{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
{{ include "common.certInitializer.initContainer" $subchartDot }}
-{{- if $dot.Values.global.aafEnabled }}
-- name: {{ include "common.name" $dot }}-msb-cert-importer
- image: {{ include "repositoryGenerator.repository" $subchartDot }}/{{ $dot.Values.global.aafAgentImage }}
- imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }}
- command:
- - "/bin/sh"
- args:
- - "-c"
- - |
- export $(grep '^c' {{ $subchartDot.Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- keytool -import -trustcacerts -alias msb_root -file \
- /certificates/msb-ca.crt -keystore \
- "{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \
- -storepass $cadi_truststore_password -noprompt
- export EXIT_VALUE=$?
- if [ "${EXIT_VALUE}" != "0" ]
- then
- echo "issue with password: $cadi_truststore_password"
- ls -lh {{ $subchartDot.Values.certInitializer.credsPath }}/mycreds.prop
- cat {{ $subchartDot.Values.certInitializer.credsPath }}/mycreds.prop
- exit $EXIT_VALUE
- else
- keytool -importkeystore -srckeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/truststoreONAPall.jks" \
- -srcstorepass {{ $subchartDot.Values.certInitializer.trustStoreAllPass }} \
- -destkeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \
- -deststorepass $cadi_truststore_password -noprompt
- export EXIT_VALUE=$?
- fi
- exit $EXIT_VALUE
- volumeMounts:
- {{ include "common.certInitializer.volumeMount" $subchartDot | indent 2 | trim }}
- - name: {{ include "common.name" $dot }}-msb-certificate
- mountPath: /certificates
-{{- end }}
{{- end -}}
{{- define "so.certificate.volumes" -}}
{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
{{ include "common.certInitializer.volumes" $subchartDot }}
-{{- if $dot.Values.global.aafEnabled }}
-- name: {{ include "common.name" $dot }}-msb-certificate
- secret:
- secretName: {{ include "common.secret.getSecretNameFast" (dict "global" $subchartDot "uid" "so-onap-certs") }}
-{{- end }}
{{- end -}}
{{- define "so.certificate.volumeMount" -}}
# Copyright © 2018 AT&T USA
# Copyright © 2020 Huawei
+# Copyright © 2021 Orange
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
path: /etc/ssl/certs
share_path: /usr/local/share/ca-certificates/
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: 'so-onap-certs'
- name: '{{ include "common.release" . }}-so-certs'
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths:
- - resources/config/certificates/msb-ca.crt
#################################################################
# AAF part
app_ns: org.osaaf.aaf
credsPath: /opt/app/osaaf/local
trustStoreAllPass: changeit
- aaf_add_config: >
- /opt/app/aaf_config/bin/agent.sh local showpass
- {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
+ aaf_add_config: |
+ echo "cadi_truststore_password=$cadi_truststore_password" > {{ .Values.credsPath }}/mycreds.prop
+ echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" > {{ .Values.credsPath }}/mycreds.prop
aafConfig:
permission_user: 1000
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIDkjCCAnoCCQCHtNgoWafiHzANBgkqhkiG9w0BAQsFADCBijELMAkGA1UEBhMC
-Q04xETAPBgNVBAgMCHNpY2h1YW5nMRAwDgYDVQQHDAdjaGVuZ2R1MQwwCgYDVQQK
-DAN6dGUxDjAMBgNVBAsMBXplbmFwMTgwNgYDVQQDDC9aVEUgT3BlblBhbGV0dGUg
-Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxNzAeFw0xNzAzMTcwMTU2MjBa
-Fw0yNzAzMTUwMTU2MjBaMIGKMQswCQYDVQQGEwJDTjERMA8GA1UECAwIc2ljaHVh
-bmcxEDAOBgNVBAcMB2NoZW5nZHUxDDAKBgNVBAoMA3p0ZTEOMAwGA1UECwwFemVu
-YXAxODA2BgNVBAMML1pURSBPcGVuUGFsZXR0ZSBSb290IENlcnRpZmljYXRlIEF1
-dGhvcml0eSAyMDE3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA23LK
-Eq56pVzsRbYJ6NMdk82QfLjnp+f7KzdQ46SfwldG3gmipasPwDXV9jT9FvUlX8s/
-mRphOyuZ7vDzL2QjlS/FBATTWrJ2VCJmBVlzVu4STZ6YrxpQrSAalGkiYd9uT2Yt
-2quNUPCsZSlJ8qJCYs098bJ2XTsK0JBby94j3nTdvNWhhErrheWdG/CHje32sKog
-6BxN4GzMeZ2fUd0vKsqBs89M0pApdjpRMqEGHg+Lri4iiE9kKa/Y8S3V6ggJZjbp
-7xs7N0miy/paeosjfFe5U6mhumUSZPFy8ueAgGxqBkwvLJwCY3HYcrsFGaXTu+c3
-p2q1Adygif1h43HrvQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAb/cgmsCxvQmvu
-5e4gpn5WEMo0k7F6IAghd8139i9vmtQ88reYZvfiVsp/5ZjNnNj75lLbjjexDkPA
-bdnAiJfRKOrMaPqY6Bem4v8lPu1B/kj1umn4BXOCC1kpcH/2JCmvI8uh49SSlT9J
-wUSKWw8Qhy9XKN692y02QZke9Xp2HoFvMUlntglmQUIRO5eBYLQCSWpfv/iyMs6w
-ar7Tk1p2rURpRh02P7WFQ5j5fxXEOrkMT7FX80EB3AddSthstj2iDlUcqfG3jXH/
-FA5r1q45kMUaMYxV9WIE67Vt0RaxrUJYWDR2kDSSox7LR5GpjWiSlPAfcLCeVuA3
-3lR7lW/J
------END CERTIFICATE-----
# Copyright © 2018 AT&T USA
# Copyright © 2020 Huawei
+# Copyright © 2021 Orange
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
login: '{{ .Values.dbCreds.adminName }}'
password: '{{ .Values.dbCreds.adminPassword }}'
passwordPolicy: generate
- - uid: 'so-onap-certs'
- name: &so-certs '{{ include "common.release" . }}-so-certs'
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths:
- - resources/config/certificates/msb-ca.crt
- uid: 'mso-key'
name: &mso-key '{{ include "common.release" . }}-mso-key'
type: password
certInitializer:
nameOverride: so-apih-cert-init
credsPath: /opt/app/osaaf/local
- certSecret: *so-certs
containerPort: *containerPort
# Resource Limit flavor -By Default using small
so-vnfm-adapter:
enabled: true
-
Code Review / oom.git / commitdiff