summaryrefslogtreecommitdiffstats
path: root/kubernetes/cli/values.yaml
diff options
context:
space:
mode:
authorSylvain Desbureaux <sylvain.desbureaux@orange.com>2021-02-16 11:51:30 +0100
committerSylvain Desbureaux <sylvain.desbureaux@orange.com>2021-02-19 14:17:24 +0000
commitbc1f4be02ce5478762261e63a624e946b6f23629 (patch)
tree47c48c7e6314024cf5a42537d2f557ac60cbc452 /kubernetes/cli/values.yaml
parent69e8c90cb3c8171d397319b4339b3ce79da07b9c (diff)
[CLI] Retrieve certificates automatically
Instead of having hardocoded certificates, use certManager in order to retrieve them. Issue-ID: OOM-2684 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I20df713b7552b27392407db985fd402c259874e4
Diffstat (limited to 'kubernetes/cli/values.yaml')
-rw-r--r--kubernetes/cli/values.yaml47
1 files changed, 47 insertions, 0 deletions
diff --git a/kubernetes/cli/values.yaml b/kubernetes/cli/values.yaml
index 6e711c51c0..85b18388b4 100644
--- a/kubernetes/cli/values.yaml
+++ b/kubernetes/cli/values.yaml
@@ -17,6 +17,53 @@
#################################################################
global:
nodePortPrefix: 302
+
+#################################################################
+# Certificate configuration
+#################################################################
+certInitializer:
+ nameOverride: cli-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: "cli"
+ app_ns: "org.osaaf.aaf"
+ fqi_namespace: "org.onap.cli"
+ fqi: "cli@cli.onap.org"
+ public_fqdn: "aaf.osaaf.org"
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: |
+ echo "*** retrieving password for keystore and trustore"
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass \
+ {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c' | xargs -0)
+ if [ -z "$cadi_keystore_password_p12" ]
+ then
+ echo " /!\ certificates retrieval failed"
+ exit 1
+ else
+ echo "*** transform AAF certs into pem files"
+ mkdir -p {{ .Values.credsPath }}/certs
+ keytool -exportcert -rfc -file {{ .Values.credsPath }}/certs/cacert.pem \
+ -keystore {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.trust.jks \
+ -alias ca_local_0 \
+ -storepass $cadi_truststore_password
+ openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \
+ -nokeys -out {{ .Values.credsPath }}/certs/cert.pem \
+ -passin pass:$cadi_keystore_password_p12 \
+ -passout pass:$cadi_keystore_password_p12
+ echo "*** generating needed file"
+ cat {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key \
+ {{ .Values.credsPath }}/certs/cert.pem \
+ {{ .Values.credsPath }}/certs/cacert.pem \
+ > {{ .Values.credsPath }}/certs/fullchain.pem;
+ cat {{ .Values.credsPath }}/certs/fullchain.pem
+ echo "*** change ownership of certificates to targeted user"
+ chown -R 33 {{ .Values.credsPath }}
+ fi
+
+
#################################################################
# Application configuration defaults.
#################################################################