diff options
author | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2020-11-02 18:21:11 +0100 |
---|---|---|
committer | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2021-02-16 08:49:17 +0100 |
commit | 55af648d55ec228006bd44928e812bbdd52fb1cf (patch) | |
tree | 2d381615730bcf5908307da7d603dd7a8af41743 /kubernetes/msb/components/msb-iag/values.yaml | |
parent | ef766403ef1436c9462c2c00da83a8b29fca3b53 (diff) |
[MSB] Use certInitializer for MSB
MSB is currently using an hardcoded certificate. In order to follow
SECOMMON requirements, let's use a freshly generated certificate instead
Issue-ID: MSB-521
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I157e44a6e30391c36c0142acfa08604c37b79cc4
Diffstat (limited to 'kubernetes/msb/components/msb-iag/values.yaml')
-rw-r--r-- | kubernetes/msb/components/msb-iag/values.yaml | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/kubernetes/msb/components/msb-iag/values.yaml b/kubernetes/msb/components/msb-iag/values.yaml index b91ddcae1b..51e78e1de3 100644 --- a/kubernetes/msb/components/msb-iag/values.yaml +++ b/kubernetes/msb/components/msb-iag/values.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 Amdocs, Bell Canada , ZTE +# Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,6 +19,45 @@ global: nodePortPrefix: 302 ################################################################# +# AAF part +################################################################# +certInitializer: + nameOverride: msb-iag-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: msb-iag + fqi: msb-iag@msb-iag.onap.org + fqi_namespace: org.onap.msb-iag + public_fqdn: msb-iag.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + aaf_add_config: | + echo "*** retrieving passwords for certificates" + export $(/opt/app/aaf_config/bin/agent.sh local showpass \ + {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c') + if [ -z "$cadi_keystore_password_p12" ] + then + echo " /!\ certificates retrieval failed" + exit 1 + else + mkdir -p {{ .Values.credsPath }}/certs + echo "*** retrieve certificate from pkcs12" + openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \ + -out {{ .Values.credsPath }}/certs/cert.crt -nokeys \ + -passin pass:$cadi_keystore_password_p12 \ + -passout pass:$cadi_keystore_password_p12 + echo "*** copy key to relevant place" + cp {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key {{ .Values.credsPath }}/certs/cert.key + echo "*** change ownership and read/write attributes" + chown -R 1000 {{ .Values.credsPath }}/certs + chmod 600 {{ .Values.credsPath }}/certs/cert.crt + chmod 600 {{ .Values.credsPath }}/certs/cert.key + fi + +################################################################# # Application configuration defaults. ################################################################# # application image |