Network Discovery example


Java Code

The following implementation example of HTTPS for a POMBA Springboot Microservice can be found at https://gerrit.onap.org/r/#/c/74206/, some values may differ, but the following content should be the same.


applicaiton.properties: set the following attributes

application.properties
networkDiscoveryMicroService.port=8443
networkDiscoveryMicroService.httpProtocol=https


JerseyConfiguration.java: add an SSL Client Bean

jerseySslClient
 @Bean
    public Client jerseySslClient() throws NoSuchAlgorithmException, KeyManagementException {

        ClientConfig clientConfig = new ClientConfig();
        TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }

            public void checkClientTrusted(X509Certificate[] certs, String authType) {
            }

            public void checkServerTrusted(X509Certificate[] certs, String authType) {
            }
        } };

        SSLContext sc = SSLContext.getInstance("TLS");
        sc.init(null, trustAllCerts, new SecureRandom());
        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

        ClientBuilder.newClient(clientConfig);

        return ClientBuilder.newBuilder()
                .sslContext(sc)
                .hostnameVerifier(new HostnameVerifier() {
                    public boolean verify(String s, SSLSession sslSession) {
                        return true;
                    }
                })
                .withConfig(clientConfig).build();
    }


SpringSErviceImpl.java: use the SSL Client

SpringServiceImpl.java
    @Autowired
    private Client jerseySslClient;


OOM Code

For OOM deployment of the Network Discovery Example the following changes were required, https://gerrit.onap.org/r/#/c/74739/ :


applicaiton.properties

application.properties
#Enable HTTPS
server.port={{ .Values.config.serverSslPort }}
server.ssl.key-store={{ .Values.config.serverSslKeyStore }}
server.ssl.key-store-password={{ .Values.config.serverSslKeyStorePassword }}
server.ssl.client-auth={{ .Values.config.serverSslClientAuth }}
server.ssl.enabled={{ .Values.config.serverSslEnabled }}
server.ssl.enabled-protocols={{ .Values.config.serverSslEnabledProtocols }}


deployment.yaml: Note: the keystore must also be prvovided in the assigned directory

deployment.yaml
          - mountPath: /opt/app/config/auth/tomcat_keystore
            name: {{ include "common.fullname" . }}-auth-secret
            subPath: tomcat_keystore
            readOnly: true
:
:
          readinessProbe:
            httpGet:
              path: "/"
              scheme: "HTTPS"
:
:

          livenessProbe:
            httpGet:
              path: "/"
              scheme: "HTTPS"
              port: {{ .Values.service.internalPort }}


values.yaml

values.yaml
  #Enable HTTPS
  serverSslPort: 8443
  serverSslKeyStore: /opt/app/config/auth/tomcat_keystore
  serverSslKeyStorePassword: password(OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10)
  serverSslClientAuth: want
  serverSslEnabled: true
  serverSslEnabledProtocols: TLSv1.1,TLSv1.2

For POMBA Kibana microservice, the HTTPS configuration is done in OOM 


$oom-repo-root/kubernetes/pomba/charts/pomba-kibana/values.yaml

application.properties
#Enable HTTPS
 serverSslEnabled: true
 serverSslCertificate: /usr/share/kibana/auth/pomba.crt.pem
 serverSslKey: /usr/share/kibana/auth/pomba.key.pem
  • No labels