From 3267293a468d65a8bae755da77d2a48a9e25663a Mon Sep 17 00:00:00 2001
From: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Date: Fri, 26 Mar 2021 13:06:35 +0100
Subject: [PLATFORM] Generate Cert-Service certs with Cert-Manager

Utilize Cert-Manager to secure communication between
Cert-Service and its clients, adjust templates and
configs.

Issue-ID: OOM-2712
Signed-off-by: Piotr Marcinkiewicz <piotr.marcinkiewicz@nokia.com>
Change-Id: I96426b1a184b4d254575e76d29214d9deda08cce
Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
---
 kubernetes/onap/values.yaml | 23 ++++++++++-------------
 1 file changed, 10 insertions(+), 13 deletions(-)

(limited to 'kubernetes/onap')

diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index b008acf6f3..ca9ccd48f4 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -196,28 +196,25 @@ global:
   cmpv2Enabled: true
   CMPv2CertManagerIntegration: false
   platform:
+    certificates:
+      clientSecretName: oom-cert-service-client-tls-secret
+      keystoreKeyRef: keystore.jks
+      truststoreKeyRef: truststore.jks
+      keystorePasswordSecretName: oom-cert-service-certificates-password
+      keystorePasswordSecretKey: password
+      truststorePasswordSecretName: oom-cert-service-certificates-password
+      truststorePasswordSecretKey: password
     certServiceClient:
       image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3
-      secret:
-        name: oom-cert-service-client-tls-secret
-        mountPath: /etc/onap/oom/certservice/certs/
+      certificatesSecretMountPath: /etc/onap/oom/certservice/certs/
       envVariables:
         certPath: "/var/custom-certs"
         # Certificate related
-        cmpv2Organization: "Linux-Foundation"
-        cmpv2OrganizationalUnit: "ONAP"
-        cmpv2Location: "San-Francisco"
-        cmpv2State: "California"
-        cmpv2Country: "US"
-        # Client configuration related
         caName: "RA"
+        # Client configuration related
         requestURL: "https://oom-cert-service:8443/v1/certificate/"
         requestTimeout: "30000"
-        keystorePath: "/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks"
         outputType: "P12"
-        keystorePassword: "secret"
-        truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks"
-        truststorePassword: "secret"
 
   # Indicates offline deployment build
   # Set to true if you are rendering helm charts for offline deployment
-- 
cgit 1.2.3-korg