[COMMON] Enable importing custom certificates to truststore using certInitializer

ONAP deployments may require the use of custom certificates. Instead of
manually adding certificates to the truststore file, users can now add
their .pem certificates under certInitializer/resources and have them
imported automatically by an init container. The updated truststore can
then be mounted to a component by providing a truststoreMountpath.

Issue-ID: OOM-2509
Signed-off-by: Jozsef Csongvai <jozsef.csongvai@bell.ca>
Change-Id: I896c729143346738e91fa57f895ba48043b253c1

1 files changed, 11 insertions, 1 deletions

diff --git a/kubernetes/common/certInitializer/values.yaml b/kubernetes/common/certInitializer/values.yaml
index 416282f72a..271e410069 100644
--- a/kubernetes/common/certInitializer/values.yaml
+++ b/kubernetes/common/certInitializer/values.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2020 Samsung Electronics
+# Copyright © 2020 Bell Canada, Samsung Electronics
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -16,6 +16,7 @@ global:
   repository: nexus3.onap.org:10001
   aafAgentImage: onap/aaf/aaf_agent:2.1.20
   aafEnabled: true
+  jreImage: registry.gitlab.com/onap-integration/docker/onap-java
 
 pullPolicy: Always
 
@@ -26,6 +27,11 @@ secrets:
     login: '{{ .Values.aafDeployFqi }}'
     password: '{{ .Values.aafDeployPass }}'
     passwordPolicy: required
+  - uid: truststore-creds
+    type: password
+    externalSecret: '{{ tpl (default "" .Values.truststoreCredsExternalSecret) . }}'
+    password: '{{ .Values.truststorePassword }}'
+    passwordPolicy: required
 
 readinessCheck:
   wait_for:
@@ -45,3 +51,7 @@ cadi_latitude: "38.0"
 cadi_longitude: "-72.0"
 aaf_add_config: ""
 mountPath: "/opt/app/osaaf"
+importCustomCertsEnabled: false
+truststoreMountpath: ""
+truststoreOutputFileName: truststore.jks
+truststorePassword: changeit