Enable https endpoint for SMS

SMS got a new SAN certificate and we are using that in this deployment now. Applications will now query on https://aaf-sms.onap This should also fix the failing healthcheck for SMS -P3: Changing liveness and readiness probes to use https instead of tcp which was throwing up TLS error spam on the server Issue-ID: AAF-284 Change-Id: I654eced0bb75c8b5c807c45773f308d824dfb571 Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
author: Kiran Kamineni <kiran.k.kamineni@intel.com> 2018-05-14 16:59:55 -0700
committer: Kiran Kamineni <kiran.k.kamineni@intel.com> 2018-05-15 15:33:19 -0700
commit: c808c9a48e0f6190f9db316cb00a5d7c9a3f9086 (patch)
tree: 2c29c22688ecdb5ff5660af839309508e2c8e005 /kubernetes/aaf
parent: d31e2a0a1032acd12cce02a3767988027cd6a5c6 (diff)
6 files changed, 24 insertions, 18 deletions
diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/resources/config/config.json b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/resources/config/config.json
new file mode 100644
index 0000000000..3a43f00019
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/resources/config/config.json
@@ -0,0 +1,7 @@
+{
+    "url":"https://aaf-sms.{{ include "common.namespace" . }}:10443",
+    "cafile": "/quorumclient/certs/aaf_root_ca.cer",
+    "clientcert":"client.cert",
+    "clientkey":"client.key",
+    "timeout":"10s"
+}
+\ No newline at end of file
diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml
index cacc368df1..9905a3cbee 100644
--- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml
+++ b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml
@@ -23,5 +23,4 @@ metadata:
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
 data:
-  config.json: |
-    {{ .Values.config | toJson }}
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+\ No newline at end of file
diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml
index 483d6c5f17..281229f95c 100644
--- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml
+++ b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml
@@ -63,6 +63,10 @@ spec:
       - name : {{ include "common.name" . }}
         configMap:
           name: {{ include "common.fullname" . }}
+          items:
+          - key: config.json
+            path: config.json
+            mode: 0755
       - name: {{ include "common.fullname" . }}-auth
         persistentVolumeClaim:
           claimName: {{ include "common.fullname" . }}
diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/values.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/values.yaml
index b528270eed..768f89fb7e 100644
--- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/values.yaml
+++ b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/values.yaml
@@ -36,14 +36,6 @@ debugEnabled: false
 
 # application configuration
 # Example:
-config:
-  url: "http://aaf-sms:10443"
-  cafile: "selfsignedca.pem"
-  clientcert: "server.cert"
-  clientkey: "server.key"
-  timeout: "60s"
-  disable_tls: true
-
 # default number of instances
 replicaCount: 3
 
diff --git a/kubernetes/aaf/charts/aaf-sms/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-sms/templates/deployment.yaml
index 4235ad01af..4bdb84fa30 100644
--- a/kubernetes/aaf/charts/aaf-sms/templates/deployment.yaml
+++ b/kubernetes/aaf/charts/aaf-sms/templates/deployment.yaml
@@ -40,14 +40,18 @@ spec:
         - containerPort: {{ .Values.service.internalPort }}
         {{- if eq .Values.liveness.enabled true }}
         livenessProbe:
-          tcpSocket:
+          httpGet:
             port: {{ .Values.service.internalPort }}
+            scheme: HTTPS
+            path: /v1/sms/quorum/status
           initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
           periodSeconds: {{ .Values.liveness.periodSeconds }}
         {{ end -}}
         readinessProbe:
-          tcpSocket:
+          httpGet:
             port: {{ .Values.service.internalPort }}
+            scheme: HTTPS
+            path: /v1/sms/quorum/status
           initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
           periodSeconds: {{ .Values.readiness.periodSeconds }}
         volumeMounts:
diff --git a/kubernetes/aaf/charts/aaf-sms/values.yaml b/kubernetes/aaf/charts/aaf-sms/values.yaml
index fa01b38834..df2b6ab640 100644
--- a/kubernetes/aaf/charts/aaf-sms/values.yaml
+++ b/kubernetes/aaf/charts/aaf-sms/values.yaml
@@ -38,10 +38,10 @@ debugEnabled: false
 # Example:
 config:
   smsdbaddress: "http://aaf-sms-db:8200"
-  cafile: "/sms/auth/selfsignedca.pem"
-  servercert: "/sms/auth/server.cert"
-  serverkey: "/sms/auth/server.key"
-  disable_tls: true
+  cafile: "/sms/certs/aaf_root_ca.cer"
+  servercert: "/sms/certs/aaf-sms.pub"
+  serverkey: "/sms/certs/aaf-sms.pr"
+  password: "c2VjcmV0bWFuYWdlbWVudHNlcnZpY2VzZWNyZXRwYXNzd29yZA=="
 
 # subchart configuration
 vault:
@@ -57,14 +57,14 @@ affinity: {}
 # probe configuration parameters
 liveness:
   initialDelaySeconds: 10
-  periodSeconds: 20
+  periodSeconds: 30
   # necessary to disable liveness probe when setting breakpoints
   # in debugger so K8s doesn't restart unresponsive container
   enabled: true
 
 readiness:
   initialDelaySeconds: 10
-  periodSeconds: 20
+  periodSeconds: 30
 
 service:
   type: NodePort
author	Kiran Kamineni <kiran.k.kamineni@intel.com>	2018-05-14 16:59:55 -0700
committer	Kiran Kamineni <kiran.k.kamineni@intel.com>	2018-05-15 15:33:19 -0700
commit	c808c9a48e0f6190f9db316cb00a5d7c9a3f9086 (patch)
tree	2c29c22688ecdb5ff5660af839309508e2c8e005 /kubernetes/aaf
parent	d31e2a0a1032acd12cce02a3767988027cd6a5c6 (diff)