From 736bf37d0369fd88154f228efa4d94dd37156486 Mon Sep 17 00:00:00 2001 From: amatthews Date: Tue, 14 Dec 2021 16:04:15 +0000 Subject: [POLICY] Service Mesh Compliance for Policy Updating the basic requirements for Service Mesh Compliance within Policy. Changing the DB jobs and updating the configuration files to use HTTP Issue-ID: OOM-2253 Change-Id: If1aed68f0ed2f00d6a5cf06e5f95837f9405f65b Signed-off-by: amatthews Signed-off-by: jhh --- .../policy-pap/resources/config/papParameters.yaml | 16 ++++++++-------- .../components/policy-pap/templates/deployment.yaml | 2 +- kubernetes/policy/components/policy-pap/values.yaml | 1 - 3 files changed, 9 insertions(+), 10 deletions(-) (limited to 'kubernetes/policy/components/policy-pap') diff --git a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml index 7cb32d0079..8fe4fac5fb 100644 --- a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml +++ b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml @@ -57,7 +57,7 @@ spring: server: port: 6969 ssl: - enabled: true + enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} pap: name: PapGroup @@ -76,7 +76,7 @@ pap: - topic: POLICY-PDP-PAP servers: - message-router - useHttps: true + useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} fetchTimeout: 15000 topicCommInfrastructure: dmaap - topic: POLICY-HEARTBEAT @@ -84,19 +84,19 @@ pap: consumerGroup: policy-pap servers: - message-router - useHttps: true + useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} fetchTimeout: 15000 topicCommInfrastructure: dmaap topicSinks: - topic: POLICY-PDP-PAP servers: - message-router - useHttps: true + useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} topicCommInfrastructure: dmaap - topic: POLICY-NOTIFICATION servers: - message-router - useHttps: true + useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} topicCommInfrastructure: dmaap # If Strimzi Kafka to be used for communication, replace following configuration for topicSources and topicSinks # servers: @@ -113,19 +113,19 @@ pap: port: 6969 userName: "${API_USER}" password: "${API_PASSWORD}" - useHttps: true + useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} basePath: policy/api/v1/healthcheck - clientName: distribution hostname: policy-distribution port: 6969 userName: "${DISTRIBUTION_USER}" password: "${DISTRIBUTION_PASSWORD}" - useHttps: true + useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} basePath: healthcheck - clientName: dmaap hostname: message-router port: 3905 - useHttps: true + useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} basePath: topics management: diff --git a/kubernetes/policy/components/policy-pap/templates/deployment.yaml b/kubernetes/policy/components/policy-pap/templates/deployment.yaml index 6f02f8e4c0..e05204249e 100755 --- a/kubernetes/policy/components/policy-pap/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-pap/templates/deployment.yaml @@ -112,7 +112,7 @@ spec: httpHeaders: - name: Authorization value: Basic {{ printf "%s:%s" .Values.restServer.user .Values.restServer.password | b64enc }} - scheme: {{ .Values.readiness.scheme }} + scheme: {{ (eq "true" (include "common.needTLS" .)) | ternary "HTTPS" "HTTP" }} successThreshold: {{ .Values.readiness.successThreshold }} failureThreshold: {{ .Values.readiness.failureThreshold }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml index 0dc6dbe4dc..cc66af9146 100755 --- a/kubernetes/policy/components/policy-pap/values.yaml +++ b/kubernetes/policy/components/policy-pap/values.yaml @@ -148,7 +148,6 @@ readiness: periodSeconds: 120 port: http-api api: /policy/pap/v1/healthcheck - scheme: HTTPS successThreshold: 1 failureThreshold: 3 timeout: 60 -- cgit 1.2.3-korg