blob: ef3b0768f550ca0e794cbd91165a1e9e4e2aa1f3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
{{- define "so.certificate.container_importer" -}}
{{- $dot := default . .dot -}}
{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
{{ include "common.certInitializer.initContainer" $subchartDot }}
{{- if $dot.Values.global.aafEnabled }}
- name: {{ include "common.name" $dot }}-msb-cert-importer
image: "{{ include "common.repository" $dot }}/{{ $dot.Values.global.aafAgentImage }}"
imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }}
command:
- "/bin/sh"
args:
- "-c"
- |
export $(grep '^c' {{ $subchartDot.Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
keytool -import -trustcacerts -alias msb_root -file \
/certificates/msb-ca.crt -keystore \
"{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \
-storepass $cadi_truststore_password -noprompt
keytool -importkeystore -srckeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/truststoreONAPall.jks" \
-srcstorepass {{ $subchartDot.Values.certInitializer.trustStoreAllPass }} \
-destkeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \
-deststorepass $cadi_truststore_password -noprompt
volumeMounts:
{{ include "common.certInitializer.volumeMount" $subchartDot | indent 2 | trim }}
- name: {{ include "common.name" $dot }}-msb-certificate
mountPath: /certificates
{{- end }}
{{- end -}}
{{- define "so.certificate.volumes" -}}
{{- $dot := default . .dot -}}
{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
{{ include "common.certInitializer.volumes" $subchartDot }}
{{- if $dot.Values.global.aafEnabled }}
- name: {{ include "common.name" $dot }}-msb-certificate
secret:
secretName: {{ include "common.secret.getSecretNameFast" (dict "global" $subchartDot "uid" "so-onap-certs") }}
{{- end }}
{{- end -}}
{{- define "so.certificate.volumeMount" -}}
{{- $dot := default . .dot -}}
{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
{{ include "common.certInitializer.volumeMount" $subchartDot }}
{{- end -}}
{{- define "so.certificates.env" -}}
{{- $dot := default . .dot -}}
{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
{{- if $dot.Values.global.aafEnabled }}
- name: TRUSTSTORE
value: {{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}
{{- if $dot.Values.global.security.aaf.enabled }}
- name: KEYSTORE
value: {{ $subchartDot.Values.certInitializer.credsPath }}/org.onap.so.jks
{{- end }}
{{- end }}
{{- end -}}
|