From 554bc6b6d540810be1fd2c4fa1117719c21527de Mon Sep 17 00:00:00 2001
From: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Date: Thu, 25 Feb 2021 18:13:19 +0100
Subject: [VNFSDK] Automatically retrieve certificates

Instead of using hardcoded certificates, let's use certInitializer in
order to retrieve them.

Issue-ID: OOM-2696
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I6ed12dda660647cd0990c34f51e6c05ed533774a
---
 kubernetes/vnfsdk/values.yaml | 33 ++++++++++++++++++++++++++++++++-
 1 file changed, 32 insertions(+), 1 deletion(-)

(limited to 'kubernetes/vnfsdk/values.yaml')

diff --git a/kubernetes/vnfsdk/values.yaml b/kubernetes/vnfsdk/values.yaml
index 28a2ac419e..0fbee4c07f 100644
--- a/kubernetes/vnfsdk/values.yaml
+++ b/kubernetes/vnfsdk/values.yaml
@@ -33,6 +33,37 @@ secrets:
     password: '{{ .Values.postgres.config.pgUserPassword }}'
     passwordPolicy: generate
 
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+  nameOverride: refrepo-cert-initializer
+  aafDeployFqi: deployer@people.osaaf.org
+  aafDeployPass: demo123456!
+  # aafDeployCredsExternalSecret: some secret
+  fqdn: refrepo
+  fqi: refrepo@refrepo.onap.org
+  fqi_namespace: org.onap.refrepo
+  public_fqdn: refrepo.onap.org
+  cadi_longitude: "0.0"
+  cadi_latitude: "0.0"
+  app_ns: org.osaaf.aaf
+  credsPath: /opt/app/osaaf/local
+  aaf_add_config: |
+    echo "*** transform AAF certs into pem files"
+    mkdir -p {{ .Values.credsPath }}/certs
+    echo "keystore password: $$cadi_keystore_password_p12"
+    openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \
+      -nokeys -out {{ .Values.credsPath }}/certs/cert.pem \
+      -passin pass:$cadi_keystore_password_p12 \
+      -passout pass:$cadi_keystore_password_p12
+    echo "*** copy key"
+    cp {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key \
+      {{ .Values.credsPath }}/certs/cert.key
+    echo "*** change ownership of certificates to targeted user"
+    chown -R 999 {{ .Values.credsPath }}/certs
+
+
 #################################################################
 # Application configuration defaults.
 #################################################################
@@ -102,7 +133,7 @@ readiness:
 service:
   type: NodePort
   name: refrepo
-  portName: refrepo
+  portName: https
   nodePort: 97
   internalPort: 8703
 
-- 
cgit 1.2.3-korg