diff options
| author |   Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2021-02-25 18:07:55 +0100 |
|---|---|---|
| committer | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2021-11-06 21:45:24 +0000 |
| commit | e6a1a372edd6ecb6bd480e72558cbb33d0665541 (patch) | |
| tree | ea77a5ec2b9b0f90553ecd614bc7240475ac9186 /kubernetes/uui/components/uui-server/values.yaml | |
| parent | 3e3ae05ea1f29974f1ff76f9898d9041b0277d17 (diff) | |
[UUI] Automatically retrieve certificates
Instead of using hardcoded certificates, let's use certInitializer in
order to retrieve them.
Issue-ID: OOM-2695
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I673b3c7b8087c150b1e4c1d522b92ec08260ec09
Diffstat (limited to 'kubernetes/uui/components/uui-server/values.yaml')
| -rw-r--r-- | kubernetes/uui/components/uui-server/values.yaml | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/kubernetes/uui/components/uui-server/values.yaml b/kubernetes/uui/components/uui-server/values.yaml index 6017f2640e..1b652d553b 100644 --- a/kubernetes/uui/components/uui-server/values.yaml +++ b/kubernetes/uui/components/uui-server/values.yaml @@ -18,6 +18,44 @@ global: uuiPortPrefix: 303 +################################################################# +# AAF part +################################################################# +certInitializer: + nameOverride: uui-server-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: uui + fqi: uui@uui.onap.org + fqi_namespace: org.onap.uui + public_fqdn: uui.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + aaf_add_config: | + echo "*** changing them into shell safe ones" + export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + cd {{ .Values.credsPath }} + keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \ + -storepass "${cadi_keystore_password_p12}" \ + -keystore {{ .Values.fqi_namespace }}.p12 + keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \ + -storepass "${cadi_truststore_password}" \ + -keystore {{ .Values.fqi_namespace }}.trust.jks + echo "*** set key password as same password as keystore password" + keytool -keypasswd -new "${KEYSTORE_PASSWORD}" \ + -keystore {{ .Values.fqi_namespace }}.jks \ + -keypass "${cadi_keystore_password_p12}" \ + -storepass "${KEYSTORE_PASSWORD}" -alias {{ .Values.fqi }} + echo "*** save the generated passwords" + echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop + echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop + echo "*** change ownership of certificates to targeted user" + chown -R 1000 {{ .Values.credsPath }} + subChartsOnly: enabled: true |