From c40d75739834fe2bd237d543cc9f8549931620af Mon Sep 17 00:00:00 2001 From: "Tait,Trevor(rt0435)" Date: Mon, 10 Dec 2018 11:37:25 -0500 Subject: Update OOM to for HTTPS for Network Discovery Issue-ID: SDNC-375 Change-Id: Ib1c045f08654e39d613a57f37cd336c129875604 Signed-off-by: Tait,Trevor(rt0435) --- .../resources/config/application.properties | 8 ++++++++ .../resources/config/auth/tomcat_keystore | Bin 0 -> 2214 bytes .../pomba-networkdiscovery/templates/deployment.yaml | 4 ++++ .../pomba/charts/pomba-networkdiscovery/values.yaml | 13 +++++++++++-- .../charts/pomba-networkdiscoveryctxbuilder/values.yaml | 4 ++-- 5 files changed, 25 insertions(+), 4 deletions(-) create mode 100644 kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/auth/tomcat_keystore (limited to 'kubernetes/pomba/charts') diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/application.properties b/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/application.properties index a59cf41b33..cccba6b7bc 100644 --- a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/application.properties +++ b/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/application.properties @@ -31,6 +31,14 @@ server.tomcat.max-idle-time=60000 #Servlet context parameters server.context_parameters.p-name=value #context parameter with p-name as key and value as value. +#Enable HTTPS +server.port={{ .Values.config.serverSslPort }} +server.ssl.key-store={{ .Values.config.serverSslKeyStore }} +server.ssl.key-store-password={{ .Values.config.serverSslKeyStorePassword }} +server.ssl.client-auth={{ .Values.config.serverSslClientAuth }} +server.ssl.enabled={{ .Values.config.serverSslEnabled }} +server.ssl.enabled-protocols={{ .Values.config.serverSslEnabledProtocols }} + # Basic Authentication basicAuth.username={{ .Values.config.networkDiscoveryUserId }} basicAuth.password={{ .Values.config.networkDiscoveryPassword }} diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/auth/tomcat_keystore b/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/auth/tomcat_keystore new file mode 100644 index 0000000000..9eec841aa2 Binary files /dev/null and b/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/auth/tomcat_keystore differ diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/deployment.yaml b/kubernetes/pomba/charts/pomba-networkdiscovery/templates/deployment.yaml index 91b4c5a254..7b955b4286 100644 --- a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/deployment.yaml +++ b/kubernetes/pomba/charts/pomba-networkdiscovery/templates/deployment.yaml @@ -68,6 +68,10 @@ spec: name: {{ include "common.fullname" . }}-auth-secret subPath: client-cert-onap.p12 readOnly: true + - mountPath: /opt/app/config/auth/tomcat_keystore + name: {{ include "common.fullname" . }}-auth-secret + subPath: tomcat_keystore + readOnly: true resources: {{ include "common.resources" . | indent 12 }} diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/values.yaml b/kubernetes/pomba/charts/pomba-networkdiscovery/values.yaml index 35369e7ba8..33eb2b82ed 100644 --- a/kubernetes/pomba/charts/pomba-networkdiscovery/values.yaml +++ b/kubernetes/pomba/charts/pomba-networkdiscovery/values.yaml @@ -34,6 +34,15 @@ debugEnabled: false # Example: config: # Network Discovery Micro Service REST Client Configuration + + #Enable HTTPS + serverSslPort: 8443 + serverSslKeyStore: /opt/app/config/auth/tomcat_keystore + serverSslKeyStorePassword: password(OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10) + serverSslClientAuth: want + serverSslEnabled: true + serverSslEnabledProtocols: TLSv1.1,TLSv1.2 + # Basic Authorization credentials for Network Discovery Micro Service Rest Service networkDiscoveryUserId: admin networkDiscoveryPassword: OBF:1u2a1toa1w8v1tok1u30 @@ -77,8 +86,8 @@ service: #service being defined. type: NodePort name: pomba-networkdiscovery - externalPort: 8080 - internalPort: 8080 + externalPort: 8443 + internalPort: 8443 nodePort: 99 # nodePort: # optional port name override - default can be defined in service.yaml diff --git a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/values.yaml b/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/values.yaml index ff1f6c86af..9e4a8807cb 100644 --- a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/values.yaml +++ b/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/values.yaml @@ -52,7 +52,7 @@ config: # Network Discovery Micro Service REST Client Configuration networkDiscoveryServiceName: pomba-networkdiscovery networkDiscoveryPort: 9531 - networkDiscoveryHttpProtocol: http + networkDiscoveryHttpProtocol: https networkDiscoveryPath: /network-discovery/v1/network/resource # Wait for Network Discovery MicroService response in milliseconds networkDiscoveryTimeOutInMilliseconds: 60000 @@ -116,4 +116,4 @@ resources: requests: cpu: 200m memory: 800Mi - unlimited: {} \ No newline at end of file + unlimited: {} -- cgit 1.2.3-korg