aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorr.bogacki <r.bogacki@samsung.com>2019-10-01 08:43:44 +0200
committerRobert Bogacki <r.bogacki@samsung.com>2019-10-28 07:17:10 +0000
commit08a72d6b583fbb9a651cab98dc63e3f3f8ae8b0d (patch)
tree203c639adbf8b0820d1aaa4c6dbc5ffe2ea7056e
parent07c610db63ffe687eba3b9b0e11738a4dddad8a9 (diff)
Enabled HTTPS for sdc-workflow-designer
-Enabled HTTPS for frontend and backend -Updated paths and passwords for a certificates Issue-ID: SDC-2479 Signed-off-by: Robert Bogacki <r.bogacki@samsung.com> Signed-off-by: Krystian Kedron <k.kedron@partner.samsung.com> Change-Id: Ic4b379bc2eb73a984221fa06ddc0fe8f0fa2116b
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml4
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-be/values.yaml12
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml31
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-fe/values.yaml12
4 files changed, 16 insertions, 43 deletions
diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml
index 0bf1bf5d31..31ab7d5eaf 100644
--- a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml
@@ -60,13 +60,13 @@ spec:
{{ if .Values.liveness.enabled }}
livenessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort }}
+ port: {{ .Values.service.internalPort2 }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end }}
readinessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort }}
+ port: {{ .Values.service.internalPort2 }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
diff --git a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
index 0a250e4fce..5a67965850 100644
--- a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
@@ -28,8 +28,8 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/workflow-backend:1.5.1
-configInitImage: onap/workflow-init:1.5.1
+image: onap/workflow-backend:1.5.2
+configInitImage: onap/workflow-init:1.5.2
pullPolicy: Always
# flag to enable debugging - application support required
@@ -43,14 +43,14 @@ config:
cassandraAuthenticationEnabled: true
cassandraThriftClientPort: 9160
cassandraClientPort: 9042
- sdcProtocol: HTTP
- sdcEndpoint: sdc-be:8080
+ sdcProtocol: HTTPS
+ sdcEndpoint: sdc-be:8443
sdcExternalUser: workflow
sdcExternalUserPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
serverSSLEnabled: false
serverSSLKeyStoreType: jks
- serverSSLKeyStorePath: /etc/server-https-keystore/keystore
- serverSSLKeyPassword: password
+ serverSSLKeyStorePath: etc/org.onap.sdc.p12
+ serverSSLKeyPassword: "!ppJ.JvWn0hGh)oVF]([Kv)^"
cassandraSSLEnabled: false
cassandraTrustStorePath: /etc/cassandra-client-truststore/truststore
cassandraTrustStorePassword: password
diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml
index 0be06f3985..1daee714b6 100644
--- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml
@@ -75,41 +75,15 @@ spec:
value: "{{ .Values.config.isHttpsEnabled}}"
{{ if and .Values.config.isHttpsEnabled (eq .Values.security.isDefaultStore false) }}
- name: KEYSTORE_PASS
- {{- if .Values.global.security.keysFromCa }}
- valueFrom:
- secretKeyRef:
- name: mft-sdc
- key: keystore-password.txt
- {{ else }}
- value: {{ .Values.global.security.keyStorePass}}
- {{- end }}
+ value: "{{ .Values.security.keystorePass}}"
- name: TRUSTSTORE_PASS
- {{- if .Values.global.security.keysFromCa }}
- valueFrom:
- secretKeyRef:
- name: mft-catruststore
- key: keystore-password.txt
- {{ else }}
- value: {{ .Values.global.security.trustStorePass}}
- {{- end }}
+ value: "{{ .Values.security.truststorePass}}"
- name: TRUSTSTORE_PATH
value: "{{ .Values.security.storePath }}/{{ .Values.security.truststoreFilename }}"
- name: KEYSTORE_PATH
value: "{{ .Values.security.storePath }}/{{ .Values.security.keystoreFilename }}"
- - name: TRUSTSTORE_TYPE
- value: {{ .Values.security.truststore.type }}
- - name: KEYSTORE_TYPE
- value: {{ .Values.security.keystore.type }}
{{ end }}
volumeMounts:
- {{ if and .Values.config.isHttpsEnabled (eq .Values.security.isDefaultStore false) }}
- - name: {{ include "common.fullname" . }}-jetty-https-truststore
- mountPath: /var/lib/jetty/{{ .Values.security.storePath }}/{{ .Values.security.truststoreFilename }}
- subPath: {{ .Values.security.truststoreFilename }}
- - name: {{ include "common.fullname" . }}-jetty-https-keystore
- mountPath: /var/lib/jetty/etc/{{ .Values.security.storePath }}/{{ .Values.security.keystoreFilename }}
- subPath: {{ .Values.security.keystoreFilename }}
- {{ end }}
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
@@ -123,7 +97,6 @@ spec:
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
-
# side car containers
- name: {{ include "common.name" . }}-filebeat-onap
image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml
index 91cdead023..54e0e9b229 100644
--- a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml
@@ -28,7 +28,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/workflow-frontend:1.5.1
+image: onap/workflow-frontend:1.5.2
pullPolicy: Always
# flag to enable debugging - application support required
@@ -41,11 +41,11 @@ config:
# https relevant settings. Change in case you have other trust files then default ones.
security:
- isDefaultStore: true
- truststoreType: "JKS"
- keystoreType: "JKS"
- truststoreFilename: "truststore"
- keystoreFilename: "keystore"
+ isDefaultStore: false
+ truststoreFilename: "org.onap.sdc.trust.jks"
+ keystoreFilename: "org.onap.sdc.p12"
+ keystorePass: "!ppJ.JvWn0hGh)oVF]([Kv)^"
+ truststorePass: "].][xgtze]hBhz*wy]}m#lf*"
storePath: "etc"
# default number of instances