Modify APPC Helm Chart to override the pk12 certificate
- Takamune Cho
- Andrew Fenner
cd kubernetes/appc
mkdir -p resources/config/certs
download and copy org.onap.appc.p12 file from this page's comment below to resources/config/certs
Change cadi.properties
edit resources/config/appc/opt/onap/appc/data/properties/cadi.properties
replace the line:
cadi_keystore_password=enc:4DVUTKvRCCtebQrKskDsuKFIHLzOf2M9XxNOhVIK4xb
to
cadi_keystore_password=enc:tQTHVtbdCuzqrQY1TBRt9SkFL9tCY3OzwbsfaVyAa2dOfZlI0krFOJSBnkm1WdGr
Update the secrets.yaml
Add the following to the end of templates/secrets.yaml
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.fullname" . }}-certs
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
Update the statefulset.yaml
Add the following lines in templates/statefulset.yaml under volumeMounts:
- mountPath: /opt/onap/appc/data/stores/org.onap.appc.p12
name: certs
subPath: org.onap.appc.p12
Add the following lines in templates/statefulset.yaml under volumes:
- name : certs
secret:
secretName: {{ include "common.fullname" . }}-certs