summaryrefslogtreecommitdiffstats
path: root/kubernetes/platform/components/oom-cert-service/values.yaml
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/platform/components/oom-cert-service/values.yaml')
-rw-r--r--kubernetes/platform/components/oom-cert-service/values.yaml104
1 files changed, 81 insertions, 23 deletions
diff --git a/kubernetes/platform/components/oom-cert-service/values.yaml b/kubernetes/platform/components/oom-cert-service/values.yaml
index 537b025fb0..829d3a01d1 100644
--- a/kubernetes/platform/components/oom-cert-service/values.yaml
+++ b/kubernetes/platform/components/oom-cert-service/values.yaml
@@ -79,38 +79,40 @@ cmpServers:
mountPath: /etc/onap/oom/certservice
tls:
+ issuer:
+ selfsigning:
+ name: &selfSigningIssuer cmpv2-selfsigning-issuer
+ ca:
+ name: &caIssuer cmpv2-ca-issuer
+ secret:
+ name: &caKeyPairSecret cmpv2-ca-key-pair
server:
secret:
- name: oom-cert-service-server-tls-secret
+ name: &serverSecret oom-cert-service-server-tls-secret
volume:
name: oom-cert-service-server-tls-volume
mountPath: /etc/onap/oom/certservice/certs/
client:
secret:
defaultName: oom-cert-service-client-tls-secret
- provider:
- secret:
- name: cmpv2-issuer-secret
envs:
keystore:
- jksName: certServiceServer-keystore.jks
- p12Name: certServiceServer-keystore.p12
- pemName: certServiceServer-keystore.pem
+ jksName: keystore.jks
+ p12Name: keystore.p12
+ pemName: tls.crt
truststore:
jksName: truststore.jks
- crtName: root.crt
- pemName: truststore.pem
+ crtName: ca.crt
+ pemName: tls.crt
httpsPort: 8443
# External secrets with credentials can be provided to override default credentials defined below,
# by uncommenting and filling appropriate *ExternalSecret value
credentials:
tls:
- keystorePassword: secret
- truststorePassword: secret
- #keystorePasswordExternalSecret:
- #truststorePasswordExternalSecret:
+ certificatesPassword: secret
+ #certificatesPasswordExternalSecret:
# Below cmp values contain credentials for EJBCA test instance and are relevant only if global addTestingComponents flag is enabled
cmp:
# Used only if cmpv2 testing is enabled
@@ -126,17 +128,11 @@ credentials:
# rv: unused
secrets:
- - uid: keystore-password
- name: '{{ include "common.release" . }}-keystore-password'
- type: password
- externalSecret: '{{ tpl (default "" .Values.credentials.tls.keystorePasswordExternalSecret) . }}'
- password: '{{ .Values.credentials.tls.keystorePassword }}'
- passwordPolicy: required
- - uid: truststore-password
- name: '{{ include "common.release" . }}-truststore-password'
+ - uid: certificates-password
+ name: &certificatesPasswordSecretName '{{ .Values.cmpv2Config.global.platform.certificates.keystorePasswordSecretName }}'
type: password
- externalSecret: '{{ tpl (default "" .Values.credentials.tls.truststorePasswordExternalSecret) . }}'
- password: '{{ .Values.credentials.tls.truststorePassword }}'
+ externalSecret: '{{ tpl (default "" .Values.credentials.tls.certificatesPasswordExternalSecret) . }}'
+ password: '{{ .Values.credentials.tls.certificatesPassword }}'
passwordPolicy: required
# Below values are relevant only if global addTestingComponents flag is enabled
- uid: ejbca-server-client-iak
@@ -155,3 +151,65 @@ secrets:
type: password
externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raRvExternalSecret) . }}'
password: '{{ .Values.credentials.cmp.ra.rv }}'
+
+# Certificates definitions
+certificates:
+ - name: selfsigned-cert
+ secretName: *caKeyPairSecret
+ isCA: true
+ commonName: root.com
+ subject:
+ organization: Root Company
+ country: PL
+ locality: Wroclaw
+ province: Dolny Slask
+ organizationalUnit: Root Org
+ issuer:
+ name: *selfSigningIssuer
+ kind: Issuer
+ - name: cert-service-server-cert
+ secretName: *serverSecret
+ commonName: oom-cert-service
+ dnsNames:
+ - oom-cert-service
+ - localhost
+ subject:
+ organization: certServiceServer org
+ country: PL
+ locality: Wroclaw
+ province: Dolny Slask
+ organizationalUnit: certServiceServer company
+ usages:
+ - server auth
+ - client auth
+ keystore:
+ outputType:
+ - jks
+ - p12
+ passwordSecretRef:
+ name: *certificatesPasswordSecretName
+ key: password
+ issuer:
+ name: *caIssuer
+ kind: Issuer
+ - name: cert-service-client-cert
+ secretName: '{{ .Values.cmpv2Config.global.platform.certificates.clientSecretName | default .Values.tls.client.secret.defaultName }}'
+ commonName: certServiceClient.com
+ subject:
+ organization: certServiceClient org
+ country: PL
+ locality: Wroclaw
+ province: Dolny Slask
+ organizationalUnit: certServiceClient company
+ usages:
+ - server auth
+ - client auth
+ keystore:
+ outputType:
+ - jks
+ passwordSecretRef:
+ name: *certificatesPasswordSecretName
+ key: password
+ issuer:
+ name: *caIssuer
+ kind: Issuer