SSL not working between Pega and SRS pods #972
Description
Describe the bug
The SSL connection between the Pega pods and the SRS pods cannot be enabled.
In fact the pod only exposes the 8080 port, which is hardcoded inside the env variables of the SRS pod, while the service exposes the 8443 port when srsRuntime.ssl.enabled is set to true.
To Reproduce
Enable TLS between Pega and SRS pods.
Even by changing the ports the pods only accept a non-encrypted traffic.
Expected behavior
A full tls connection.
Chart version
4.2.0 (latest available)
Server (if applicable, please complete the following information):
NA
Additional context
Here i the values used:
`---
global:
imageCredentials:
registry: "YOUR_DOCKER_REGISTRY"
username: "YOUR_DOCKER_REGISTRY_USERNAME"
password: "YOUR_DOCKER_REGISTRY_PASSWORD"
Specify the value of your Kubernetes provider
k8sProvider: "k8s"
Search and Reporting Service (SRS) Configuration
srs:
Set srs.enabled=true to enable SRS
enabled: true
deployment:
name: "my-name"
labels:
cbtier: tier3
Configure the location of the busybox image that is used during the deployment process of
the internal Elasticsearch cluster
busybox:
image: "alpine:3.18.3"
imagePullPolicy: "IfNotPresent"
srsRuntime:
ssl:
enabled: true
clientAuthentication: want
keystore:
file: "srs-keystore.jks"
type: "JKS"
truststore:
file: "srs-truststore.jks"
type: "JKS"
certsSecret: srs-internal-certificates-secret
podLabels:
cbtier: tier3
# Number of pods to provision
replicaCount: 2
# docker image of the srs-service, platform-services/search-n-reporting-service:dockerTag
srsImage: "YOUR_SRS_IMAGE:TAG"
# To avoid exposing Docker credentials, optionally create a separate Docker config secret.
# Specify secret names as an array of comma-separated strings. For example: ["secret1", "secret2"]
imagePullSecretNames: []
env:
# AuthEnabled may be set to true when there is an authentication mechanism in place between SRS and Pega Infinity.
AuthEnabled: false
# When `AuthEnabled` is `true`, enter the appropriate public key URL. When `AuthEnabled` is `false`(default), leave this parameter empty.
OAuthPublicKeyURL: ""
This section specifies the elasticsearch cluster configuration.
srsStorage:
provisionInternalESCluster: false
domain: "https://pippo.test.com"
port: 9090
protocol: "https"
certsSecret: srs-certificates
esCredentials:
username: "TEST"
password: "TEST"
networkPolicy:
enabled: false
constellation:
enabled: false
cloudProvider: gke
serviceAccountName: srv-name
deployment:
name: "bsrv-clln-static"
labels:
cbtier: tier3
podLabels:
cbtier: tier3
service:
httpEnabled: true
port: 80
targetPort: 8080
ingress:
enabled: true
domain: "YOUR_WEB_NODE_DOMAIN"
annotations:
annotation1: "0"
annotation2: "0"
annotation3: "0"
tls:
enabled: true
secretName: ingress-bsrv-clln-static
logLevel: info
urlPath: /c11n
replicas: 1
livenessProbe:
initialDelaySeconds: 5
timeoutSeconds: 5
periodSeconds: 30
successThreshold: 1
failureThreshold: 3
readinessProbe:
initialDelaySeconds: 5
timeoutSeconds: 5
periodSeconds: 30
successThreshold: 1
failureThreshold: 3
constellation-messaging:
enabled: false
cloudProvider: gke
name: YOUR_MESSAGING_SERVICE_DEPLOYMENT_NAME
image: YOUR_MESSAGING_SERVICE_IMAGE:TAG
replicas: 1
deployment:
name: "bsrv-clln-static"
labels:
cbtier: tier3
podLabels:
cbtier: tier3
`