From c808c9a48e0f6190f9db316cb00a5d7c9a3f9086 Mon Sep 17 00:00:00 2001 From: Kiran Kamineni Date: Mon, 14 May 2018 16:59:55 -0700 Subject: [PATCH] Enable https endpoint for SMS SMS got a new SAN certificate and we are using that in this deployment now. Applications will now query on https://aaf-sms.onap This should also fix the failing healthcheck for SMS -P3: Changing liveness and readiness probes to use https instead of tcp which was throwing up TLS error spam on the server Issue-ID: AAF-284 Change-Id: I654eced0bb75c8b5c807c45773f308d824dfb571 Signed-off-by: Kiran Kamineni --- .../charts/aaf-sms-quorumclient/resources/config/config.json | 7 +++++++ .../charts/aaf-sms-quorumclient/templates/configmap.yaml | 3 +-- .../charts/aaf-sms-quorumclient/templates/statefulset.yaml | 4 ++++ .../charts/aaf-sms/charts/aaf-sms-quorumclient/values.yaml | 8 -------- kubernetes/aaf/charts/aaf-sms/templates/deployment.yaml | 8 ++++++-- kubernetes/aaf/charts/aaf-sms/values.yaml | 12 ++++++------ 6 files changed, 24 insertions(+), 18 deletions(-) create mode 100644 kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/resources/config/config.json diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/resources/config/config.json b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/resources/config/config.json new file mode 100644 index 0000000000..3a43f00019 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/resources/config/config.json @@ -0,0 +1,7 @@ +{ + "url":"https://aaf-sms.{{ include "common.namespace" . }}:10443", + "cafile": "/quorumclient/certs/aaf_root_ca.cer", + "clientcert":"client.cert", + "clientkey":"client.key", + "timeout":"10s" +} \ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml index cacc368df1..9905a3cbee 100644 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml +++ b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml @@ -23,5 +23,4 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} data: - config.json: | - {{ .Values.config | toJson }} +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} \ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml index 483d6c5f17..281229f95c 100644 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml +++ b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml @@ -63,6 +63,10 @@ spec: - name : {{ include "common.name" . }} configMap: name: {{ include "common.fullname" . }} + items: + - key: config.json + path: config.json + mode: 0755 - name: {{ include "common.fullname" . }}-auth persistentVolumeClaim: claimName: {{ include "common.fullname" . }} diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/values.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/values.yaml index b528270eed..768f89fb7e 100644 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/values.yaml +++ b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/values.yaml @@ -36,14 +36,6 @@ debugEnabled: false # application configuration # Example: -config: - url: "http://aaf-sms:10443" - cafile: "selfsignedca.pem" - clientcert: "server.cert" - clientkey: "server.key" - timeout: "60s" - disable_tls: true - # default number of instances replicaCount: 3 diff --git a/kubernetes/aaf/charts/aaf-sms/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-sms/templates/deployment.yaml index 4235ad01af..4bdb84fa30 100644 --- a/kubernetes/aaf/charts/aaf-sms/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-sms/templates/deployment.yaml @@ -40,14 +40,18 @@ spec: - containerPort: {{ .Values.service.internalPort }} {{- if eq .Values.liveness.enabled true }} livenessProbe: - tcpSocket: + httpGet: port: {{ .Values.service.internalPort }} + scheme: HTTPS + path: /v1/sms/quorum/status initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} readinessProbe: - tcpSocket: + httpGet: port: {{ .Values.service.internalPort }} + scheme: HTTPS + path: /v1/sms/quorum/status initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: diff --git a/kubernetes/aaf/charts/aaf-sms/values.yaml b/kubernetes/aaf/charts/aaf-sms/values.yaml index fa01b38834..df2b6ab640 100644 --- a/kubernetes/aaf/charts/aaf-sms/values.yaml +++ b/kubernetes/aaf/charts/aaf-sms/values.yaml @@ -38,10 +38,10 @@ debugEnabled: false # Example: config: smsdbaddress: "http://aaf-sms-db:8200" - cafile: "/sms/auth/selfsignedca.pem" - servercert: "/sms/auth/server.cert" - serverkey: "/sms/auth/server.key" - disable_tls: true + cafile: "/sms/certs/aaf_root_ca.cer" + servercert: "/sms/certs/aaf-sms.pub" + serverkey: "/sms/certs/aaf-sms.pr" + password: "c2VjcmV0bWFuYWdlbWVudHNlcnZpY2VzZWNyZXRwYXNzd29yZA==" # subchart configuration vault: @@ -57,14 +57,14 @@ affinity: {} # probe configuration parameters liveness: initialDelaySeconds: 10 - periodSeconds: 20 + periodSeconds: 30 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true readiness: initialDelaySeconds: 10 - periodSeconds: 20 + periodSeconds: 30 service: type: NodePort -- 2.16.6