summaryrefslogtreecommitdiffstats
path: root/kubernetes/oof/components/oof-has/resources/config
diff options
context:
space:
mode:
authoramatthews <adrian.matthews@est.tech>2022-08-18 15:31:12 +0100
committerAndreas Geissler <andreas-geissler@telekom.de>2022-10-24 13:39:32 +0000
commit379daacca80d748ea9fee3c4185c828a9559b509 (patch)
tree91591b52e8402e61821e811f5973548deab060ef /kubernetes/oof/components/oof-has/resources/config
parent702d68ae02195cbe56ab5f5cd61bddc816880076 (diff)
[OOF] Service Mesh Compliance for OOF
Updating basic requirements for Service Mesh Compliance within OOF. Removed AAF dependencies in OOF deployments. Resolved merge conflict for oof-has/resources/conflict/conductor.conf for DCAE Issue-ID: OOM-2253 Change-Id: I660085ca94db723e4880dfa67aa31b604e712d15 Signed-off-by: amatthews <adrian.matthews@est.tech>
Diffstat (limited to 'kubernetes/oof/components/oof-has/resources/config')
-rwxr-xr-xkubernetes/oof/components/oof-has/resources/config/conductor.conf25
-rw-r--r--kubernetes/oof/components/oof-has/resources/config/nginx.conf5
2 files changed, 20 insertions, 10 deletions
diff --git a/kubernetes/oof/components/oof-has/resources/config/conductor.conf b/kubernetes/oof/components/oof-has/resources/config/conductor.conf
index 78553d73af..d650808036 100755
--- a/kubernetes/oof/components/oof-has/resources/config/conductor.conf
+++ b/kubernetes/oof/components/oof-has/resources/config/conductor.conf
@@ -159,13 +159,13 @@ appkey = ""
#
# is_aaf_enabled. (boolean value)
-is_aaf_enabled = true
+is_aaf_enabled = {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
# aaf_cache_expiry_hrs. (integer value)
aaf_cache_expiry_hrs = 3
# aaf_url. (string value)
-aaf_url = https://{{.Values.config.aaf.serviceName}}:{{.Values.config.aaf.port}}/authz/perms/user/
+aaf_url = http{{ if (include "common.needTLS" .) }}s{{ end }}://{{.Values.config.aaf.serviceName}}:{{.Values.config.aaf.port}}/authz/perms/user/
# aaf_cert_file. (string value)
#aaf_cert_file = <None>
@@ -175,7 +175,7 @@ aaf_url = https://{{.Values.config.aaf.serviceName}}:{{.Values.config.aaf.port}}
# aaf_ca_bundle_file. (string value)
#aaf_ca_bundle_file =
-aaf_ca_bundle_file = /usr/local/bin/AAF_RootCA.cer
+aaf_ca_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }}
# aaf_retries. (integer value)
#aaf_retries = 3
@@ -193,9 +193,12 @@ aaf_ca_bundle_file = /usr/local/bin/AAF_RootCA.cer
# From conductor
#
+# is_enabled. (boolean value)
+is_enabled = {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+
# Base URL for SMS, up to and not including the version, and without a trailing
# slash. (string value)
-aaf_sms_url = https://{{.Values.config.sms.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.sms.port}}
+aaf_sms_url = http{{ if (include "common.needTLS" .) }}s{{ end }}://{{.Values.config.sms.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.sms.port}}
# Timeout for SMS API Call (integer value)
@@ -231,7 +234,8 @@ complex_cache_refresh_interval = 60
# Base URL for A&AI, up to and not including the version, and without a
# trailing slash. (string value)
-server_url = https://{{.Values.config.aai.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.aai.port}}/aai
+#server_url = https://{{.Values.config.aai.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.aai.port}}/aai
+server_url = http{{ if (include "common.needTLS" .) }}s{{ end }}://{{.Values.config.aai.serviceName}}.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.aai.port .Values.config.aai.plainPort }}/aai
# Timeout for A&AI Rest Call (string value)
#aai_rest_timeout = 30
@@ -252,7 +256,7 @@ certificate_key_file =
# Certificate Authority Bundle file in pem format. Must contain the appropriate
# trust chain for the Certificate file. (string value)
#certificate_authority_bundle_file = certificate_authority_bundle.pem
-certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer
+certificate_authority_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }}
# Username for AAI. (string value)
username = OOF
@@ -676,7 +680,8 @@ concurrent = true
# Base URL for SDC, up to and not including the version, and without a
# trailing slash. (string value)
#server_url = https://controller:8443/sdc
-server_url = https://{{.Values.config.sdc.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.sdc.port}}/sdc
+#server_url = https://{{.Values.config.sdc.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.sdc.port}}/sdc
+server_url = http{{ if (include "common.needTLS" .) }}s{{ end }}://{{.Values.config.sdc.serviceName}}.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.sdc.port .Values.config.sdc.plainPort }}/sdc
# Timeout for SDC Rest Call (string value)
#sdc_rest_timeout = 30
@@ -699,7 +704,7 @@ certificate_key_file =
# Certificate Authority Bundle file in pem format. Must contain the appropriate
# trust chain for the Certificate file. (string value)
#certificate_authority_bundle_file = certificate_authority_bundle.pem
-certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer
+certificate_authority_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }}
# Username for SDC. (string value)
#username =
@@ -744,7 +749,7 @@ certificate_key_file =
# Certificate Authority Bundle file in pem format. Must contain the appropriate
# trust chain for the Certificate file. (string value)
#certificate_authority_bundle_file = certificate_authority_bundle.pem
-certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer
+certificate_authority_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }}
# Username for CPS. (string value)
#username =
@@ -788,7 +793,7 @@ certificate_key_file =
# Certificate Authority Bundle file in pem format. Must contain the appropriate
# trust chain for the Certificate file. (string value)
#certificate_authority_bundle_file = certificate_authority_bundle.pem
-certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer
+certificate_authority_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }}
# Username for DCAE. (string value)
#username =
diff --git a/kubernetes/oof/components/oof-has/resources/config/nginx.conf b/kubernetes/oof/components/oof-has/resources/config/nginx.conf
index cbb1b60a58..9272e8581c 100644
--- a/kubernetes/oof/components/oof-has/resources/config/nginx.conf
+++ b/kubernetes/oof/components/oof-has/resources/config/nginx.conf
@@ -11,12 +11,17 @@ http {
server {
+{{ if (include "common.needTLS" .) }}
listen 8091 ssl;
server_name oof;
ssl_certificate /opt/bitnami/nginx/org.onap.oof.crt;
ssl_certificate_key /opt/bitnami/nginx/ssl/local/org.onap.oof.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
+{{ else }}
+ listen 8091;
+ server_name oof;
+{{ end }}
location / {
include /opt/bitnami/nginx/conf/uwsgi_params;