scottk/wlan-cloud-helm
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/wlan-cloud-helm.git synced 2025-10-31 18:47:47 +00:00
Code Issues Packages Projects Releases 3 Wiki Activity

Merge pull request #61 from Telecominfraproject/WIFI-1319-SslIssue

Browse Source 
Wifi 1319 ssl issue
This commit is contained in:
yongchen-cu
2021-02-22 14:32:54 -05:00
committed by GitHub
parent 8670131e21 b833901b14
commit 0060ce09ac
9 changed files with 47 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
tip-wlan/charts/nginx-ingress-controller/templates/controller-configmap.yaml
View File

@@ -8,3 +8,4 @@ metadata:
data: data:
external-status-address: {{ .Values.controller.config.externalStatusAddress }} external-status-address: {{ .Values.controller.config.externalStatusAddress }}
client-max-body-size: {{ .Values.controller.config.clientMaxBodySize }} client-max-body-size: {{ .Values.controller.config.clientMaxBodySize }}
error-log-level: {{ .Values.controller.config.errorLogLevel }}

2
tip-wlan/charts/nginx-ingress-controller/values.yaml
View File

@@ -56,6 +56,8 @@ controller:
## Max message size coming from the Client ## Max message size coming from the Client
clientMaxBodySize: "20m" clientMaxBodySize: "20m"
## Error
errorLogLevel: "error"
## It is recommended to use your own TLS certificates and keys ## It is recommended to use your own TLS certificates and keys
defaultTLS: defaultTLS:
## The base64-encoded TLS certificate for the default HTTPS server. If not specified, a pre-generated self-signed certificate is used. ## The base64-encoded TLS certificate for the default HTTPS server. If not specified, a pre-generated self-signed certificate is used.

2
tip-wlan/charts/wlan-portal-service/resources/config/logback.xml
View File

@@ -7,7 +7,7 @@
<!-- For professional support please see --> <!-- For professional support please see -->
<!-- http://www.qos.ch/shop/products/professionalSupport --> <!-- http://www.qos.ch/shop/products/professionalSupport -->
<!-- --> <!-- -->
<configuration> <configuration scan="true" scanPeriod="30 seconds">
<conversionRule conversionWord="filteredStack" <conversionRule conversionWord="filteredStack"
converterClass="com.telecominfraproject.wlan.server.exceptions.logback.ExceptionCompressingConverter" /> converterClass="com.telecominfraproject.wlan.server.exceptions.logback.ExceptionCompressingConverter" />

14
tip-wlan/charts/wlan-portal-service/resources/config/ssl.properties Normal file
View File

@@ -0,0 +1,14 @@
truststorePass={{ .Values.global.certificatePasswords.sslTruststore }}
truststoreFile=file:///opt/tip-wlan/certs/truststore.jks
truststoreType=JKS
truststoreProvider=SUN
keyAlias=1
keystorePass={{ .Values.global.certificatePasswords.sslKeystore }}
keystoreFile=file:///opt/tip-wlan/certs/server.pkcs12
keystoreType=pkcs12
keystoreProvider=SunJSSE
sslProtocol=TLS
sslEnabledProtocols=TLSv1.2,TLSv1.1,TLSv1
sslCiphers=TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA

10
tip-wlan/charts/wlan-portal-service/templates/secret.yaml Normal file
View File

@@ -0,0 +1,10 @@
{{- if not .Values.tlsv13.enabled }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.fullname" . }}-ssl-config
namespace: {{ include "common.namespace" . }}
type: Opaque
data:
ssl.properties: {{ tpl ( .Files.Get "resources/config/ssl.properties" ) . | b64enc }}
{{- end }}

12
tip-wlan/charts/wlan-portal-service/templates/statefulset.yaml
View File

@@ -113,9 +113,12 @@ spec:
- mountPath: /opt/tip-wlan/certs/server.pkcs12 - mountPath: /opt/tip-wlan/certs/server.pkcs12
name: certificates name: certificates
subPath: server.pkcs12 subPath: server.pkcs12
- mountPath: /app/portal/logback.xml - mountPath: /app/portal/log
name: logback-config name: logback-config
subPath: logback.xml {{- if not .Values.tlsv13.enabled }}
- mountPath: /app/portal/certs
name: ssl-config
{{- end }}
- mountPath: {{ $file_store_path }} - mountPath: {{ $file_store_path }}
name: file-store-data name: file-store-data
{{- include "jmxPrometheus.configVolumeMount" . | nindent 10 }} {{- include "jmxPrometheus.configVolumeMount" . | nindent 10 }}
@@ -155,6 +158,11 @@ spec:
- name: logback-config - name: logback-config
configMap: configMap:
name: {{ include "common.fullname" . }}-log-config name: {{ include "common.fullname" . }}-log-config
{{- if not .Values.tlsv13.enabled }}
- name: ssl-config
secret:
secretName: {{ include "common.fullname" . }}-ssl-config
{{- end }}
{{- if not .Values.persistence.enabled }} {{- if not .Values.persistence.enabled }}
- name: file-store-data - name: file-store-data
emptyDir: {} emptyDir: {}

3
tip-wlan/charts/wlan-portal-service/values.yaml
View File

@@ -153,3 +153,6 @@ env:
# on the PV # on the PV
filestore: filestore:
internal: "/tmp/filestore" internal: "/tmp/filestore"
tlsv13:
enabled: true

2
tip-wlan/charts/wlan-prov-service/values.yaml
View File

@@ -128,7 +128,7 @@ affinity: {}
postgresql: postgresql:
url: postgresql url: postgresql
image: postgres:latest image: postgres:11
env: env:
protocol: https protocol: https

6
tip-wlan/example-values/microk8s-basic/values.yaml
View File

@@ -31,6 +31,8 @@ wlan-cloud-graphql-gw:
enabled: true enabled: true
env: env:
portalsvc: tip-wlan-wlan-portal-service:9051 portalsvc: tip-wlan-wlan-portal-service:9051
service:
type: ClusterIP
ingress: ingress:
hosts: hosts:
- host: wlan-ui-graphql.wlan.local - host: wlan-ui-graphql.wlan.local
@@ -45,8 +47,6 @@ wlan-cloud-static-portal:
enabled: true enabled: true
env: env:
graphql: https://wlan-ui-graphql.wlan.local graphql: https://wlan-ui-graphql.wlan.local
service:
type: NodePort
ingress: ingress:
hosts: hosts:
- host: wlan-ui.wlan.local - host: wlan-ui.wlan.local
@@ -67,6 +67,8 @@ wlan-portal-service:
type: LoadBalancer type: LoadBalancer
annotations: annotations:
metallb.universe.tf/allow-shared-ip: default metallb.universe.tf/allow-shared-ip: default
tlsv13:
enabled: false
wlan-prov-service: wlan-prov-service:
enabled: true enabled: true