From 470aff07d7efc0243810b6e524e70b36e0194286 Mon Sep 17 00:00:00 2001 From: Andreas Geissler Date: Mon, 14 Nov 2022 13:37:48 +0100 Subject: [DCAE] Revert TLS disabling for external DCAE MSs For Kohn we still base on AAF CM to provide TLS on the external DCAE services: - dcae-ves-collector - dcae-hv-ves-collector - dcae-datafile-collector - dcae-pm-mapper connection to dmaap-dr-node For London this will be changed to use Ingress TLS Issue-ID: OOM-2775 Signed-off-by: Andreas Geissler Change-Id: I1deb6492483c6ae2db7b5437319dc722d78727c0 (cherry picked from commit 3502e73a2762fc50f9ba3ae5d65a3efe5f05bead) --- .../components/dcae-datafile-collector/values.yaml | 3 ++- .../dcaegen2-services/components/dcae-hv-ves-collector/Chart.yaml | 3 +++ .../dcaegen2-services/components/dcae-hv-ves-collector/values.yaml | 7 +++++-- kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml | 2 +- .../dcaegen2-services/components/dcae-ves-collector/values.yaml | 3 ++- 5 files changed, 13 insertions(+), 5 deletions(-) (limited to 'kubernetes') diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml index d990e4d299..cbe02a1bf9 100644 --- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml @@ -69,7 +69,7 @@ certDirectory: /opt/app/datafile/etc/cert # TLS role -- set to true if microservice acts as server # If true, an init container will retrieve a server cert # and key from AAF and mount them in certDirectory. -tlsServer: false +tlsServer: true # CMPv2 certificate # It is used only when: @@ -97,6 +97,7 @@ certificates: readinessCheck: wait_for: containers: + - aaf-cm - dmaap-bc - dmaap-provisioning-job - message-router diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/Chart.yaml index 162b624397..8c6fad9c64 100644 --- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/Chart.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/Chart.yaml @@ -27,6 +27,9 @@ dependencies: - name: common version: ~11.x-0 repository: '@local' + - name: readinessCheck + version: ~11.x-0 + repository: '@local' - name: repositoryGenerator version: ~11.x-0 repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml index 5d04aff9c8..da3f47358b 100644 --- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml @@ -59,7 +59,7 @@ certDirectory: /etc/ves-hv/ssl # TLS role -- set to true if microservice acts as server # If true, an init container will retrieve a server cert # and key from AAF and mount them in certDirectory. -tlsServer: false +tlsServer: true secrets: - uid: hv-ves-kafka-secret @@ -95,6 +95,9 @@ certificates: create: true # dependencies +readinessCheck: + wait_for: + - aaf-cm # probe configuration readiness: @@ -133,7 +136,7 @@ applicationConfig: server.idleTimeoutSec: 300 server.listenPort: 6061 cbs.requestIntervalSec: 5 - security.sslDisable: true + security.sslDisable: false security.keys.keyStoreFile: /etc/ves-hv/ssl/cert.jks security.keys.keyStorePasswordFile: /etc/ves-hv/ssl/jks.pass security.keys.trustStoreFile: /etc/ves-hv/ssl/trust.jks diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml index da4c638623..a2479b62e2 100644 --- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml @@ -139,7 +139,7 @@ applicationConfig: key_store_pass_path: /opt/app/pm-mapper/etc/cert/jks.pass trust_store_path: /opt/app/pm-mapper/etc/cert/trust.jks trust_store_pass_path: /opt/app/pm-mapper/etc/cert/trust.pass - dmaap_dr_delete_endpoint: http://dmaap-dr-node:8080/delete + dmaap_dr_delete_endpoint: https://dmaap-dr-node:8443/delete streams_publishes: dmaap_publisher: type: message_router diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml index 60d23230f8..e0b2b12087 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml @@ -59,7 +59,7 @@ certDirectory: /opt/app/dcae-certificate # TLS role -- set to true if microservice acts as server # If true, an init container will retrieve a server cert # and key from AAF and mount them in certDirectory. -tlsServer: false +tlsServer: true # CMPv2 certificate # It is used only when: @@ -86,6 +86,7 @@ certificates: # dependencies readinessCheck: wait_for: + - aaf-cm - message-router # probe configuration -- cgit 1.2.3-korg