Skip to content

Commit

Permalink
SRS: Added truststore password input for TLS connection b/w SRS and ES (
Browse files Browse the repository at this point in the history 
#669)

* [SRS] Added truststore password input for TLS connection b/w SRS and ES
  • Loading branch information
@anilkumargedela
anilkumargedela authored Nov 27, 2023
1 parent 88cca86 commit 9ccd6b5
Show file tree
Hide file tree
Showing 4 changed files with 13 additions and 2 deletions.
6 changes: 5 additions & 1 deletion charts/backingservices/charts/srs/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,8 @@ make external-es-secrets NAMESPACE=pegabackingservices ELASTICSEARCH_VERSION=7.1
| Configuration | Usage |
|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `tls` | Set to `true` to enable the SRS service to authenticate to your organization's available Elasticsearch service. |
| `certificateName` | Enter the tls certificate name. Default certificate name will be "elastic-certificates.p12" if not used. |
| `certificatePassword` | Enter the tls certificate password if any. Default value will be empty if not used. |
| `esCredentials.username` | Enter the username for your available Elasticsearch service. This username value must match the values you set in the connection info section of esCredentials. |
| `esCredentials.password` | Enter the required password for your available Elasticsearch service. This password value must match the values you set in the connection info section of esCredentials. |
| `srsStorage.provisionInternalESCluster` | <ul><li>Set to false to disable this parameter and connect to your available Elasticsearch service from the SRS cluster. Disabling this setting requires you to provide connectivity details to your organization's external Elasticsearch service along with an appropriate TLS certificate with which you authenticate with the service. To pass the required certificate to the cluster using a secrets file, run the command, `$ make external-es-secrets NAMESPACE=<NAMESPACE_USED_FOR_DEPLOYMENT> ELASTICSEARCH_VERSION=<ELASTICSEARCH_VERSION> PATH_TO_CERTIFICATE=<PATH_TO_CERTS>`. </li><li>where NAMESPACE references your deployment namespace of the SRS cluster, `ELASTICSEARCH_VERSION` matches the Elasticsearch version you want to use, and `PATH_TO_CERTIFICATE` points to the location where you copied the required certificates on your location machine.</li><li>Use the following Make command to update the SRS and External Elasticsearch certificates: `$ make update-external-es-secrets NAMESPACE=<NAMESPACE_OF EXISTING_DEPLOYMENT> PATH_TO_CERTIFICATE=<PATH_TO_THE_UPDATED_CERTIFICATES>`.</li></ul> |
Expand Down Expand Up @@ -140,8 +142,10 @@ srs:
# Set srs.srsStorage.tls.enabled: true to enable the use of TLS-based authentication to your Elasticsearch service whether is it running as an internalized or externalized service in your SRS cluster.
tls:
enabled: false
# To specify a certificate used to authenticate an external Elasticsearch service (with tls.enabled: true and srsStorage.provisionInternalESCluster: false), uncomment the following line to specify the TLS certificate name for your Elasticsearch service.
# To specify a certificate used to authenticate an external Elasticsearch service (with tls.enabled: true and srsStorage.provisionInternalESCluster: false), uncomment the following lines to specify the TLS certificate name with password for your Elasticsearch service.
# Default certificatePassword value will be empty if not used.
# certificateName: "Certificate_Name"
# certificatePassword: "password"
# Set srs.srsStorage.basicAuthentication.enabled: true to enable the use of basic authentication to your Elasticsearch service whether is it running as an internalized or externalized service in your SRS cluster.
basicAuthentication:
enabled: true
Expand Down
2 changes: 2 additions & 0 deletions charts/backingservices/charts/srs/templates/srsservice_deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,8 @@ spec:
key: password
- name: PATH_TO_TRUSTSTORE
value: "/usr/share/{{ .Values.srsStorage.certificateName | default "elastic-certificates.p12"}}"
- name: PATH_TO_KEYSTORE
value: "{{ .Values.srsStorage.certificatePassword | default ""}}"
{{- end}}
- name: APPLICATION_HOST
value: "0.0.0.0"
Expand Down
4 changes: 3 additions & 1 deletion charts/backingservices/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,8 +53,10 @@ srs:
tls:
enabled: false
# To specify a certificate used to authenticate an external Elasticsearch service (with tls.enabled: true and srsStorage.provisionInternalESCluster: false),
# uncomment the following line to specify the TLS certificate name for your Elasticsearch service.
# uncomment the following lines to specify the TLS certificate name with password for your Elasticsearch service.
# Default certificatePassword value will be empty if not used.
# certificateName: "Certificate_Name"
# certificatePassword: "password"
# Set srs.srsStorage.basicAuthentication.enabled: true to enable the use of basic authentication to your Elasticsearch service
# whether is it running as an internalized or externalized service in your SRS cluster.
basicAuthentication:
Expand Down
3 changes: 3 additions & 0 deletions terratest/src/test/backingservices/srs-deployment_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,6 +206,9 @@ func VerifyDeployment(t *testing.T, pod *k8score.PodSpec, expectedSpec srsDeploy
require.Equal(t, "PATH_TO_TRUSTSTORE", pod.Containers[0].Env[envIndex].Name)
require.Equal(t, "/usr/share/elastic-certificates.p12", pod.Containers[0].Env[envIndex].Value)
envIndex++
require.Equal(t, "PATH_TO_KEYSTORE", pod.Containers[0].Env[envIndex].Name)
require.Equal(t, "", pod.Containers[0].Env[envIndex].Value)
envIndex++
}
require.Equal(t, "APPLICATION_HOST", pod.Containers[0].Env[envIndex].Name)
require.Equal(t, "0.0.0.0", pod.Containers[0].Env[envIndex].Value)
Expand Down

0 comments on commit 9ccd6b5

Please sign in to comment.