Merge "Update OOM to for HTTPS for Network Discovery"

author Alexis de Talhouët <alexis.de_talhouet@bell.ca>

Wed, 12 Dec 2018 18:44:12 +0000 (18:44 +0000)

committer Gerrit Code Review <gerrit@onap.org>

Wed, 12 Dec 2018 18:44:12 +0000 (18:44 +0000)
author Alexis de Talhouët <alexis.de_talhouet@bell.ca>
Wed, 12 Dec 2018 18:44:12 +0000 (18:44 +0000)
committer Gerrit Code Review <gerrit@onap.org>
Wed, 12 Dec 2018 18:44:12 +0000 (18:44 +0000)
diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/application.properties b/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/application.properties

index a59cf41..cccba6b 100644 (file)
--- a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/application.properties
+++ b/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/application.properties
@@ -31,6 +31,14 @@ server.tomcat.max-idle-time=60000
  #Servlet context parameters
  server.context_parameters.p-name=value #context parameter with p-name as key and value as value.
  
+#Enable HTTPS
+server.port={{ .Values.config.serverSslPort }}
+server.ssl.key-store={{ .Values.config.serverSslKeyStore }}
+server.ssl.key-store-password={{ .Values.config.serverSslKeyStorePassword }}
+server.ssl.client-auth={{ .Values.config.serverSslClientAuth }}
+server.ssl.enabled={{ .Values.config.serverSslEnabled }}
+server.ssl.enabled-protocols={{ .Values.config.serverSslEnabledProtocols }}
+
  # Basic Authentication
  basicAuth.username={{ .Values.config.networkDiscoveryUserId }}
  basicAuth.password={{ .Values.config.networkDiscoveryPassword }}
diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/auth/tomcat_keystore b/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/auth/tomcat_keystore

new file mode 100644 (file)

index 0000000..9eec841

Binary files /dev/null and b/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/auth/tomcat_keystore differ
diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/deployment.yaml b/kubernetes/pomba/charts/pomba-networkdiscovery/templates/deployment.yaml

index 91b4c5a..7b955b4 100644 (file)
--- a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/deployment.yaml
+++ b/kubernetes/pomba/charts/pomba-networkdiscovery/templates/deployment.yaml
@@ -68,6 +68,10 @@ spec:
              name: {{ include "common.fullname" . }}-auth-secret\r
              subPath: client-cert-onap.p12\r
              readOnly: true\r
+          - mountPath: /opt/app/config/auth/tomcat_keystore\r
+            name: {{ include "common.fullname" . }}-auth-secret\r
+            subPath: tomcat_keystore\r
+            readOnly: true\r
  \r
            resources:\r
  {{ include "common.resources" . | indent 12 }}\r
diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/values.yaml b/kubernetes/pomba/charts/pomba-networkdiscovery/values.yaml

index 35369e7..33eb2b8 100644 (file)
--- a/kubernetes/pomba/charts/pomba-networkdiscovery/values.yaml
+++ b/kubernetes/pomba/charts/pomba-networkdiscovery/values.yaml
@@ -34,6 +34,15 @@ debugEnabled: false
  # Example:
  config:
    # Network Discovery Micro Service REST Client Configuration
+
+  #Enable HTTPS
+  serverSslPort: 8443
+  serverSslKeyStore: /opt/app/config/auth/tomcat_keystore
+  serverSslKeyStorePassword: password(OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10)
+  serverSslClientAuth: want
+  serverSslEnabled: true
+  serverSslEnabledProtocols: TLSv1.1,TLSv1.2
+
    # Basic Authorization credentials for Network Discovery Micro Service Rest Service
    networkDiscoveryUserId: admin
    networkDiscoveryPassword: OBF:1u2a1toa1w8v1tok1u30
@@ -77,8 +86,8 @@ service:
    #service being defined.
    type: NodePort
    name: pomba-networkdiscovery  
-  externalPort: 8080
-  internalPort: 8080
+  externalPort: 8443
+  internalPort: 8443
    nodePort: 99
  #  nodePort: <replace with unused node port suffix eg. 23>
    # optional port name override - default can be defined in service.yaml
diff --git a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/values.yaml b/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/values.yaml

index ff1f6c8..9e4a880 100644 (file)
--- a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/values.yaml
+++ b/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/values.yaml
@@ -52,7 +52,7 @@ config:
    # Network Discovery Micro Service REST Client Configuration
    networkDiscoveryServiceName: pomba-networkdiscovery
    networkDiscoveryPort: 9531
-  networkDiscoveryHttpProtocol: http
+  networkDiscoveryHttpProtocol: https
    networkDiscoveryPath: /network-discovery/v1/network/resource
    # Wait for Network Discovery MicroService response in milliseconds
    networkDiscoveryTimeOutInMilliseconds: 60000
@@ -116,4 +116,4 @@ resources:
      requests:
        cpu: 200m
        memory: 800Mi
-  unlimited: {}
-\ No newline at end of file
+  unlimited: {}
author	Alexis de Talhouët <alexis.de_talhouet@bell.ca>
	Wed, 12 Dec 2018 18:44:12 +0000 (18:44 +0000)
committer	Gerrit Code Review <gerrit@onap.org>
	Wed, 12 Dec 2018 18:44:12 +0000 (18:44 +0000)
kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/application.properties		patch \| blob \| history
kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/auth/tomcat_keystore	[new file with mode: 0644]	patch \| blob
kubernetes/pomba/charts/pomba-networkdiscovery/templates/deployment.yaml		patch \| blob \| history
kubernetes/pomba/charts/pomba-networkdiscovery/values.yaml		patch \| blob \| history
kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/values.yaml		patch \| blob \| history