diff options
| author |   Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2021-02-16 11:51:30 +0100 |
|---|---|---|
| committer | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2021-02-19 14:17:24 +0000 |
| commit | bc1f4be02ce5478762261e63a624e946b6f23629 (patch) | |
| tree | 47c48c7e6314024cf5a42537d2f557ac60cbc452 /kubernetes/cli/values.yaml | |
| parent | 69e8c90cb3c8171d397319b4339b3ce79da07b9c (diff) | |
[CLI] Retrieve certificates automatically
Instead of having hardocoded certificates, use certManager in order to
retrieve them.
Issue-ID: OOM-2684
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I20df713b7552b27392407db985fd402c259874e4
Diffstat (limited to 'kubernetes/cli/values.yaml')
| -rw-r--r-- | kubernetes/cli/values.yaml | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/kubernetes/cli/values.yaml b/kubernetes/cli/values.yaml index 6e711c51c0..85b18388b4 100644 --- a/kubernetes/cli/values.yaml +++ b/kubernetes/cli/values.yaml @@ -17,6 +17,53 @@ ################################################################# global: nodePortPrefix: 302 + +################################################################# +# Certificate configuration +################################################################# +certInitializer: + nameOverride: cli-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: "cli" + app_ns: "org.osaaf.aaf" + fqi_namespace: "org.onap.cli" + fqi: "cli@cli.onap.org" + public_fqdn: "aaf.osaaf.org" + cadi_longitude: "0.0" + cadi_latitude: "0.0" + credsPath: /opt/app/osaaf/local + aaf_add_config: | + echo "*** retrieving password for keystore and trustore" + export $(/opt/app/aaf_config/bin/agent.sh local showpass \ + {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c' | xargs -0) + if [ -z "$cadi_keystore_password_p12" ] + then + echo " /!\ certificates retrieval failed" + exit 1 + else + echo "*** transform AAF certs into pem files" + mkdir -p {{ .Values.credsPath }}/certs + keytool -exportcert -rfc -file {{ .Values.credsPath }}/certs/cacert.pem \ + -keystore {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.trust.jks \ + -alias ca_local_0 \ + -storepass $cadi_truststore_password + openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \ + -nokeys -out {{ .Values.credsPath }}/certs/cert.pem \ + -passin pass:$cadi_keystore_password_p12 \ + -passout pass:$cadi_keystore_password_p12 + echo "*** generating needed file" + cat {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key \ + {{ .Values.credsPath }}/certs/cert.pem \ + {{ .Values.credsPath }}/certs/cacert.pem \ + > {{ .Values.credsPath }}/certs/fullchain.pem; + cat {{ .Values.credsPath }}/certs/fullchain.pem + echo "*** change ownership of certificates to targeted user" + chown -R 33 {{ .Values.credsPath }} + fi + + ################################################################# # Application configuration defaults. ################################################################# |