diff options
| author |   Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2021-04-07 17:26:25 +0200 |
|---|---|---|
| committer | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2021-09-08 15:24:05 +0200 |
| commit | c9f47135f5820c423ed0b6cf295be5a98624a73c (patch) | |
| tree | 43ebf5adcc626ff66992e3e41e19ee67b03a0dc2 /kubernetes/so | |
| parent | 6b6df44c23816874b9d138825ca1522492fe0a1d (diff) | |
[SO] Add TLS configuration for SO API Ingress
Instead of terminating TLS on SO POD, let's terminate it on its Ingress.
This patch uses certInitializer to create the right certificates and put them in
a secret.
This secret is then referenced on SO Ingress.
Issue-ID: SO-3078
Issue-ID: SO-3237
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Icdc8cf6fc84cb3b3c337b4f4e5320980eee06337
Diffstat (limited to 'kubernetes/so')
| -rwxr-xr-x | kubernetes/so/components/soHelpers/values.yaml | 2 | ||||
| -rwxr-xr-x | kubernetes/so/requirements.yaml | 3 | ||||
| -rwxr-xr-x | kubernetes/so/values.yaml | 21 |
3 files changed, 24 insertions, 2 deletions
diff --git a/kubernetes/so/components/soHelpers/values.yaml b/kubernetes/so/components/soHelpers/values.yaml index 938a6f9d00..2417d2553c 100755 --- a/kubernetes/so/components/soHelpers/values.yaml +++ b/kubernetes/so/components/soHelpers/values.yaml @@ -34,11 +34,11 @@ certInitializer: fqdn: so fqi: so@so.onap.org public_fqdn: so.onap.org + fqi_namespace: org.onap.so cadi_longitude: '0.0' cadi_latitude: '0.0' app_ns: org.osaaf.aaf credsPath: /opt/app/osaaf/local - qi_namespace: org.onap.so aaf_add_config: | echo "cadi_truststore_password=$cadi_truststore_password" > {{ .Values.credsPath }}/mycreds.prop echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" >> {{ .Values.credsPath }}/mycreds.prop diff --git a/kubernetes/so/requirements.yaml b/kubernetes/so/requirements.yaml index f2fc70c1f9..af95ab85ce 100755 --- a/kubernetes/so/requirements.yaml +++ b/kubernetes/so/requirements.yaml @@ -18,6 +18,9 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' + - name: certInitializer + version: ~8.x-0 + repository: '@local' - name: readinessCheck version: ~8.x-0 repository: '@local' diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index ca2fe07b22..064415927f 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -151,6 +151,24 @@ aaf: trustore: org.onap.so.trust.jks ################################################################# +# AAF part for Ingress +################################################################# +certInitializer: + nameOverride: so-tls-cert + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: so + fqi: so@so.onap.org + public_fqdn: so.onap.org + fqi_namespace: org.onap.so + cadi_longitude: '0.0' + cadi_latitude: '0.0' + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + ingressTlsSecret: '{{ include "common.release" . }}-so-ingress-certs' + +################################################################# # Application configuration defaults. ################################################################# @@ -263,7 +281,8 @@ ingress: name: 'so' port: 8080 config: - ssl: 'none' + tls: + secret: '{{ include "common.release" . }}-so-ingress-certs' mso: adapters: |