[DMAAP][MR] Retrieve certs automatically

Instead of hardcoding certificates inside the container, use cert initializer in order to retrieve them automatically at start. Issue-ID: DMAAP-1547 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I7fcb8831539d8d9d5d25bcaae44a3c66672f7b1a
author: Sylvain Desbureaux <sylvain.desbureaux@orange.com> 2021-02-10 12:11:53 +0100
committer: Sylvain Desbureaux <sylvain.desbureaux@orange.com> 2021-03-26 12:32:37 +0000
commit: e5b6ffc663a2314fd545aa540cbdee6380adf00b (patch)
tree: 9c83d29d65814e1efeeb65096bd03bb3c547b5d9 /kubernetes/dmaap/components/message-router/values.yaml
parent: a81ab13a27971888892bee0d4326746ac89a5e8f (diff)
1 files changed, 37 insertions, 0 deletions
diff --git a/kubernetes/dmaap/components/message-router/values.yaml b/kubernetes/dmaap/components/message-router/values.yaml
index c4bab2350a..daca6215f7 100644
--- a/kubernetes/dmaap/components/message-router/values.yaml
+++ b/kubernetes/dmaap/components/message-router/values.yaml
@@ -19,6 +19,43 @@
 global:
   nodePortPrefix: 302
 
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+  nameOverride: dmaap-mr-cert-initializer
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  # aafDeployCredsExternalSecret: some secret
+  fqdn: dmaap-mr
+  fqi: dmaapmr@mr.dmaap.onap.org
+  public_fqdn: mr.dmaap.onap.org
+  cadi_longitude: "-122.26147"
+  cadi_latitude: "37.78187"
+  app_ns: org.osaaf.aaf
+  credsPath: /opt/app/osaaf/local
+  appMountPath: /appl/dmaapMR1/bundleconfig/etc/sysprops
+  fqi_namespace: org.onap.dmaap.mr
+  aaf_add_config: |
+    cd {{ .Values.credsPath }}
+    echo "*** change jks password into shell safe one"
+    export KEYSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+    keytool -storepasswd -new "${KEYSTORE_PASSWD}" \
+      -storepass "${cadi_keystore_password_jks}" \
+      -keystore {{ .Values.fqi_namespace }}.jks
+    echo "*** set key password as same password as jks keystore password"
+      keytool -keypasswd -new "${KEYSTORE_PASSWD}" \
+        -keystore {{ .Values.fqi_namespace }}.jks \
+        -keypass "${cadi_keystore_password_jks}" \
+        -storepass "${KEYSTORE_PASSWD}" -alias {{ .Values.fqi }}
+    echo "*** store the passwords"
+    echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWD}" > mycreds.prop
+    echo "KEYSTORE_PASSWORD_P12=${cadi_keystore_password_p12}" >> mycreds.prop
+    echo "TRUSTSTORE_PASSWORD=${cadi_truststore_password}" >> mycreds.prop
+    echo "*** give ownership of files to the user"
+    chown -R 1000 .
+
 #################################################################
 # Application configuration defaults.
 #################################################################
author	Sylvain Desbureaux <sylvain.desbureaux@orange.com>	2021-02-10 12:11:53 +0100
committer	Sylvain Desbureaux <sylvain.desbureaux@orange.com>	2021-03-26 12:32:37 +0000
commit	e5b6ffc663a2314fd545aa540cbdee6380adf00b (patch)
tree	9c83d29d65814e1efeeb65096bd03bb3c547b5d9 /kubernetes/dmaap/components/message-router/values.yaml
parent	a81ab13a27971888892bee0d4326746ac89a5e8f (diff)