Merge "Workaround for cert expiration" into elalto

author: Krzysztof Opasiak <k.opasiak@samsung.com> 2020-05-19 21:33:27 +0000
committer: Gerrit Code Review <gerrit@onap.org> 2020-05-19 21:33:27 +0000
commit: 5ad9d7e5ca8827015e75bf0cf403f368c969b8e6 (patch)
tree: aac1de583b05431a4168a843634e1c1c7ae6cb68
parent: 3c2395cd1dede2bed7bd385d637f989eb6bfb15b (diff)
parent: 59006cf1a7051d80de0f949b31c4d8131978e1ee (diff)
1 files changed, 10 insertions, 1 deletions
diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/post-install-job.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/post-install-job.yaml
index 52c5566061..df823b5cd7 100644
--- a/kubernetes/dmaap/components/dmaap-bc/templates/post-install-job.yaml
+++ b/kubernetes/dmaap/components/dmaap-bc/templates/post-install-job.yaml
@@ -32,8 +32,17 @@ spec:
         env:
         - name: DELAY
           value: "0"
+# hack explanation:
+# since the dmaap-bc SSL certificate is expired in this release, we
+# pass the -k flag to ignore the cert check error.
+# AFAIK, this post-install script is the only client which actually
+# uses https (against dmaap-bc API) in El Alto Release.
+# So, this workaround is the easiest way out for me.
+# Also note that the only reason to even deploy dmaap-bc is if you
+# need authenticated topics in message-router, or a feed in data-router.
+# If that is not your case, then don't even deploy dmaap-bc.
         - name: PROTO
-          value: "https"
+          value: "-k https"
         - name: PORT
           value: "8443"
         - name: REQUESTID
author	Krzysztof Opasiak <k.opasiak@samsung.com>	2020-05-19 21:33:27 +0000
committer	Gerrit Code Review <gerrit@onap.org>	2020-05-19 21:33:27 +0000
commit	5ad9d7e5ca8827015e75bf0cf403f368c969b8e6 (patch)
tree	aac1de583b05431a4168a843634e1c1c7ae6cb68
parent	3c2395cd1dede2bed7bd385d637f989eb6bfb15b (diff)
parent	59006cf1a7051d80de0f949b31c4d8131978e1ee (diff)