For Kohn we still base on AAF CM to provide TLS on the external
DCAE services:
- dcae-ves-collector
- dcae-hv-ves-collector
- dcae-datafile-collector
- dcae-pm-mapper connection to dmaap-dr-node
For London this will be changed to use Ingress TLS
Issue-ID: OOM-2775
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Change-Id: I1deb6492483c6ae2db7b5437319dc722d78727c0
(cherry picked from commit
3502e73a2762fc50f9ba3ae5d65a3efe5f05bead)
# TLS role -- set to true if microservice acts as server
# If true, an init container will retrieve a server cert
# and key from AAF and mount them in certDirectory.
# TLS role -- set to true if microservice acts as server
# If true, an init container will retrieve a server cert
# and key from AAF and mount them in certDirectory.
# CMPv2 certificate
# It is used only when:
# CMPv2 certificate
# It is used only when:
readinessCheck:
wait_for:
containers:
readinessCheck:
wait_for:
containers:
- dmaap-bc
- dmaap-provisioning-job
- message-router
- dmaap-bc
- dmaap-provisioning-job
- message-router
- name: common
version: ~11.x-0
repository: '@local'
- name: common
version: ~11.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~11.x-0
+ repository: '@local'
- name: repositoryGenerator
version: ~11.x-0
repository: '@local'
- name: repositoryGenerator
version: ~11.x-0
repository: '@local'
# TLS role -- set to true if microservice acts as server
# If true, an init container will retrieve a server cert
# and key from AAF and mount them in certDirectory.
# TLS role -- set to true if microservice acts as server
# If true, an init container will retrieve a server cert
# and key from AAF and mount them in certDirectory.
secrets:
- uid: hv-ves-kafka-secret
secrets:
- uid: hv-ves-kafka-secret
create: true
# dependencies
create: true
# dependencies
+readinessCheck:
+ wait_for:
+ - aaf-cm
# probe configuration
readiness:
# probe configuration
readiness:
server.idleTimeoutSec: 300
server.listenPort: 6061
cbs.requestIntervalSec: 5
server.idleTimeoutSec: 300
server.listenPort: 6061
cbs.requestIntervalSec: 5
- security.sslDisable: true
+ security.sslDisable: false
security.keys.keyStoreFile: /etc/ves-hv/ssl/cert.jks
security.keys.keyStorePasswordFile: /etc/ves-hv/ssl/jks.pass
security.keys.trustStoreFile: /etc/ves-hv/ssl/trust.jks
security.keys.keyStoreFile: /etc/ves-hv/ssl/cert.jks
security.keys.keyStorePasswordFile: /etc/ves-hv/ssl/jks.pass
security.keys.trustStoreFile: /etc/ves-hv/ssl/trust.jks
key_store_pass_path: /opt/app/pm-mapper/etc/cert/jks.pass
trust_store_path: /opt/app/pm-mapper/etc/cert/trust.jks
trust_store_pass_path: /opt/app/pm-mapper/etc/cert/trust.pass
key_store_pass_path: /opt/app/pm-mapper/etc/cert/jks.pass
trust_store_path: /opt/app/pm-mapper/etc/cert/trust.jks
trust_store_pass_path: /opt/app/pm-mapper/etc/cert/trust.pass
- dmaap_dr_delete_endpoint: http://dmaap-dr-node:8080/delete
+ dmaap_dr_delete_endpoint: https://dmaap-dr-node:8443/delete
streams_publishes:
dmaap_publisher:
type: message_router
streams_publishes:
dmaap_publisher:
type: message_router
# TLS role -- set to true if microservice acts as server
# If true, an init container will retrieve a server cert
# and key from AAF and mount them in certDirectory.
# TLS role -- set to true if microservice acts as server
# If true, an init container will retrieve a server cert
# and key from AAF and mount them in certDirectory.
# CMPv2 certificate
# It is used only when:
# CMPv2 certificate
# It is used only when:
# dependencies
readinessCheck:
wait_for:
# dependencies
readinessCheck:
wait_for:
- message-router
# probe configuration
- message-router
# probe configuration