value: /Artifacts/Deployment/
- name: PACKAGE_PATH
value: /go/release/application/packages/
- - name: APLCM_SSL_MODE
- value: false
+ - name: HTTPS_FLAG
+ value: "false"
- name: CERTIFICATE_PATH
value: /go/release/certificates/server.cer
- name: KEY_PATH
resources: {}
#volumeMounts:
#- mountPath: /go/release/certificates/
- # name: server-cert
+ #name: server-cert
restartPolicy: Always
serviceAccountName: ""
#volumes:
# limitations under the License.
#Server is running on https port
-sed -i 's/value: false/value: true/g' applcm-broker-deployment.yaml
-sed -i 's/#volumeMounts/ volumeMounts/g' applcm-broker-deployment.yaml
-sed -i 's/#- mountPath/ - mountPath/g' applcm-broker-deployment.yaml
-sed -i 's/#name/ name/g' applcm-broker-deployment.yaml
-sed -i 's/#volumes/ volumes/g' applcm-broker-deployment.yaml
-sed -i 's/#- name/ - name/g' applcm-broker-deployment.yaml
-sed -i 's/#secret/ secret/g' applcm-broker-deployment.yaml
-sed -i 's/#secretName/ secretName/g' applcm-broker-deployment.yaml
+sed -i 's/value: \"false\"/value: \"true"/g' applcm-broker-deployment-ssl.yaml
+sed -i 's/#volumeMounts/volumeMounts/g' applcm-broker-deployment-ssl.yaml
+sed -i 's/#- mountPath/ - mountPath/g' applcm-broker-deployment-ssl.yaml
+sed -i 's/#name/ name/g' applcm-broker-deployment-ssl.yaml
+sed -i 's/#volumes/volumes/g' applcm-broker-deployment-ssl.yaml
+sed -i 's/#- name/ - name/g' applcm-broker-deployment-ssl.yaml
+sed -i 's/#secret/ secret/g' applcm-broker-deployment-ssl.yaml
+sed -i 's/#secretName/ secretName/g' applcm-broker-deployment-ssl.yaml
# limitations under the License.
#Server is running on https port
-sed -i 's/#- name/ - name/g' kong-k8s.yaml
-sed -i 's/#value/ value/g' kong-k8s.yaml
+sed -i 's/#- name/- name/g' kong-k8s-ssl.yaml
+sed -i 's/#value/value/g' kong-k8s-ssl.yaml
-sed -i 's/#volumeMounts/ volumeMounts/g' kong-k8s.yaml
-sed -i 's/#- name/ - name/g' kong-k8s.yaml
-sed -i 's/#mountPath/ mountPath/g' kong-k8s.yaml
-sed -i 's/#readOnly/ readOnly/g' kong-k8s.yaml
-sed -i 's/#volumes/ volumes/g' kong-k8s.yaml
-sed -i 's/#- name/ - name/g' kong-k8s.yaml
-sed -i 's/#secret/ secret/g' kong-k8s.yaml
-sed -i 's/#secretName/ secretName/g' kong-k8s.yaml
+sed -i 's/#volumeMounts/volumeMounts/g' kong-k8s-ssl.yaml
+sed -i 's/#- name/- name/g' kong-k8s-ssl.yaml
+sed -i 's/#mountPath/mountPath/g' kong-k8s-ssl.yaml
+sed -i 's/#readOnly/readOnly/g' kong-k8s-ssl.yaml
+sed -i 's/#volumes/volumes/g' kong-k8s-ssl.yaml
+sed -i 's/#- name/- name/g' kong-k8s-ssl.yaml
+sed -i 's/#secret/secret/g' kong-k8s-ssl.yaml
+sed -i 's/#secretName/secretName/g' kong-k8s-ssl.yaml
# limitations under the License.
#- name: Server is running on http port"
-sed -i 's/value: \"0\"/value: \"1"/g' mep-k8s.yaml
-sed -i 's/#volumeMounts/ volumeMounts/g' mep-k8s.yaml
-sed -i 's/#- name/ - name/g' mep-k8s.yaml
-sed -i 's/#mountPath/ mountPath/g' mep-k8s.yaml
-sed -i 's/#readOnly/ readOnly/g' mep-k8s.yaml
-sed -i 's/#volumes/ volumes/g' mep-k8s.yaml
-sed -i 's/#- name/ - name/g' mep-k8s.yaml
-sed -i 's/#secret/ secret/g' mep-k8s.yaml
-sed -i 's/#secretName/ secretName/g' mep-k8s.yaml
+sed -i 's/value: \"0\"/value: \"1"/g' mep-k8s-ssl.yaml
+sed -i 's/#volumeMounts/volumeMounts/g' mep-k8s-ssl.yaml
+sed -i 's/#- name/- name/g' mep-k8s-ssl.yaml
+sed -i 's/#mountPath/mountPath/g' mep-k8s-ssl.yaml
+sed -i 's/#readOnly/readOnly/g' mep-k8s-ssl.yaml
+sed -i 's/#volumes/volumes/g' mep-k8s-ssl.yaml
+sed -i 's/#- name/- name/g' mep-k8s-ssl.yaml
+sed -i 's/#secret/secret/g' mep-k8s-ssl.yaml
+sed -i 's/#secretName/secretName/g' mep-k8s-ssl.yaml
- name: modifying configuration to support https
shell:
- cmd: cp mep-k8s.yaml kong-k8s-ssl.yaml
+ cmd: cp kong-k8s.yaml kong-k8s-ssl.yaml
chdir: /tmp/mepserver/deploy/
- name: modify configuraiton to support https
cmd: chmod +x kongScript.sh && ./kongScript.sh
chdir: /tmp/mepserver/deploy/
+- name: Generate Certificates
+ shell:
+# yamllint disable rule:line-length
+ cmd: openssl genrsa -out ca.key 2048
+ chdir: /tmp/mepserver/deploy/
+
+- name: Generate Certificate - Step 2
+ shell:
+ cmd: openssl req -new -key ca.key -subj /C=CN/ST=Peking/L=Beijing/O=ealtedge/CN=www.ealtedge.org -out ca.csr
+ chdir: /tmp/mepserver/deploy/
+
+- name: Generate Root Certificate
+ shell:
+ cmd: openssl x509 -req -days 365 -in ca.csr -extensions v3_req -signkey ca.key -out trust.cer
+ chdir: /tmp/mepserver/deploy/
+
+- name: Generate TLS certificate and TLS Key
+ shell:
+ cmd: openssl genrsa -out server_key.pem 2048
+ chdir: /tmp/mepserver/deploy/
+
+- name: Generate TLS Certificate and TLS Key
+ shell:
+ cmd: openssl req -new -key server_key.pem -subj /C=CN/ST=Beijing/L=Beijing/O=ealtedge/CN=www.ealtedge.org -out tls.csr
+ chdir: /tmp/mepserver/deploy/
+
+- name: Generate TLS Certificate and TLS Key
+ shell:
+ cmd: openssl x509 -req -in tls.csr -extensions v3_req -CA trust.cer -CAkey ca.key -CAcreateserial -out server.cer
+ chdir: /tmp/mepserver/deploy/
+
- name: Create mepssl-secret
shell:
# yamllint disable rule:line-length
- name: Apply postgres-k8s.yaml
shell:
cmd: kubectl apply -f /tmp/mepserver/deploy/postgres-k8s.yaml
-
-- name: -----Configuring Kong API Gateway-----
- shell:
- cmd: sleep 30
-
-- name: Configuring Kong API Gateway
- shell:
- cmd: chmod +x kongconfig.sh && ./kongconfig.sh
- chdir: /tmp/mepserver/deploy/