[SO] Simplify cert retrieval script
As retrieving values is now done via a generic script, let's clean a
little bit cert retrieval in order to remove unneeded part.
Also, as MSB is now using certInitialize, we don't need to onboard it's
certificate.
Issue-ID: OOM-2688
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I5b8ed861ab94b97f2de0d52a4e4385b97a4f5afc
diff --git a/kubernetes/so/components/soHelpers/templates/_certificates.tpl b/kubernetes/so/components/soHelpers/templates/_certificates.tpl
index c5232e8..f5b97d5 100644
--- a/kubernetes/so/components/soHelpers/templates/_certificates.tpl
+++ b/kubernetes/so/components/soHelpers/templates/_certificates.tpl
@@ -3,40 +3,6 @@
{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
{{ include "common.certInitializer.initContainer" $subchartDot }}
-{{- if $dot.Values.global.aafEnabled }}
-- name: {{ include "common.name" $dot }}-msb-cert-importer
- image: {{ include "repositoryGenerator.repository" $subchartDot }}/{{ $dot.Values.global.aafAgentImage }}
- imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }}
- command:
- - "/bin/sh"
- args:
- - "-c"
- - |
- export $(grep '^c' {{ $subchartDot.Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- keytool -import -trustcacerts -alias msb_root -file \
- /certificates/msb-ca.crt -keystore \
- "{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \
- -storepass $cadi_truststore_password -noprompt
- export EXIT_VALUE=$?
- if [ "${EXIT_VALUE}" != "0" ]
- then
- echo "issue with password: $cadi_truststore_password"
- ls -lh {{ $subchartDot.Values.certInitializer.credsPath }}/mycreds.prop
- cat {{ $subchartDot.Values.certInitializer.credsPath }}/mycreds.prop
- exit $EXIT_VALUE
- else
- keytool -importkeystore -srckeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/truststoreONAPall.jks" \
- -srcstorepass {{ $subchartDot.Values.certInitializer.trustStoreAllPass }} \
- -destkeystore "{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \
- -deststorepass $cadi_truststore_password -noprompt
- export EXIT_VALUE=$?
- fi
- exit $EXIT_VALUE
- volumeMounts:
- {{ include "common.certInitializer.volumeMount" $subchartDot | indent 2 | trim }}
- - name: {{ include "common.name" $dot }}-msb-certificate
- mountPath: /certificates
-{{- end }}
{{- end -}}
{{- define "so.certificate.volumes" -}}
@@ -44,11 +10,6 @@
{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
{{ include "common.certInitializer.volumes" $subchartDot }}
-{{- if $dot.Values.global.aafEnabled }}
-- name: {{ include "common.name" $dot }}-msb-certificate
- secret:
- secretName: {{ include "common.secret.getSecretNameFast" (dict "global" $subchartDot "uid" "so-onap-certs") }}
-{{- end }}
{{- end -}}
{{- define "so.certificate.volumeMount" -}}
diff --git a/kubernetes/so/components/soHelpers/values.yaml b/kubernetes/so/components/soHelpers/values.yaml
index a367272..612f7c1 100755
--- a/kubernetes/so/components/soHelpers/values.yaml
+++ b/kubernetes/so/components/soHelpers/values.yaml
@@ -1,5 +1,6 @@
# Copyright © 2018 AT&T USA
# Copyright © 2020 Huawei
+# Copyright © 2021 Orange
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
@@ -32,16 +33,6 @@
path: /etc/ssl/certs
share_path: /usr/local/share/ca-certificates/
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: 'so-onap-certs'
- name: '{{ include "common.release" . }}-so-certs'
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths:
- - resources/config/certificates/msb-ca.crt
#################################################################
# AAF part
@@ -58,9 +49,9 @@
app_ns: org.osaaf.aaf
credsPath: /opt/app/osaaf/local
trustStoreAllPass: changeit
- aaf_add_config: >
- /opt/app/aaf_config/bin/agent.sh local showpass
- {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
+ aaf_add_config: |
+ echo "cadi_truststore_password=$cadi_truststore_password" > {{ .Values.credsPath }}/mycreds.prop
+ echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" > {{ .Values.credsPath }}/mycreds.prop
aafConfig:
permission_user: 1000