aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xkubernetes/common/cert-wrapper/resources/import-custom-certs.sh8
-rw-r--r--kubernetes/common/certInitializer/templates/_certInitializer.yaml17
-rw-r--r--kubernetes/common/certInitializer/values.yaml10
-rw-r--r--kubernetes/common/music/values.yaml3
-rwxr-xr-xkubernetes/policy/components/policy-clamp-be/resources/config/create-db-tables.sh2
-rw-r--r--kubernetes/portal/components/portal-app/values.yaml7
-rw-r--r--kubernetes/portal/components/portal-sdk/values.yaml7
7 files changed, 42 insertions, 12 deletions
diff --git a/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh
index d955ecdf3c..ec1ce944c9 100755
--- a/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh
+++ b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh
@@ -17,6 +17,7 @@
*/}}
CERTS_DIR=${CERTS_DIR:-/certs}
+MORE_CERTS_DIR=${MORE_CERTS_DIR:-/more_certs}
WORK_DIR=${WORK_DIR:-/updatedTruststore}
ONAP_TRUSTSTORE=${ONAP_TRUSTSTORE:-truststoreONAPall.jks}
JRE_TRUSTSTORE=${JRE_TRUSTSTORE:-$JAVA_HOME/lib/security/cacerts}
@@ -47,6 +48,13 @@ for f in $CERTS_DIR/*; do
fi
done
+for f in $MORE_CERTS_DIR/*; do
+ if [ ${f: -4} == ".pem" ]
+ then
+ cp $f $WORK_DIR/.
+ fi
+done
+
# Prepare truststore output file
if [ "$AAF_ENABLED" = "true" ]
then
diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
index 414192e2bc..3b165a4c20 100644
--- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml
+++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml
@@ -137,6 +137,8 @@
volumeMounts:
- mountPath: /certs
name: aaf-agent-certs
+ - mountPath: /more_certs
+ name: provided-custom-certs
- mountPath: /root/import-custom-certs.sh
name: aaf-agent-certs
subPath: import-custom-certs.sh
@@ -177,6 +179,21 @@
configMap:
name: {{ tpl $subchartDot.Values.certsCMName $subchartDot }}
defaultMode: 0700
+{{- if $dot.Values.global.importCustomCertsEnabled }}
+- name: provided-custom-certs
+{{- if $dot.Values.global.customCertsSecret }}
+ secret:
+ secretName: {{ $dot.Values.global.customCertsSecret }}
+{{- else }}
+{{- if $dot.Values.global.customCertsConfigMap }}
+ configMap:
+ name: {{ $dot.Values.global.customCertsConfigMap }}
+{{- else }}
+ emptyDir:
+ medium: Memory
+{{- end }}
+{{- end }}
+{{- end }}
- name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }}
configMap:
name: {{ include "common.fullname" $subchartDot }}-add-config
diff --git a/kubernetes/common/certInitializer/values.yaml b/kubernetes/common/certInitializer/values.yaml
index 52b2765329..74a2b37568 100644
--- a/kubernetes/common/certInitializer/values.yaml
+++ b/kubernetes/common/certInitializer/values.yaml
@@ -15,6 +15,15 @@
global:
aafAgentImage: onap/aaf/aaf_agent:2.1.20
aafEnabled: true
+ # Give the name of a config map where certInitializer will onboard all certs
+ # given (certs must be in pem format)
+ customCertsConfigMap:
+ # Give the name of a secret where certInitializer will onboard all certs given
+ # (certs must be in pem format)
+ # this one superseedes previous one (so if both are given, only certs from
+ # secret will be onboarded).
+ customCertsSecret:
+
pullPolicy: Always
@@ -37,7 +46,6 @@ readinessCheck:
- aaf-cm
- aaf-service
-aafDeployFqi: "changeme"
fqdn: ""
app_ns: "org.osaaf.aaf"
fqi: ""
diff --git a/kubernetes/common/music/values.yaml b/kubernetes/common/music/values.yaml
index 25cab910a9..f578949196 100644
--- a/kubernetes/common/music/values.yaml
+++ b/kubernetes/common/music/values.yaml
@@ -164,5 +164,4 @@ certInitializer:
credsPath: /opt/app/osaaf/local
appMountPath: /opt/app/aafcertman
aaf_add_config: >
- cd {{ .Values.credsPath }};
- /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} | grep cadi_keystore_password_jks= | cut -d= -f 2 > {{ .Values.credsPath }}/.pass 2>&1;
+ echo "$cadi_keystore_password_jks" > {{ .Values.credsPath }}/.pass;
diff --git a/kubernetes/policy/components/policy-clamp-be/resources/config/create-db-tables.sh b/kubernetes/policy/components/policy-clamp-be/resources/config/create-db-tables.sh
index 329479fad2..ad9984c26c 100755
--- a/kubernetes/policy/components/policy-clamp-be/resources/config/create-db-tables.sh
+++ b/kubernetes/policy/components/policy-clamp-be/resources/config/create-db-tables.sh
@@ -16,4 +16,4 @@
# limitations under the License.
*/}}
-mysql -h"${MYSQL_HOST}" -P"${MYSQL_PORT}" -u"${MYSQL_USER}" -p"${MYSQL_PASSWORD}" policyclamp < /dbcmd-config/policy-clamp-create-tables.sql
+mysql -h"${MYSQL_HOST}" -P"${MYSQL_PORT}" -u"${MYSQL_USER}" -p"${MYSQL_PASSWORD}" -f policyclamp < /dbcmd-config/policy-clamp-create-tables.sql
diff --git a/kubernetes/portal/components/portal-app/values.yaml b/kubernetes/portal/components/portal-app/values.yaml
index 0a818102c6..b46876ced9 100644
--- a/kubernetes/portal/components/portal-app/values.yaml
+++ b/kubernetes/portal/components/portal-app/values.yaml
@@ -77,10 +77,9 @@ certInitializer:
permission_group: 999
keystoreFile: "org.onap.portal.p12"
truststoreFile: "org.onap.portal.trust.jks"
- aaf_add_config: >
- /opt/app/aaf_config/bin/agent.sh;
- /opt/app/aaf_config/bin/agent.sh local showpass \
- {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
+ aaf_add_config: |
+ echo "cadi_truststore_password=$cadi_truststore_password" > {{ .Values.credsPath }}/mycreds.prop
+ echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" >> {{ .Values.credsPath }}/mycreds.prop
# default number of instances
replicaCount: 1
diff --git a/kubernetes/portal/components/portal-sdk/values.yaml b/kubernetes/portal/components/portal-sdk/values.yaml
index 11ce5a6e42..7631c3a482 100644
--- a/kubernetes/portal/components/portal-sdk/values.yaml
+++ b/kubernetes/portal/components/portal-sdk/values.yaml
@@ -78,10 +78,9 @@ certInitializer:
permission_group: 999
keystoreFile: "org.onap.portal.p12"
truststoreFile: "org.onap.portal.trust.jks"
- aaf_add_config: >
- /opt/app/aaf_config/bin/agent.sh;
- /opt/app/aaf_config/bin/agent.sh local showpass \
- {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
+ aaf_add_config: |
+ echo "cadi_truststore_password=$cadi_truststore_password" > {{ .Values.credsPath }}/mycreds.prop
+ echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" >> {{ .Values.credsPath }}/mycreds.prop
# flag to enable debugging - application support required
debugEnabled: false