From 599764901bdf353c358be66fca47a41f3382b56e Mon Sep 17 00:00:00 2001 From: Krzysztof Opasiak Date: Tue, 20 Oct 2020 23:17:17 +0200 Subject: [COMMON] Move onap truststore to cert-wrapper certInitializer is included multiple times in number of different projects. If it contains the truststore then under if it is not used it increases the size of the chart itself so that it our final ONAP chart does not fit into default 20 Mb chartmuseum limit. Let's resolve this by moving the configmap and its content to the cert-wrapper which is included only once per onap instance. Issue-ID: AAF-1134 Signed-off-by: Krzysztof Opasiak Change-Id: I654d9158e7b776c012653dbef2c8091a393635f0 --- .../resources/import-custom-certs.sh | 61 ---------------------- 1 file changed, 61 deletions(-) delete mode 100755 kubernetes/common/certInitializer/resources/import-custom-certs.sh (limited to 'kubernetes/common/certInitializer/resources/import-custom-certs.sh') diff --git a/kubernetes/common/certInitializer/resources/import-custom-certs.sh b/kubernetes/common/certInitializer/resources/import-custom-certs.sh deleted file mode 100755 index dd311830e7..0000000000 --- a/kubernetes/common/certInitializer/resources/import-custom-certs.sh +++ /dev/null @@ -1,61 +0,0 @@ -#!/bin/bash - -# Copyright © 2020 Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -CERTS_DIR=${CERTS_DIR:-/certs} -WORK_DIR=${WORK_DIR:-/updatedTruststore} -ONAP_TRUSTSTORE=${ONAP_TRUSTSTORE:-truststoreONAPall.jks} -JRE_TRUSTSTORE=${JRE_TRUSTSTORE:-$JAVA_HOME/lib/security/cacerts} -TRUSTSTORE_OUTPUT_FILENAME=${TRUSTSTORE_OUTPUT_FILENAME:-truststore.jks} - -mkdir -p $WORK_DIR - -# Decrypt and move relevant files to WORK_DIR -for f in $CERTS_DIR/*; do - if [[ $AAF_ENABLED == false ]] && [[ $f == *$ONAP_TRUSTSTORE* ]]; then - # Dont use onap truststore when aaf is disabled - continue - fi - if [[ $f == *.sh ]]; then - continue - fi - if [[ $f == *.b64 ]] - then - base64 -d $f > $WORK_DIR/`basename $f .b64` - else - cp $f $WORK_DIR/. - fi -done - -# Prepare truststore output file -if [[ $AAF_ENABLED == true ]] - then - mv $WORK_DIR/$ONAP_TRUSTSTORE $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME - else - echo "AAF is disabled, using JRE truststore" - cp $JRE_TRUSTSTORE $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME -fi - -# Import Custom Certificates -for f in $WORK_DIR/*; do - if [[ $f == *.pem ]]; then - echo "importing certificate: $f" - keytool -import -file $f -alias `basename $f` -keystore $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME -storepass $TRUSTSTORE_PASSWORD -noprompt - if [[ $? != 0 ]]; then - echo "failed importing certificate: $f" - exit 1 - fi - fi -done -- cgit 1.2.3-korg