HTTPS for POMBA Microservices
- Trevor Tait
- Yong Chen
- nullop
Owned by Trevor Tait
Network Discovery example
Java Code
The following implementation example of HTTPS for a POMBA Springboot Microservice can be found at https://gerrit.onap.org/r/#/c/74206/, some values may differ, but the following content should be the same.
applicaiton.properties: set the following attributes
application.properties
networkDiscoveryMicroService.port=8443
networkDiscoveryMicroService.httpProtocol=httpsJerseyConfiguration.java: add an SSL Client Bean
jerseySslClient
@Bean
public Client jerseySslClient() throws NoSuchAlgorithmException, KeyManagementException {
ClientConfig clientConfig = new ClientConfig();
TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
}
} };
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, trustAllCerts, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
ClientBuilder.newClient(clientConfig);
return ClientBuilder.newBuilder()
.sslContext(sc)
.hostnameVerifier(new HostnameVerifier() {
public boolean verify(String s, SSLSession sslSession) {
return true;
}
})
.withConfig(clientConfig).build();
}SpringSErviceImpl.java: use the SSL Client
SpringServiceImpl.java
@Autowired
private Client jerseySslClient;OOM Code
For OOM deployment of the Network Discovery Example the following changes were required, https://gerrit.onap.org/r/#/c/74739/ :
applicaiton.properties
application.properties
deployment.yaml: Note: the keystore must also be prvovided in the assigned directory
deployment.yaml
values.yaml
values.yaml
For POMBA Kibana microservice, the HTTPS configuration is done in OOM
$oom-repo-root/kubernetes/pomba/charts/pomba-kibana/values.yaml