summaryrefslogtreecommitdiffstats
path: root/kubernetes
diff options
context:
space:
mode:
authorSylvain Desbureaux <sylvain.desbureaux@orange.com>2021-03-19 15:06:41 +0100
committerSylvain Desbureaux <sylvain.desbureaux@orange.com>2021-03-20 08:28:18 +0000
commitfde94076e689727e8a2c3c5147ce1242dc225f87 (patch)
treeb7df4064762a376f9f45e4d6e98e847a22b3da3c /kubernetes
parentde5edf772c56647eee03c60d24e3cf1d41c56c21 (diff)
[SO] Use truststore all keystore
Truststore given by AAF is only giving ONAP root_ca. In order to have access to other platforms, we must also have all the other ones. As ONAP root ÇA and all known CAs are present in truststore All, let's use it. Issue-ID: OOM-2688 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: I551b8e4a316dcf4f2dee1bf6c45327496a488cdd
Diffstat (limited to 'kubernetes')
-rw-r--r--kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml3
-rwxr-xr-xkubernetes/so/components/so-bpmn-infra/templates/deployment.yaml3
-rwxr-xr-xkubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml3
-rwxr-xr-xkubernetes/so/components/so-cnf-adapter/templates/deployment.yaml4
-rw-r--r--kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml3
-rw-r--r--kubernetes/so/components/so-monitoring/templates/deployment.yaml2
-rwxr-xr-xkubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml3
-rwxr-xr-xkubernetes/so/components/so-openstack-adapter/templates/deployment.yaml3
-rwxr-xr-xkubernetes/so/components/so-request-db-adapter/templates/deployment.yaml3
-rwxr-xr-xkubernetes/so/components/so-sdc-controller/templates/deployment.yaml3
-rwxr-xr-xkubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml3
-rwxr-xr-xkubernetes/so/components/so-vfc-adapter/templates/deployment.yaml3
-rwxr-xr-xkubernetes/so/components/so-vnfm-adapter/templates/deployment.yaml3
-rw-r--r--kubernetes/so/components/soHelpers/templates/_cadiValues.tpl4
-rw-r--r--kubernetes/so/components/soHelpers/templates/_certificates.tpl4
-rwxr-xr-xkubernetes/so/components/soHelpers/values.yaml19
-rwxr-xr-xkubernetes/so/templates/deployment.yaml3
-rwxr-xr-xkubernetes/so/values.yaml6
18 files changed, 21 insertions, 54 deletions
diff --git a/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml b/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml
index 917c067681..142ae725d6 100644
--- a/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml
+++ b/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml
@@ -55,8 +55,7 @@ spec:
- |
export ACTUATOR_PASSWORD="$(cat /tmp/app/encoded)"
{{- if .Values.global.aafEnabled }}
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
diff --git a/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml b/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml
index 3fee225c03..6e117cd8bf 100755
--- a/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml
+++ b/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml
@@ -52,8 +52,7 @@ spec:
args:
- -c
- |
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
diff --git a/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml b/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml
index 75e6b1ee62..f756448e2b 100755
--- a/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml
@@ -52,8 +52,7 @@ spec:
args:
- -c
- |
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
diff --git a/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml b/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml
index 4518a5f607..0d80b2a9ae 100755
--- a/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-cnf-adapter/templates/deployment.yaml
@@ -63,8 +63,7 @@ spec:
export AAF_AUTH=$(echo "Basic ${AAF_BASE64}")
export AAI_AUTH=$(cat /input/.aai_creds)
{{- if .Values.global.aafEnabled }}
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password}"
{{- end }}
@@ -116,4 +115,3 @@ spec:
medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
-
diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml
index 2cf23e23be..c33dcb7f32 100644
--- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml
+++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml
@@ -39,8 +39,7 @@ spec:
- |
export ETSI_NFVO_PASSWORD=`htpasswd -bnBC 10 "" $ETSI_NFVO_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`
{{- if .Values.global.aafEnabled }}
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
diff --git a/kubernetes/so/components/so-monitoring/templates/deployment.yaml b/kubernetes/so/components/so-monitoring/templates/deployment.yaml
index dc80d426fc..ca108ac5cd 100644
--- a/kubernetes/so/components/so-monitoring/templates/deployment.yaml
+++ b/kubernetes/so/components/so-monitoring/templates/deployment.yaml
@@ -66,7 +66,7 @@ spec:
export SO_MONITORING_PASSWORD=`htpasswd -bnBC 10 "" $SO_MON_PASS | tr -d ':\n' | sed 's/\$2y/\$2a/'`
{{- if .Values.global.aafEnabled }}
export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/org.onap.so.cred.props | xargs -0)
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
export KEYSTORE=file://$cadi_keystore
export KEYSTORE_PASSWORD=$cadi_keystore_password_p12
export TRUSTSTORE=file://$cadi_truststore
diff --git a/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml b/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml
index 75d831eba6..dde03a4aad 100755
--- a/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml
@@ -42,8 +42,7 @@ spec:
export BPEL_PASSWORD=`htpasswd -bnBC 10 "" $BPEL_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`
export ACTUATOR_PASSWORD=`htpasswd -bnBC 10 "" $ACTUATOR_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`
{{- if .Values.global.aafEnabled }}
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
diff --git a/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml b/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml
index 3fee225c03..6e117cd8bf 100755
--- a/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml
@@ -52,8 +52,7 @@ spec:
args:
- -c
- |
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
diff --git a/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml b/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml
index 75e6b1ee62..f756448e2b 100755
--- a/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml
@@ -52,8 +52,7 @@ spec:
args:
- -c
- |
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
diff --git a/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml b/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml
index 3fee225c03..6e117cd8bf 100755
--- a/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml
+++ b/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml
@@ -52,8 +52,7 @@ spec:
args:
- -c
- |
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
diff --git a/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml b/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml
index 6f9d7f7b16..5a98828c1a 100755
--- a/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml
@@ -50,8 +50,7 @@ spec:
args:
- -c
- |
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
diff --git a/kubernetes/so/components/so-vfc-adapter/templates/deployment.yaml b/kubernetes/so/components/so-vfc-adapter/templates/deployment.yaml
index 7c10e7f8ed..c769961059 100755
--- a/kubernetes/so/components/so-vfc-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-vfc-adapter/templates/deployment.yaml
@@ -52,8 +52,7 @@ spec:
args:
- -c
- |
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
diff --git a/kubernetes/so/components/so-vnfm-adapter/templates/deployment.yaml b/kubernetes/so/components/so-vnfm-adapter/templates/deployment.yaml
index 8abd9a9796..29ebd97229 100755
--- a/kubernetes/so/components/so-vnfm-adapter/templates/deployment.yaml
+++ b/kubernetes/so/components/so-vnfm-adapter/templates/deployment.yaml
@@ -50,8 +50,7 @@ spec:
args:
- -c
- |
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
export KEYSTORE="{{ .Values.soHelpers.certInitializer.credsPath }}/org.onap.so.p12"
/app/start-app.sh
diff --git a/kubernetes/so/components/soHelpers/templates/_cadiValues.tpl b/kubernetes/so/components/soHelpers/templates/_cadiValues.tpl
index d16b4f7cf8..7e04706d4a 100644
--- a/kubernetes/so/components/soHelpers/templates/_cadiValues.tpl
+++ b/kubernetes/so/components/soHelpers/templates/_cadiValues.tpl
@@ -2,8 +2,8 @@
{{- $dot := default . .dot -}}
{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
cadiLoglevel: {{ $initRoot.cadi.logLevel }}
-cadiKeyFile: {{ $initRoot.certInitializer.credsPath }}/{{ $initRoot.aaf.keyFile }}
-cadiTrustStore: {{ $initRoot.certInitializer.credsPath }}/{{ $initRoot.aaf.trustore }}
+cadiKeyFile: {{ $initRoot.certInitializer.credsPath }}/{{ $initRoot.certInitializer.fqi_namespace }}.keyfile
+cadiTrustStore: {{ $initRoot.certInitializer.credsPath }}/truststoreONAPall.jks
cadiTruststorePassword: ${TRUSTSTORE_PASSWORD}
cadiLatitude: {{ $initRoot.cadi.latitude }}
cadiLongitude: {{ $initRoot.cadi.longitude }}
diff --git a/kubernetes/so/components/soHelpers/templates/_certificates.tpl b/kubernetes/so/components/soHelpers/templates/_certificates.tpl
index f5b97d5c25..cda61b2cfa 100644
--- a/kubernetes/so/components/soHelpers/templates/_certificates.tpl
+++ b/kubernetes/so/components/soHelpers/templates/_certificates.tpl
@@ -25,10 +25,10 @@
{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
{{- if $dot.Values.global.aafEnabled }}
- name: TRUSTSTORE
- value: {{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}
+ value: {{ $subchartDot.Values.certInitializer.credsPath }}/truststoreONAPall.jks
{{- if $dot.Values.global.security.aaf.enabled }}
- name: KEYSTORE
- value: {{ $subchartDot.Values.certInitializer.credsPath }}/org.onap.so.p12
+ value: {{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.certInitializer.fqi_namespace }}.p12
{{- end }}
{{- end }}
{{- end -}}
diff --git a/kubernetes/so/components/soHelpers/values.yaml b/kubernetes/so/components/soHelpers/values.yaml
index 612f7c1dee..938a6f9d00 100755
--- a/kubernetes/so/components/soHelpers/values.yaml
+++ b/kubernetes/so/components/soHelpers/values.yaml
@@ -23,16 +23,6 @@ global:
enabled: false
app:
msoKey: 07a7159d3bf51a0e53be7a8f89699be7
- client:
- certs:
- truststore: /app/client/org.onap.so.trust.jks
- keystore: /app/client/org.onap.so.jks
- trustStorePassword: LHN4Iy5DKlcpXXdWZ0pDNmNjRkhJIzpI
- keyStorePassword: c280b25hcA==
- certificates:
- path: /etc/ssl/certs
- share_path: /usr/local/share/ca-certificates/
-
#################################################################
# AAF part
@@ -48,19 +38,16 @@ certInitializer:
cadi_latitude: '0.0'
app_ns: org.osaaf.aaf
credsPath: /opt/app/osaaf/local
- trustStoreAllPass: changeit
+ qi_namespace: org.onap.so
aaf_add_config: |
echo "cadi_truststore_password=$cadi_truststore_password" > {{ .Values.credsPath }}/mycreds.prop
- echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" > {{ .Values.credsPath }}/mycreds.prop
+ echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" >> {{ .Values.credsPath }}/mycreds.prop
+ echo "TRUSTSTORE_PASSWORD={{ .Values.truststorePassword }}" >> {{ .Values.credsPath }}/mycreds.prop
aafConfig:
permission_user: 1000
permission_group: 999
-aaf:
- trustore: org.onap.so.trust.jks
- keyFile: org.onap.so.keyfile
-
#################################################################
# Application configuration defaults.
#################################################################
diff --git a/kubernetes/so/templates/deployment.yaml b/kubernetes/so/templates/deployment.yaml
index 3fee225c03..6e117cd8bf 100755
--- a/kubernetes/so/templates/deployment.yaml
+++ b/kubernetes/so/templates/deployment.yaml
@@ -52,8 +52,7 @@ spec:
args:
- -c
- |
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export TRUSTSTORE_PASSWORD="${cadi_truststore_password}"
+ export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- if .Values.global.security.aaf.enabled }}
export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
{{- end }}
diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml
index 1738b703ed..6bd6e26885 100755
--- a/kubernetes/so/values.yaml
+++ b/kubernetes/so/values.yaml
@@ -57,12 +57,6 @@ global:
auth: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
defaultCloudOwner: onap
- client:
- certs:
- truststore: /app/client/org.onap.so.trust.jks
- keystore: /app/client/org.onap.so.jks
- trustStorePassword: LHN4Iy5DKlcpXXdWZ0pDNmNjRkhJIzpI
- keyStorePassword: c280b25hcA==
certificates:
path: /etc/ssl/certs
share_path: /usr/local/share/ca-certificates/