diff options
author | amatthews <adrian.matthews@est.tech> | 2022-08-18 15:31:12 +0100 |
---|---|---|
committer | Andreas Geissler <andreas-geissler@telekom.de> | 2022-10-24 13:39:32 +0000 |
commit | 379daacca80d748ea9fee3c4185c828a9559b509 (patch) | |
tree | 91591b52e8402e61821e811f5973548deab060ef /kubernetes/oof/components/oof-has/resources/config | |
parent | 702d68ae02195cbe56ab5f5cd61bddc816880076 (diff) |
[OOF] Service Mesh Compliance for OOF
Updating basic requirements for Service Mesh Compliance within OOF.
Removed AAF dependencies in OOF deployments.
Resolved merge conflict for oof-has/resources/conflict/conductor.conf for DCAE
Issue-ID: OOM-2253
Change-Id: I660085ca94db723e4880dfa67aa31b604e712d15
Signed-off-by: amatthews <adrian.matthews@est.tech>
Diffstat (limited to 'kubernetes/oof/components/oof-has/resources/config')
-rwxr-xr-x | kubernetes/oof/components/oof-has/resources/config/conductor.conf | 25 | ||||
-rw-r--r-- | kubernetes/oof/components/oof-has/resources/config/nginx.conf | 5 |
2 files changed, 20 insertions, 10 deletions
diff --git a/kubernetes/oof/components/oof-has/resources/config/conductor.conf b/kubernetes/oof/components/oof-has/resources/config/conductor.conf index 78553d73af..d650808036 100755 --- a/kubernetes/oof/components/oof-has/resources/config/conductor.conf +++ b/kubernetes/oof/components/oof-has/resources/config/conductor.conf @@ -159,13 +159,13 @@ appkey = "" # # is_aaf_enabled. (boolean value) -is_aaf_enabled = true +is_aaf_enabled = {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} # aaf_cache_expiry_hrs. (integer value) aaf_cache_expiry_hrs = 3 # aaf_url. (string value) -aaf_url = https://{{.Values.config.aaf.serviceName}}:{{.Values.config.aaf.port}}/authz/perms/user/ +aaf_url = http{{ if (include "common.needTLS" .) }}s{{ end }}://{{.Values.config.aaf.serviceName}}:{{.Values.config.aaf.port}}/authz/perms/user/ # aaf_cert_file. (string value) #aaf_cert_file = <None> @@ -175,7 +175,7 @@ aaf_url = https://{{.Values.config.aaf.serviceName}}:{{.Values.config.aaf.port}} # aaf_ca_bundle_file. (string value) #aaf_ca_bundle_file = -aaf_ca_bundle_file = /usr/local/bin/AAF_RootCA.cer +aaf_ca_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }} # aaf_retries. (integer value) #aaf_retries = 3 @@ -193,9 +193,12 @@ aaf_ca_bundle_file = /usr/local/bin/AAF_RootCA.cer # From conductor # +# is_enabled. (boolean value) +is_enabled = {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} + # Base URL for SMS, up to and not including the version, and without a trailing # slash. (string value) -aaf_sms_url = https://{{.Values.config.sms.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.sms.port}} +aaf_sms_url = http{{ if (include "common.needTLS" .) }}s{{ end }}://{{.Values.config.sms.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.sms.port}} # Timeout for SMS API Call (integer value) @@ -231,7 +234,8 @@ complex_cache_refresh_interval = 60 # Base URL for A&AI, up to and not including the version, and without a # trailing slash. (string value) -server_url = https://{{.Values.config.aai.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.aai.port}}/aai +#server_url = https://{{.Values.config.aai.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.aai.port}}/aai +server_url = http{{ if (include "common.needTLS" .) }}s{{ end }}://{{.Values.config.aai.serviceName}}.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.aai.port .Values.config.aai.plainPort }}/aai # Timeout for A&AI Rest Call (string value) #aai_rest_timeout = 30 @@ -252,7 +256,7 @@ certificate_key_file = # Certificate Authority Bundle file in pem format. Must contain the appropriate # trust chain for the Certificate file. (string value) #certificate_authority_bundle_file = certificate_authority_bundle.pem -certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer +certificate_authority_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }} # Username for AAI. (string value) username = OOF @@ -676,7 +680,8 @@ concurrent = true # Base URL for SDC, up to and not including the version, and without a # trailing slash. (string value) #server_url = https://controller:8443/sdc -server_url = https://{{.Values.config.sdc.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.sdc.port}}/sdc +#server_url = https://{{.Values.config.sdc.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.sdc.port}}/sdc +server_url = http{{ if (include "common.needTLS" .) }}s{{ end }}://{{.Values.config.sdc.serviceName}}.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.sdc.port .Values.config.sdc.plainPort }}/sdc # Timeout for SDC Rest Call (string value) #sdc_rest_timeout = 30 @@ -699,7 +704,7 @@ certificate_key_file = # Certificate Authority Bundle file in pem format. Must contain the appropriate # trust chain for the Certificate file. (string value) #certificate_authority_bundle_file = certificate_authority_bundle.pem -certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer +certificate_authority_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }} # Username for SDC. (string value) #username = @@ -744,7 +749,7 @@ certificate_key_file = # Certificate Authority Bundle file in pem format. Must contain the appropriate # trust chain for the Certificate file. (string value) #certificate_authority_bundle_file = certificate_authority_bundle.pem -certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer +certificate_authority_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }} # Username for CPS. (string value) #username = @@ -788,7 +793,7 @@ certificate_key_file = # Certificate Authority Bundle file in pem format. Must contain the appropriate # trust chain for the Certificate file. (string value) #certificate_authority_bundle_file = certificate_authority_bundle.pem -certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer +certificate_authority_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }} # Username for DCAE. (string value) #username = diff --git a/kubernetes/oof/components/oof-has/resources/config/nginx.conf b/kubernetes/oof/components/oof-has/resources/config/nginx.conf index cbb1b60a58..9272e8581c 100644 --- a/kubernetes/oof/components/oof-has/resources/config/nginx.conf +++ b/kubernetes/oof/components/oof-has/resources/config/nginx.conf @@ -11,12 +11,17 @@ http { server { +{{ if (include "common.needTLS" .) }} listen 8091 ssl; server_name oof; ssl_certificate /opt/bitnami/nginx/org.onap.oof.crt; ssl_certificate_key /opt/bitnami/nginx/ssl/local/org.onap.oof.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; +{{ else }} + listen 8091; + server_name oof; +{{ end }} location / { include /opt/bitnami/nginx/conf/uwsgi_params; |