From cf6cbf7cd2525af557a971b30093bfd814e52413 Mon Sep 17 00:00:00 2001 From: Piotr Marcinkiewicz Date: Wed, 29 Jul 2020 09:16:55 +0200 Subject: [PATCH] Update external TLS documentation Add keystore and truststore passwords parameters to description. Issue-ID: DCAEGEN2-2252 Signed-off-by: Piotr Marcinkiewicz Change-Id: If0c2983abc0ab491b2dd729cc2a373fa229104b8 --- docs/sections/tls_enablement.rst | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/docs/sections/tls_enablement.rst b/docs/sections/tls_enablement.rst index 34450163..ec23f65b 100644 --- a/docs/sections/tls_enablement.rst +++ b/docs/sections/tls_enablement.rst @@ -132,6 +132,8 @@ This external TLS support doesn't influence ONAP internal traffic which is prote * A string ``state`` that indicates state name, for which certificate will be created. * A string ``organizational_unit`` that indicates organizational unit name, for which certificate will be created. * A string ``location`` that indicates location name, for which certificate will be created. + * A string ``keystore_password`` that indicates keystore password. + * A string ``truststore_password`` that indicates truststore password. Group ``external_cert`` from k8splugin.json with default values: @@ -145,7 +147,9 @@ This external TLS support doesn't influence ONAP internal traffic which is prote "organization": "Linux-Foundation", "state": "California", "organizational_unit": "ONAP", - "location": "San-Francisco" + "location": "San-Francisco", + "keystore_password": "secret", + "truststore_password": "secret" } @@ -154,14 +158,14 @@ This external TLS support doesn't influence ONAP internal traffic which is prote 2. Certificate generation and retrieval: - When a DCAE component that needs a external TLS certificate is launched, a Kubernetes init container runs before the main + When a DCAE component that needs an external TLS certificate is launched, a Kubernetes init container runs before the main component container is launched. The init container contacts the AAF CertService. DCAE service components (sometimes called "microservices") are deployed via Cloudify using blueprints. This is described in more detail in the next section. 3. Plugin and Blueprint: - The blueprint for a component that needs a external TLS certificate needs to include the node property called "external_cert" in + The blueprint for a component that needs an external TLS certificate needs to include the node property called "external_cert" in the node properties for the component. The property is a dictionary with following elements: * A boolean (``use_external_tls``) that indicates whether the component uses TLS in external traffic. -- 2.16.6