summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndreas Geissler <andreas-geissler@telekom.de>2022-11-14 13:37:48 +0100
committerAndreas Geissler <andreas-geissler@telekom.de>2022-11-22 07:39:36 +0000
commit3502e73a2762fc50f9ba3ae5d65a3efe5f05bead (patch)
tree43b55657ee5d318f331d61141bee3c60c2e278d6
parent693e816b299d2c2c77be62510808256836bf926a (diff)
[DCAE] Revert TLS disabling for external DCAE MSs
For Kohn we still base on AAF CM to provide TLS on the external DCAE services: - dcae-ves-collector - dcae-hv-ves-collector - dcae-datafile-collector - dcae-pm-mapper connection to dmaap-dr-node For London this will be changed to use Ingress TLS Issue-ID: OOM-2775 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: I1deb6492483c6ae2db7b5437319dc722d78727c0
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml3
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/Chart.yaml3
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml7
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml2
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml3
5 files changed, 13 insertions, 5 deletions
diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml
index d990e4d299..cbe02a1bf9 100644
--- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml
@@ -69,7 +69,7 @@ certDirectory: /opt/app/datafile/etc/cert
# TLS role -- set to true if microservice acts as server
# If true, an init container will retrieve a server cert
# and key from AAF and mount them in certDirectory.
-tlsServer: false
+tlsServer: true
# CMPv2 certificate
# It is used only when:
@@ -97,6 +97,7 @@ certificates:
readinessCheck:
wait_for:
containers:
+ - aaf-cm
- dmaap-bc
- dmaap-provisioning-job
- message-router
diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/Chart.yaml
index 502a6a88d6..59fda72e2a 100644
--- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/Chart.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/Chart.yaml
@@ -27,6 +27,9 @@ dependencies:
- name: common
version: ~12.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~12.x-0
+ repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
index 5d04aff9c8..da3f47358b 100644
--- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
@@ -59,7 +59,7 @@ certDirectory: /etc/ves-hv/ssl
# TLS role -- set to true if microservice acts as server
# If true, an init container will retrieve a server cert
# and key from AAF and mount them in certDirectory.
-tlsServer: false
+tlsServer: true
secrets:
- uid: hv-ves-kafka-secret
@@ -95,6 +95,9 @@ certificates:
create: true
# dependencies
+readinessCheck:
+ wait_for:
+ - aaf-cm
# probe configuration
readiness:
@@ -133,7 +136,7 @@ applicationConfig:
server.idleTimeoutSec: 300
server.listenPort: 6061
cbs.requestIntervalSec: 5
- security.sslDisable: true
+ security.sslDisable: false
security.keys.keyStoreFile: /etc/ves-hv/ssl/cert.jks
security.keys.keyStorePasswordFile: /etc/ves-hv/ssl/jks.pass
security.keys.trustStoreFile: /etc/ves-hv/ssl/trust.jks
diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml
index da4c638623..a2479b62e2 100644
--- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml
@@ -139,7 +139,7 @@ applicationConfig:
key_store_pass_path: /opt/app/pm-mapper/etc/cert/jks.pass
trust_store_path: /opt/app/pm-mapper/etc/cert/trust.jks
trust_store_pass_path: /opt/app/pm-mapper/etc/cert/trust.pass
- dmaap_dr_delete_endpoint: http://dmaap-dr-node:8080/delete
+ dmaap_dr_delete_endpoint: https://dmaap-dr-node:8443/delete
streams_publishes:
dmaap_publisher:
type: message_router
diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
index 60d23230f8..e0b2b12087 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
@@ -59,7 +59,7 @@ certDirectory: /opt/app/dcae-certificate
# TLS role -- set to true if microservice acts as server
# If true, an init container will retrieve a server cert
# and key from AAF and mount them in certDirectory.
-tlsServer: false
+tlsServer: true
# CMPv2 certificate
# It is used only when:
@@ -86,6 +86,7 @@ certificates:
# dependencies
readinessCheck:
wait_for:
+ - aaf-cm
- message-router
# probe configuration