diff options
| author |   Alex Shatov <alexs@att.com> | 2018-09-14 17:32:11 -0400 |
|---|---|---|
| committer | Alex Shatov <alexs@att.com> | 2018-09-14 17:32:11 -0400 |
| commit | 1c2686a724f903b8d6d5e8026266bc160e48f6ec (patch) | |
| tree | a82d1e908d33807fefa7586cb81ac93d8d80cc4d /blueprints/k8s-policy_handler.yaml-template | |
| parent | dce6b69c60b1410580741f400e0152426f339e44 (diff) | |
blueprint and inputs for 4.3.0 policy-handler
- set up tls on policy-handler
- policy-handler expecting the deployment process
to mount certs at /opt/app/policy_handler/etc/tls/certs/
= cert_directory : /opt/app/policy_handler/etc/tls/certs/
= cacert : cacert.pem
- new optional fields tls_ca_mode in config on consul that
specify where to find the cacert.pem for tls per each https/web-socket
values are:
"cert_directory" - use the cacert.pem stored locally in cert_directory
this is the default if cacert.pem file is found
"os_ca_bundle" - use the public ca_bundle provided by linux system.
this is the default if cacert.pem file not found
"do_not_verify" - special hack to turn off the verification by cacert
and hostname
- config on consul now has 2 new fields for policy_engine
= "tls_ca_mode" : "cert_directory"
= "tls_wss_ca_mode" : "cert_directory"
- config on consul now has 1 new field for deploy_handler
= "tls_ca_mode" : "cert_directory"
Change-Id: Ida2d058cad93ddd1a583e1922bc5dc33c145fcba
Signed-off-by: Alex Shatov <alexs@att.com>
Issue-ID: DCAEGEN2-611
Diffstat (limited to 'blueprints/k8s-policy_handler.yaml-template')
| -rw-r--r-- | blueprints/k8s-policy_handler.yaml-template | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/blueprints/k8s-policy_handler.yaml-template b/blueprints/k8s-policy_handler.yaml-template index 62f605a..e5ea8c7 100644 --- a/blueprints/k8s-policy_handler.yaml-template +++ b/blueprints/k8s-policy_handler.yaml-template @@ -32,7 +32,7 @@ inputs: policy_handler_image: description: Docker image for policy_handler - default: '{{ ONAPTEMPLATE_DOCKERREGURL_org_onap_dcaegen2_releases }}/onap/org.onap.dcaegen2.platform.policy-handler:4.2.0' + default: '{{ ONAPTEMPLATE_DOCKERREGURL_org_onap_dcaegen2_releases }}/onap/org.onap.dcaegen2.platform.policy-handler:4.3.0' application_config: description: policy handler application configuration - requires info on policy-engine @@ -55,3 +55,6 @@ node_templates: log_info: log_directory: '/opt/app/policy_handler/logs' container_port: 25577 + tls_info: + cert_directory: '/opt/app/policy_handler/etc/tls/certs/' + use_tls: true |