From b81c681cb6be761a2abb5e2f5af1b923bef1f6b4 Mon Sep 17 00:00:00 2001
From: awudzins <adam.wudzinski@nokia.com>
Date: Fri, 13 Mar 2020 16:54:18 +0100
Subject: Switch client and server to communicate over TLS
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Issue-ID: AAF-1084
Signed-off-by: Adam Wudziński <adam.wudzinski@nokia.com>
Change-Id: I7f11b27c7dcdf4fc3eba2d5e64b6dc775c80dd74
---
 certService/helm/aaf-cert-service/values.yaml | 28 ++++++++++++++++++++++++---
 1 file changed, 25 insertions(+), 3 deletions(-)

(limited to 'certService/helm/aaf-cert-service/values.yaml')

diff --git a/certService/helm/aaf-cert-service/values.yaml b/certService/helm/aaf-cert-service/values.yaml
index 0dab1e32..efb16a5a 100644
--- a/certService/helm/aaf-cert-service/values.yaml
+++ b/certService/helm/aaf-cert-service/values.yaml
@@ -3,17 +3,17 @@ replicaCount: 1
 repository: nexus3.onap.org:10001
 image: onap/org.onap.aaf.certservice.aaf-certservice-api:1.0.0
 pullPolicy: Always
-containerPort: 8080
+containerPort: 8443
 service:
   type: ClusterIP
 liveness:
   initialDelaySeconds: 60
   periodSeconds: 10
-  path: /actuator/health
+  command: curl https://localhost:$HTTPS_PORT/actuator/health --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD
 readiness:
   initialDelaySeconds: 30
   periodSeconds: 10
-  path: /ready
+  command: curl https://localhost:$HTTPS_PORT/ready --cacert $ROOT_CERT --cert-type p12 --cert $KEYSTORE_P12_PATH --pass $KEYSTORE_PASSWORD
 volume:
   name: aaf-cert-service-volume
   mountPath: /etc/onap/aaf/certservice
@@ -28,3 +28,25 @@ resources:
 
 secret:
   name: aaf-cert-service-secret
+
+tls:
+  server:
+    secret:
+      name: aaf-cert-service-server-tls-secret
+    volume:
+      name: aaf-cert-service-server-tls-volume
+      mountPath: /etc/onap/aaf/certservice/certs/
+  client:
+    secret:
+      name: aaf-cert-service-client-tls-secret
+
+envs:
+  keystore:
+    jksName: certServiceServer-keystore.jks
+    p12Name: certServiceServer-keystore.p12
+    password: secret
+  truststore:
+    jksName: truststore.jks
+    crtName: root.crt
+    password: secret
+
-- 
cgit 1.2.3-korg