diff options
author | Andreas Geissler <andreas-geissler@telekom.de> | 2022-11-14 13:37:48 +0100 |
---|---|---|
committer | Fiachra Corcoran <fiachra.corcoran@est.tech> | 2022-11-22 13:43:41 +0000 |
commit | 470aff07d7efc0243810b6e524e70b36e0194286 (patch) | |
tree | cdb00b067eee99c36df4254c01173cab6bab26bb | |
parent | 86e6b74061d6b56a68a24dbac9a3c1cf140876ed (diff) |
[DCAE] Revert TLS disabling for external DCAE MSs
For Kohn we still base on AAF CM to provide TLS on the external
DCAE services:
- dcae-ves-collector
- dcae-hv-ves-collector
- dcae-datafile-collector
- dcae-pm-mapper connection to dmaap-dr-node
For London this will be changed to use Ingress TLS
Issue-ID: OOM-2775
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Change-Id: I1deb6492483c6ae2db7b5437319dc722d78727c0
(cherry picked from commit 3502e73a2762fc50f9ba3ae5d65a3efe5f05bead)
5 files changed, 13 insertions, 5 deletions
diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml index d990e4d299..cbe02a1bf9 100644 --- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml @@ -69,7 +69,7 @@ certDirectory: /opt/app/datafile/etc/cert # TLS role -- set to true if microservice acts as server # If true, an init container will retrieve a server cert # and key from AAF and mount them in certDirectory. -tlsServer: false +tlsServer: true # CMPv2 certificate # It is used only when: @@ -97,6 +97,7 @@ certificates: readinessCheck: wait_for: containers: + - aaf-cm - dmaap-bc - dmaap-provisioning-job - message-router diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/Chart.yaml index 162b624397..8c6fad9c64 100644 --- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/Chart.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/Chart.yaml @@ -27,6 +27,9 @@ dependencies: - name: common version: ~11.x-0 repository: '@local' + - name: readinessCheck + version: ~11.x-0 + repository: '@local' - name: repositoryGenerator version: ~11.x-0 repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml index 5d04aff9c8..da3f47358b 100644 --- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml @@ -59,7 +59,7 @@ certDirectory: /etc/ves-hv/ssl # TLS role -- set to true if microservice acts as server # If true, an init container will retrieve a server cert # and key from AAF and mount them in certDirectory. -tlsServer: false +tlsServer: true secrets: - uid: hv-ves-kafka-secret @@ -95,6 +95,9 @@ certificates: create: true # dependencies +readinessCheck: + wait_for: + - aaf-cm # probe configuration readiness: @@ -133,7 +136,7 @@ applicationConfig: server.idleTimeoutSec: 300 server.listenPort: 6061 cbs.requestIntervalSec: 5 - security.sslDisable: true + security.sslDisable: false security.keys.keyStoreFile: /etc/ves-hv/ssl/cert.jks security.keys.keyStorePasswordFile: /etc/ves-hv/ssl/jks.pass security.keys.trustStoreFile: /etc/ves-hv/ssl/trust.jks diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml index da4c638623..a2479b62e2 100644 --- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml @@ -139,7 +139,7 @@ applicationConfig: key_store_pass_path: /opt/app/pm-mapper/etc/cert/jks.pass trust_store_path: /opt/app/pm-mapper/etc/cert/trust.jks trust_store_pass_path: /opt/app/pm-mapper/etc/cert/trust.pass - dmaap_dr_delete_endpoint: http://dmaap-dr-node:8080/delete + dmaap_dr_delete_endpoint: https://dmaap-dr-node:8443/delete streams_publishes: dmaap_publisher: type: message_router diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml index 60d23230f8..e0b2b12087 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml @@ -59,7 +59,7 @@ certDirectory: /opt/app/dcae-certificate # TLS role -- set to true if microservice acts as server # If true, an init container will retrieve a server cert # and key from AAF and mount them in certDirectory. -tlsServer: false +tlsServer: true # CMPv2 certificate # It is used only when: @@ -86,6 +86,7 @@ certificates: # dependencies readinessCheck: wait_for: + - aaf-cm - message-router # probe configuration |