Enable https endpoint for SMS

SMS got a new SAN certificate and we are
using that in this deployment now.
Applications will now query on https://aaf-sms.onap
This should also fix the failing healthcheck
for SMS

-P3: Changing liveness and readiness probes to use
 https instead of tcp which was throwing up TLS error
 spam on the server

Issue-ID: AAF-284
Change-Id: I654eced0bb75c8b5c807c45773f308d824dfb571
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>

diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/resources/config/config.json b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/resources/config/config.json
new file mode 100644 (file)
index 0000000..3a43f00
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/resources/config/config.json
@@ -0,0 +1,7 @@
+{
+    "url":"https://aaf-sms.{{ include "common.namespace" . }}:10443",
+    "cafile": "/quorumclient/certs/aaf_root_ca.cer",
+    "clientcert":"client.cert",
+    "clientkey":"client.key",
+    "timeout":"10s"
+}
\ No newline at end of file

diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml
index cacc368..9905a3c 100644 (file)
--- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml
+++ b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/configmap.yaml
@@ -23,5 +23,4 @@ metadata:
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
 data:
-  config.json: |
-    {{ .Values.config | toJson }}
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
\ No newline at end of file

diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml
index 483d6c5..281229f 100644 (file)
--- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml
+++ b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/templates/statefulset.yaml
@@ -63,6 +63,10 @@ spec:
       - name : {{ include "common.name" . }}
         configMap:
           name: {{ include "common.fullname" . }}
+          items:
+          - key: config.json
+            path: config.json
+            mode: 0755
       - name: {{ include "common.fullname" . }}-auth
         persistentVolumeClaim:
           claimName: {{ include "common.fullname" . }}

diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/values.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/values.yaml
index b528270..768f89f 100644 (file)
--- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/values.yaml
+++ b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-quorumclient/values.yaml
@@ -36,14 +36,6 @@ debugEnabled: false
 
 # application configuration
 # Example:
-config:
-  url: "http://aaf-sms:10443"
-  cafile: "selfsignedca.pem"
-  clientcert: "server.cert"
-  clientkey: "server.key"
-  timeout: "60s"
-  disable_tls: true
-
 # default number of instances
 replicaCount: 3
 

diff --git a/kubernetes/aaf/charts/aaf-sms/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-sms/templates/deployment.yaml
index 4235ad0..4bdb84f 100644 (file)
--- a/kubernetes/aaf/charts/aaf-sms/templates/deployment.yaml
+++ b/kubernetes/aaf/charts/aaf-sms/templates/deployment.yaml
@@ -40,14 +40,18 @@ spec:
         - containerPort: {{ .Values.service.internalPort }}
         {{- if eq .Values.liveness.enabled true }}
         livenessProbe:
-          tcpSocket:
+          httpGet:
             port: {{ .Values.service.internalPort }}
+            scheme: HTTPS
+            path: /v1/sms/quorum/status
           initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
           periodSeconds: {{ .Values.liveness.periodSeconds }}
         {{ end -}}
         readinessProbe:
-          tcpSocket:
+          httpGet:
             port: {{ .Values.service.internalPort }}
+            scheme: HTTPS
+            path: /v1/sms/quorum/status
           initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
           periodSeconds: {{ .Values.readiness.periodSeconds }}
         volumeMounts:

diff --git a/kubernetes/aaf/charts/aaf-sms/values.yaml b/kubernetes/aaf/charts/aaf-sms/values.yaml
index fa01b38..df2b6ab 100644 (file)
--- a/kubernetes/aaf/charts/aaf-sms/values.yaml
+++ b/kubernetes/aaf/charts/aaf-sms/values.yaml
@@ -38,10 +38,10 @@ debugEnabled: false
 # Example:
 config:
   smsdbaddress: "http://aaf-sms-db:8200"
-  cafile: "/sms/auth/selfsignedca.pem"
-  servercert: "/sms/auth/server.cert"
-  serverkey: "/sms/auth/server.key"
-  disable_tls: true
+  cafile: "/sms/certs/aaf_root_ca.cer"
+  servercert: "/sms/certs/aaf-sms.pub"
+  serverkey: "/sms/certs/aaf-sms.pr"
+  password: "c2VjcmV0bWFuYWdlbWVudHNlcnZpY2VzZWNyZXRwYXNzd29yZA=="
 
 # subchart configuration
 vault:
@@ -57,14 +57,14 @@ affinity: {}
 # probe configuration parameters
 liveness:
   initialDelaySeconds: 10
-  periodSeconds: 20
+  periodSeconds: 30
   # necessary to disable liveness probe when setting breakpoints
   # in debugger so K8s doesn't restart unresponsive container
   enabled: true
 
 readiness:
   initialDelaySeconds: 10
-  periodSeconds: 20
+  periodSeconds: 30
 
 service:
   type: NodePort