[COMMON][CERTS] Allow to provide custom certs easily
Instead of mandating to provide custom certificates before creation of
helm packages, let's propose to include certificates from a known
secret or configmap.
The current implementation will first search for secret and if not
provided will look for configmap.
Issue-ID: OOM-2731
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: If2f90adc18efe59c0516db9409964a236bd17a66
diff --git a/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh
index d955ecd..ec1ce94 100755
--- a/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh
+++ b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh
@@ -17,6 +17,7 @@
*/}}
CERTS_DIR=${CERTS_DIR:-/certs}
+MORE_CERTS_DIR=${MORE_CERTS_DIR:-/more_certs}
WORK_DIR=${WORK_DIR:-/updatedTruststore}
ONAP_TRUSTSTORE=${ONAP_TRUSTSTORE:-truststoreONAPall.jks}
JRE_TRUSTSTORE=${JRE_TRUSTSTORE:-$JAVA_HOME/lib/security/cacerts}
@@ -47,6 +48,13 @@
fi
done
+for f in $MORE_CERTS_DIR/*; do
+ if [ ${f: -4} == ".pem" ]
+ then
+ cp $f $WORK_DIR/.
+ fi
+done
+
# Prepare truststore output file
if [ "$AAF_ENABLED" = "true" ]
then