diff options
Diffstat (limited to 'kubernetes/so')
| -rw-r--r-- | kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks | bin | 0 -> 963 bytes | |||
| -rw-r--r-- | kubernetes/so/charts/so-secrets/templates/secrets.yaml | 13 | ||||
| -rwxr-xr-x | kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml | 8 | ||||
| -rwxr-xr-x | kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml | 12 | ||||
| -rwxr-xr-x | kubernetes/so/values.yaml | 8 |
5 files changed, 33 insertions, 8 deletions
diff --git a/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks b/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks Binary files differnew file mode 100644 index 0000000000..96931ce168 --- /dev/null +++ b/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks diff --git a/kubernetes/so/charts/so-secrets/templates/secrets.yaml b/kubernetes/so/charts/so-secrets/templates/secrets.yaml index 9a749638f0..5be2cc7c41 100644 --- a/kubernetes/so/charts/so-secrets/templates/secrets.yaml +++ b/kubernetes/so/charts/so-secrets/templates/secrets.yaml @@ -25,3 +25,16 @@ data: trustStorePassword: {{ .Values.global.client.certs.trustStorePassword }} keyStorePassword: {{ .Values.global.client.certs.keyStorePassword}} type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.release" . }}-so-truststore-secret + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }} diff --git a/kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml index ebfbc44685..10846cf7fa 100755 --- a/kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml @@ -54,8 +54,12 @@ vnfmadapter: etsi-catalog-manager: vnfpkgm: {{- if .Values.global.msbEnabled }} - endpoint: http://msb-iag.{{ include "common.namespace" . }}:80/api/vnfpkgm/v1 + endpoint: https://msb-iag.{{ include "common.namespace" . }}:443/api/vnfpkgm/v1 + http: + client: + ssl: + trust-store: ${TRUSTSTORE} + trust-store-password: ${TRUSTSTORE_PASSWORD} {{- else }} endpoint: http://modeling-etsicatalog.{{ include "common.namespace" . }}:8806/api/vnfpkgm/v1 {{- end }} - diff --git a/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml index 00b36a838e..a720753f47 100755 --- a/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml +++ b/kubernetes/so/charts/so-vnfm-adapter/templates/deployment.yaml @@ -40,17 +40,17 @@ spec: image: {{ include "common.repository" . }}/{{ .Values.image }} resources: {{ include "common.resources" . | indent 12 }} - {{- if eq .Values.global.security.aaf.enabled true }} env: - name: TRUSTSTORE - value: /app/org.onap.so.trust.jks + value: {{ .Values.global.client.certs.truststore }} - name: TRUSTSTORE_PASSWORD valueFrom: secretKeyRef: name: {{ .Release.Name}}-so-client-certs-secret key: trustStorePassword + {{ if eq .Values.global.security.aaf.enabled true }} - name: KEYSTORE - value: /app/org.onap.so.jks + value: {{ .Values.global.client.certs.keystore }} - name: KEYSTORE_PASSWORD valueFrom: secretKeyRef: @@ -67,6 +67,9 @@ spec: - name: config mountPath: /app/config readOnly: true + - name: {{ include "common.fullname" . }}-truststore + mountPath: /app/client + readonly: true livenessProbe: tcpSocket: port: {{ index .Values.livenessProbe.port }} @@ -84,5 +87,8 @@ spec: - name: config configMap: name: {{ include "common.fullname" . }}-app-configmap + - name: {{ include "common.fullname" . }}-truststore + secret: + secretName: {{ include "common.release" . }}-so-truststore-secret imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index 4cf991ea60..e9c5637eef 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -60,8 +60,8 @@ global: defaultCloudOwner: onap cadi: cadiLoglevel: DEBUG - cadiKeyFile: /app/org.onap.so.keyfile - cadiTrustStore: /app/org.onap.so.trust.jks + cadiKeyFile: /app/client/org.onap.so.keyfile + cadiTrustStore: /app/client/org.onap.so.trust.jks cadiTruststorePassword: enc:MFpuxKeYK6Eo6QXjDUjtOBbp0FthY7SB4mKSIJm_RWC cadiLatitude: 38.4329 cadiLongitude: -90.43248 @@ -73,7 +73,9 @@ global: msoKey: 07a7159d3bf51a0e53be7a8f89699be7 client: certs: - trustStorePassword: b25hcDRzbw== + truststore: /app/client/org.onap.so.trust.jks + keystore: /app/client/org.onap.so.jks + trustStorePassword: LHN4Iy5DKlcpXXdWZ0pDNmNjRkhJIzpI keyStorePassword: c280b25hcA== certificates: path: /etc/ssl/certs |