diff options
author | Andreas Geissler <andreas-geissler@telekom.de> | 2022-11-14 13:37:48 +0100 |
---|---|---|
committer | Andreas Geissler <andreas-geissler@telekom.de> | 2022-11-22 07:39:36 +0000 |
commit | 3502e73a2762fc50f9ba3ae5d65a3efe5f05bead (patch) | |
tree | 43b55657ee5d318f331d61141bee3c60c2e278d6 | |
parent | 693e816b299d2c2c77be62510808256836bf926a (diff) |
[DCAE] Revert TLS disabling for external DCAE MSs
For Kohn we still base on AAF CM to provide TLS on the external
DCAE services:
- dcae-ves-collector
- dcae-hv-ves-collector
- dcae-datafile-collector
- dcae-pm-mapper connection to dmaap-dr-node
For London this will be changed to use Ingress TLS
Issue-ID: OOM-2775
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Change-Id: I1deb6492483c6ae2db7b5437319dc722d78727c0
5 files changed, 13 insertions, 5 deletions
diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml index d990e4d299..cbe02a1bf9 100644 --- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml @@ -69,7 +69,7 @@ certDirectory: /opt/app/datafile/etc/cert # TLS role -- set to true if microservice acts as server # If true, an init container will retrieve a server cert # and key from AAF and mount them in certDirectory. -tlsServer: false +tlsServer: true # CMPv2 certificate # It is used only when: @@ -97,6 +97,7 @@ certificates: readinessCheck: wait_for: containers: + - aaf-cm - dmaap-bc - dmaap-provisioning-job - message-router diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/Chart.yaml index 502a6a88d6..59fda72e2a 100644 --- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/Chart.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/Chart.yaml @@ -27,6 +27,9 @@ dependencies: - name: common version: ~12.x-0 repository: '@local' + - name: readinessCheck + version: ~12.x-0 + repository: '@local' - name: repositoryGenerator version: ~12.x-0 repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml index 5d04aff9c8..da3f47358b 100644 --- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml @@ -59,7 +59,7 @@ certDirectory: /etc/ves-hv/ssl # TLS role -- set to true if microservice acts as server # If true, an init container will retrieve a server cert # and key from AAF and mount them in certDirectory. -tlsServer: false +tlsServer: true secrets: - uid: hv-ves-kafka-secret @@ -95,6 +95,9 @@ certificates: create: true # dependencies +readinessCheck: + wait_for: + - aaf-cm # probe configuration readiness: @@ -133,7 +136,7 @@ applicationConfig: server.idleTimeoutSec: 300 server.listenPort: 6061 cbs.requestIntervalSec: 5 - security.sslDisable: true + security.sslDisable: false security.keys.keyStoreFile: /etc/ves-hv/ssl/cert.jks security.keys.keyStorePasswordFile: /etc/ves-hv/ssl/jks.pass security.keys.trustStoreFile: /etc/ves-hv/ssl/trust.jks diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml index da4c638623..a2479b62e2 100644 --- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml @@ -139,7 +139,7 @@ applicationConfig: key_store_pass_path: /opt/app/pm-mapper/etc/cert/jks.pass trust_store_path: /opt/app/pm-mapper/etc/cert/trust.jks trust_store_pass_path: /opt/app/pm-mapper/etc/cert/trust.pass - dmaap_dr_delete_endpoint: http://dmaap-dr-node:8080/delete + dmaap_dr_delete_endpoint: https://dmaap-dr-node:8443/delete streams_publishes: dmaap_publisher: type: message_router diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml index 60d23230f8..e0b2b12087 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml @@ -59,7 +59,7 @@ certDirectory: /opt/app/dcae-certificate # TLS role -- set to true if microservice acts as server # If true, an init container will retrieve a server cert # and key from AAF and mount them in certDirectory. -tlsServer: false +tlsServer: true # CMPv2 certificate # It is used only when: @@ -86,6 +86,7 @@ certificates: # dependencies readinessCheck: wait_for: + - aaf-cm - message-router # probe configuration |