From 08a72d6b583fbb9a651cab98dc63e3f3f8ae8b0d Mon Sep 17 00:00:00 2001 From: "r.bogacki" Date: Tue, 1 Oct 2019 08:43:44 +0200 Subject: Enabled HTTPS for sdc-workflow-designer -Enabled HTTPS for frontend and backend -Updated paths and passwords for a certificates Issue-ID: SDC-2479 Signed-off-by: Robert Bogacki Signed-off-by: Krystian Kedron Change-Id: Ic4b379bc2eb73a984221fa06ddc0fe8f0fa2116b --- .../charts/sdc-wfd-fe/templates/deployment.yaml | 31 ++-------------------- kubernetes/sdc/charts/sdc-wfd-fe/values.yaml | 12 ++++----- 2 files changed, 8 insertions(+), 35 deletions(-) (limited to 'kubernetes/sdc/charts/sdc-wfd-fe') diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml index 0be06f3985..1daee714b6 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml @@ -75,41 +75,15 @@ spec: value: "{{ .Values.config.isHttpsEnabled}}" {{ if and .Values.config.isHttpsEnabled (eq .Values.security.isDefaultStore false) }} - name: KEYSTORE_PASS - {{- if .Values.global.security.keysFromCa }} - valueFrom: - secretKeyRef: - name: mft-sdc - key: keystore-password.txt - {{ else }} - value: {{ .Values.global.security.keyStorePass}} - {{- end }} + value: "{{ .Values.security.keystorePass}}" - name: TRUSTSTORE_PASS - {{- if .Values.global.security.keysFromCa }} - valueFrom: - secretKeyRef: - name: mft-catruststore - key: keystore-password.txt - {{ else }} - value: {{ .Values.global.security.trustStorePass}} - {{- end }} + value: "{{ .Values.security.truststorePass}}" - name: TRUSTSTORE_PATH value: "{{ .Values.security.storePath }}/{{ .Values.security.truststoreFilename }}" - name: KEYSTORE_PATH value: "{{ .Values.security.storePath }}/{{ .Values.security.keystoreFilename }}" - - name: TRUSTSTORE_TYPE - value: {{ .Values.security.truststore.type }} - - name: KEYSTORE_TYPE - value: {{ .Values.security.keystore.type }} {{ end }} volumeMounts: - {{ if and .Values.config.isHttpsEnabled (eq .Values.security.isDefaultStore false) }} - - name: {{ include "common.fullname" . }}-jetty-https-truststore - mountPath: /var/lib/jetty/{{ .Values.security.storePath }}/{{ .Values.security.truststoreFilename }} - subPath: {{ .Values.security.truststoreFilename }} - - name: {{ include "common.fullname" . }}-jetty-https-keystore - mountPath: /var/lib/jetty/etc/{{ .Values.security.storePath }}/{{ .Values.security.keystoreFilename }} - subPath: {{ .Values.security.keystoreFilename }} - {{ end }} - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime readOnly: true @@ -123,7 +97,6 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - # side car containers - name: {{ include "common.name" . }}-filebeat-onap image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml index 91cdead023..54e0e9b229 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/workflow-frontend:1.5.1 +image: onap/workflow-frontend:1.5.2 pullPolicy: Always # flag to enable debugging - application support required @@ -41,11 +41,11 @@ config: # https relevant settings. Change in case you have other trust files then default ones. security: - isDefaultStore: true - truststoreType: "JKS" - keystoreType: "JKS" - truststoreFilename: "truststore" - keystoreFilename: "keystore" + isDefaultStore: false + truststoreFilename: "org.onap.sdc.trust.jks" + keystoreFilename: "org.onap.sdc.p12" + keystorePass: "!ppJ.JvWn0hGh)oVF]([Kv)^" + truststorePass: "].][xgtze]hBhz*wy]}m#lf*" storePath: "etc" # default number of instances -- cgit 1.2.3-korg