aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/so
diff options
context:
space:
mode:
authorSylvain Desbureaux <sylvain.desbureaux@orange.com>2021-04-07 17:26:25 +0200
committerSylvain Desbureaux <sylvain.desbureaux@orange.com>2021-09-08 15:24:05 +0200
commitc9f47135f5820c423ed0b6cf295be5a98624a73c (patch)
tree43ebf5adcc626ff66992e3e41e19ee67b03a0dc2 /kubernetes/so
parent6b6df44c23816874b9d138825ca1522492fe0a1d (diff)
[SO] Add TLS configuration for SO API Ingress
Instead of terminating TLS on SO POD, let's terminate it on its Ingress. This patch uses certInitializer to create the right certificates and put them in a secret. This secret is then referenced on SO Ingress. Issue-ID: SO-3078 Issue-ID: SO-3237 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Icdc8cf6fc84cb3b3c337b4f4e5320980eee06337
Diffstat (limited to 'kubernetes/so')
-rwxr-xr-xkubernetes/so/components/soHelpers/values.yaml2
-rwxr-xr-xkubernetes/so/requirements.yaml3
-rwxr-xr-xkubernetes/so/values.yaml21
3 files changed, 24 insertions, 2 deletions
diff --git a/kubernetes/so/components/soHelpers/values.yaml b/kubernetes/so/components/soHelpers/values.yaml
index 938a6f9d00..2417d2553c 100755
--- a/kubernetes/so/components/soHelpers/values.yaml
+++ b/kubernetes/so/components/soHelpers/values.yaml
@@ -34,11 +34,11 @@ certInitializer:
fqdn: so
fqi: so@so.onap.org
public_fqdn: so.onap.org
+ fqi_namespace: org.onap.so
cadi_longitude: '0.0'
cadi_latitude: '0.0'
app_ns: org.osaaf.aaf
credsPath: /opt/app/osaaf/local
- qi_namespace: org.onap.so
aaf_add_config: |
echo "cadi_truststore_password=$cadi_truststore_password" > {{ .Values.credsPath }}/mycreds.prop
echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" >> {{ .Values.credsPath }}/mycreds.prop
diff --git a/kubernetes/so/requirements.yaml b/kubernetes/so/requirements.yaml
index f2fc70c1f9..af95ab85ce 100755
--- a/kubernetes/so/requirements.yaml
+++ b/kubernetes/so/requirements.yaml
@@ -18,6 +18,9 @@ dependencies:
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: certInitializer
+ version: ~8.x-0
+ repository: '@local'
- name: readinessCheck
version: ~8.x-0
repository: '@local'
diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml
index ca2fe07b22..064415927f 100755
--- a/kubernetes/so/values.yaml
+++ b/kubernetes/so/values.yaml
@@ -151,6 +151,24 @@ aaf:
trustore: org.onap.so.trust.jks
#################################################################
+# AAF part for Ingress
+#################################################################
+certInitializer:
+ nameOverride: so-tls-cert
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: so
+ fqi: so@so.onap.org
+ public_fqdn: so.onap.org
+ fqi_namespace: org.onap.so
+ cadi_longitude: '0.0'
+ cadi_latitude: '0.0'
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ ingressTlsSecret: '{{ include "common.release" . }}-so-ingress-certs'
+
+#################################################################
# Application configuration defaults.
#################################################################
@@ -263,7 +281,8 @@ ingress:
name: 'so'
port: 8080
config:
- ssl: 'none'
+ tls:
+ secret: '{{ include "common.release" . }}-so-ingress-certs'
mso:
adapters: