summaryrefslogtreecommitdiffstats
path: root/kubernetes/msb/components/msb-iag/values.yaml
diff options
context:
space:
mode:
authorSylvain Desbureaux <sylvain.desbureaux@orange.com>2020-11-02 18:21:11 +0100
committerSylvain Desbureaux <sylvain.desbureaux@orange.com>2021-02-16 08:49:17 +0100
commit55af648d55ec228006bd44928e812bbdd52fb1cf (patch)
tree2d381615730bcf5908307da7d603dd7a8af41743 /kubernetes/msb/components/msb-iag/values.yaml
parentef766403ef1436c9462c2c00da83a8b29fca3b53 (diff)
[MSB] Use certInitializer for MSB
MSB is currently using an hardcoded certificate. In order to follow SECOMMON requirements, let's use a freshly generated certificate instead Issue-ID: MSB-521 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I157e44a6e30391c36c0142acfa08604c37b79cc4
Diffstat (limited to 'kubernetes/msb/components/msb-iag/values.yaml')
-rw-r--r--kubernetes/msb/components/msb-iag/values.yaml40
1 files changed, 40 insertions, 0 deletions
diff --git a/kubernetes/msb/components/msb-iag/values.yaml b/kubernetes/msb/components/msb-iag/values.yaml
index b91ddcae1b..51e78e1de3 100644
--- a/kubernetes/msb/components/msb-iag/values.yaml
+++ b/kubernetes/msb/components/msb-iag/values.yaml
@@ -1,4 +1,5 @@
# Copyright © 2018 Amdocs, Bell Canada , ZTE
+# Copyright © 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -18,6 +19,45 @@ global:
nodePortPrefix: 302
#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ nameOverride: msb-iag-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: msb-iag
+ fqi: msb-iag@msb-iag.onap.org
+ fqi_namespace: org.onap.msb-iag
+ public_fqdn: msb-iag.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: |
+ echo "*** retrieving passwords for certificates"
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass \
+ {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c')
+ if [ -z "$cadi_keystore_password_p12" ]
+ then
+ echo " /!\ certificates retrieval failed"
+ exit 1
+ else
+ mkdir -p {{ .Values.credsPath }}/certs
+ echo "*** retrieve certificate from pkcs12"
+ openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \
+ -out {{ .Values.credsPath }}/certs/cert.crt -nokeys \
+ -passin pass:$cadi_keystore_password_p12 \
+ -passout pass:$cadi_keystore_password_p12
+ echo "*** copy key to relevant place"
+ cp {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key {{ .Values.credsPath }}/certs/cert.key
+ echo "*** change ownership and read/write attributes"
+ chown -R 1000 {{ .Values.credsPath }}/certs
+ chmod 600 {{ .Values.credsPath }}/certs/cert.crt
+ chmod 600 {{ .Values.credsPath }}/certs/cert.key
+ fi
+
+#################################################################
# Application configuration defaults.
#################################################################
# application image