[DCAE] Revert TLS disabling for external DCAE MSs
For Kohn we still base on AAF CM to provide TLS on the external
DCAE services:
- dcae-ves-collector
- dcae-hv-ves-collector
- dcae-datafile-collector
- dcae-pm-mapper connection to dmaap-dr-node
For London this will be changed to use Ingress TLS
Issue-ID: OOM-2775
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Change-Id: I1deb6492483c6ae2db7b5437319dc722d78727c0
diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml
index d990e4d..cbe02a1 100644
--- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml
@@ -69,7 +69,7 @@
# TLS role -- set to true if microservice acts as server
# If true, an init container will retrieve a server cert
# and key from AAF and mount them in certDirectory.
-tlsServer: false
+tlsServer: true
# CMPv2 certificate
# It is used only when:
@@ -97,6 +97,7 @@
readinessCheck:
wait_for:
containers:
+ - aaf-cm
- dmaap-bc
- dmaap-provisioning-job
- message-router
diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/Chart.yaml
index 502a6a8..59fda72 100644
--- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/Chart.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/Chart.yaml
@@ -27,6 +27,9 @@
- name: common
version: ~12.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~12.x-0
+ repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
index 5d04aff..da3f473 100644
--- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
@@ -59,7 +59,7 @@
# TLS role -- set to true if microservice acts as server
# If true, an init container will retrieve a server cert
# and key from AAF and mount them in certDirectory.
-tlsServer: false
+tlsServer: true
secrets:
- uid: hv-ves-kafka-secret
@@ -95,6 +95,9 @@
create: true
# dependencies
+readinessCheck:
+ wait_for:
+ - aaf-cm
# probe configuration
readiness:
@@ -133,7 +136,7 @@
server.idleTimeoutSec: 300
server.listenPort: 6061
cbs.requestIntervalSec: 5
- security.sslDisable: true
+ security.sslDisable: false
security.keys.keyStoreFile: /etc/ves-hv/ssl/cert.jks
security.keys.keyStorePasswordFile: /etc/ves-hv/ssl/jks.pass
security.keys.trustStoreFile: /etc/ves-hv/ssl/trust.jks
diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml
index da4c638..a2479b6 100644
--- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml
@@ -139,7 +139,7 @@
key_store_pass_path: /opt/app/pm-mapper/etc/cert/jks.pass
trust_store_path: /opt/app/pm-mapper/etc/cert/trust.jks
trust_store_pass_path: /opt/app/pm-mapper/etc/cert/trust.pass
- dmaap_dr_delete_endpoint: http://dmaap-dr-node:8080/delete
+ dmaap_dr_delete_endpoint: https://dmaap-dr-node:8443/delete
streams_publishes:
dmaap_publisher:
type: message_router
diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
index 60d2323..e0b2b12 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
@@ -59,7 +59,7 @@
# TLS role -- set to true if microservice acts as server
# If true, an init container will retrieve a server cert
# and key from AAF and mount them in certDirectory.
-tlsServer: false
+tlsServer: true
# CMPv2 certificate
# It is used only when:
@@ -86,6 +86,7 @@
# dependencies
readinessCheck:
wait_for:
+ - aaf-cm
- message-router
# probe configuration