: OOM-2680
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I1ec295d863f8f6c0d11e64173b474e82f63e6b17
Diffstat (limited to 'kubernetes/aai/components/aai-traversal/values.yaml')
-rw-r--r-- | kubernetes/aai/components/aai-traversal/values.yaml | 49 |
1 files changed, 32 insertions, 17 deletions
diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml index 0242cedd0b..69222db8d8 100644 --- a/kubernetes/aai/components/aai-traversal/values.yaml +++ b/kubernetes/aai/components/aai-traversal/values.yaml @@ -26,8 +26,6 @@ global: # global defaults #Override it to aai-cassandra if localCluster is enabled. serviceName: cassandra - initContainers: - enabled: true # Specifies a list of jobs to be run jobs: # When enabled, it will create the schema based on oxm and edge rules @@ -104,25 +102,42 @@ global: # global defaults edge: label: v12 - # Keystore configuration password and filename - keystore: - filename: aai_keystore - passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 - - # Truststore configuration password and filename - truststore: - filename: aai_keystore - passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 - - # Specifies a list of files to be included in auth volume - auth: - files: - - aai_keystore - # Specifies which clients should always default to realtime graph connection realtime: clients: SDNC,MSO,SO,robot-ete +################################################################# +# Certificate configuration +################################################################# +certInitializer: + nameOverride: aai-traversal-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: aai-traversal + fqi: aai-traversal@aai-traversal.onap.org + public_fqdn: aai-traversal.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + fqi_namespace: org.onap.aai-traversal + aaf_add_config: | + echo "*** retrieving password for keystore and trustore" + export $(/opt/app/aaf_config/bin/agent.sh local showpass \ + {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c' | xargs -0) + if [ -z "$cadi_keystore_password_p12" ] + then + echo " /!\ certificates retrieval wasn't good" + exit 1 + else + echo "*** writing passwords into prop file" + echo "KEYSTORE_PASSWORD=${cadi_keystore_password_p12}" > {{ .Values.credsPath }}/mycreds.prop + echo "TRUSTSTORE_PASSWORD=${cadi_truststore_password}" >> {{ .Values.credsPath }}/mycreds.prop + echo "*** change ownership of certificates to targeted user" + chown -R 1000 {{ .Values.credsPath }} + fi + truststoreAllPassword: changeit # application image image: onap/aai-traversal:1.7.2 |