-
Bug
-
Resolution: Won't Do
-
High
-
Frankfurt Release
-
None
aaf agent image which is used in Frankfurt contains below hardcoded truststores:
/opt/app/aaf_config/cert/truststoreONAP.p12.b64
/opt/app/aaf_config/cert/truststoreONAPall.jks.b64
To avoid issue with expiring certificates you shouldn't do that.
Preferred way to solve this is to retrieve those from AAF or alternatively if you don't have resources to do this:
1) Remove it from your image
2) Commit it to oom repo and provide them to the pod as secret
3) Document it as oom hardcoded certificate in: doc/oom_hardcoded_certificates.rst
FYI
- blocks
-
DCAEGEN2-2218 DCAE hardcodes certificates in onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
- Closed