...
- Not all service will switch to TLS interface for El-Alto
- CBS deployments must support both HTTPS and HTTP in-parallel
- SDK library (python and java) have separate api/version to let application choose migration
- *Cannot* deploy two instances in the same pod (CBS http and CBS HTTPS) under the same K8S service (To to be confirmed)
Migration Plan
Following are impacts to components to be done in specified order
CBS Enhancement (DCAEGEN2-1549)
...
Library Enhancement (CBS java sdk - DCAEGEN2-1552, CBS python util - DCAEGEN2-1551)
(Below to be confirmed based on K8s Plugin updates)
- Verify if the new environment setting for TLS (below) added by K8s plugin is visible within POD.
- CONFIG_BINDING_SERVICE_TLS=<https_cbs_service_name>
- CONFIG_BINDING_SERVICE_CLIENTCERT=<path>
- If defined, use the secure end-point to interface with CBS (port 10443)
- If TLS envs are undefined, use R4 service name and port (10000) to interface with CBS
...