Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

BUG-868079 Add the option to configure keystore and truststore type for Cassandra connection #769

Merged
merged 5 commits into from
Jul 22, 2024
Merged

BUG-868079 Add the option to configure keystore and truststore type for Cassandra connection #769

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
990a167
BUG-868079 Add the option to configure keystore and truststore type f…
wonim2022 Jun 5, 2024
54d6d24
BUG-868079 Capitalize Cassandra in new comments
wonim2022 Jul 4, 2024
bec0828
BUG-868079 Improve client encryption store type comment wording
wonim2022 Jul 8, 2024
5cb52b4
BUG-868079 Shorten too long lines
wonim2022 Jul 10, 2024
6dde0c8
Merge branch 'master' into bugfix/BUG-868079-cassandra-store-type
taz-pega-work Jul 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
49 changes: 25 additions & 24 deletions charts/pega/README.md
View file
Open in desktop

Large diffs are not rendered by default.

3 changes: 3 additions & 0 deletions charts/pega/templates/pega-environment-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,9 @@ data:
CASSANDRA_PORT: "{{ .Values.dds.port }}"
# Whether to enable client encryption on the Cassandra connection.
CASSANDRA_CLIENT_ENCRYPTION: "{{ .Values.dds.clientEncryption }}"
# Type of Cassandra truststore and keystore used to hold keys and certificates for client encryption.
# Available store types are JKS and PKCS12.
CASSANDRA_CLIENT_ENCRYPTION_STORE_TYPE: "{{ .Values.dds.clientEncryptionStoreType }}"
# Path to a mounted trust store file for Cassandra encryption.
CASSANDRA_TRUSTSTORE: "{{ .Values.dds.trustStore }}"
# Path to a mounted key store file for Cassandra encryption.
Expand Down
5 changes: 3 additions & 2 deletions charts/pega/values-large.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -514,15 +514,16 @@ dds:
password: "dnode_ext"
# Whether to enable client encryption on the Cassandra connection.
clientEncryption: false
# If required, provide the type of Cassandra truststore and keystore that you used to hold keys and certificates for client encryption. Available store types
# are JKS and PKCS12. Default is JKS.
clientEncryptionStoreType: ""
# If required, provide the trustStore certificate file name.
# When using a trustStore certificate, you must also include a Kubernetes secret name that contains the trustStore certificate in the global.certificatesSecrets parameter.
# Pega deployments only support trustStores using the Java Key Store (.jks) format.
trustStore: ""
# If required provide trustStorePassword value in plain text.
trustStorePassword: ""
# If required, provide the keystore certificate file name.
# When using a keystore certificate, you must also include a Kubernetes secret name that contains the keystore certificate in the global.certificatesSecrets parameter.
# Pega deployments only support keystore using the Java Key Store (.jks) format.
keyStore: ""
# If required provide keyStorePassword value in plain text.
keyStorePassword: ""
Expand Down
5 changes: 3 additions & 2 deletions charts/pega/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -461,15 +461,16 @@ dds:
password: "dnode_ext"
# Whether to enable client encryption on the Cassandra connection.
clientEncryption: false
# If required, provide the type of Cassandra truststore and keystore that you used to hold keys and certificates for client encryption. Available store types
# are JKS and PKCS12. Default is JKS.
clientEncryptionStoreType: ""
# If required, provide the trustStore certificate file name.
# When using a trustStore certificate, you must also include a Kubernetes secret name that contains the trustStore certificate in the global.certificatesSecrets parameter.
# Pega deployments only support trustStores using the Java Key Store (.jks) format.
trustStore: ""
# If required provide trustStorePassword value in plain text.
trustStorePassword: ""
# If required, provide the keystore certificate file name.
# When using a keystore certificate, you must also include a Kubernetes secret name that contains the keystore certificate in the global.certificatesSecrets parameter.
# Pega deployments only support keystore using the Java Key Store (.jks) format.
keyStore: ""
# If required provide keyStorePassword value in plain text.
keyStorePassword: ""
Expand Down
1 change: 1 addition & 0 deletions terratest/src/test/pega/data/pega-tier-config-override_values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -249,6 +249,7 @@ dds:
username: "dnode_ext"
password: "dnode_ext"
clientEncryption: false
clientEncryptionStoreType: ""
trustStore: ""
trustStorePassword: ""
keyStore: ""
Expand Down
5 changes: 3 additions & 2 deletions terratest/src/test/pega/data/pega-tier-service-override_values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -377,15 +377,16 @@ dds:
password: "dnode_ext"
# Whether to enable client encryption on the Cassandra connection.
clientEncryption: false
# If required, provide the type of Cassandra truststore and keystore that you used to hold keys and certificates for client encryption. Available store types
# are JKS and PKCS12. Default is JKS.
clientEncryptionStoreType: ""
# If required, provide the trustStore certificate file name.
# When using a trustStore certificate, you must also include a Kubernetes secret name that contains the trustStore certificate in the global.certificatesSecrets parameter.
# Pega deployments only support trustStores using the Java Key Store (.jks) format.
trustStore: ""
# If required provide trustStorePassword value in plain text.
trustStorePassword: ""
# If required, provide the keystore certificate file name.
# When using a keystore certificate, you must also include a Kubernetes secret name that contains the keystore certificate in the global.certificatesSecrets parameter.
# Pega deployments only support keystore using the Java Key Store (.jks) format.
keyStore: ""
# If required provide keyStorePassword value in plain text.
keyStorePassword: ""
Expand Down
5 changes: 3 additions & 2 deletions terratest/src/test/pega/data/values_http_disabled.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -333,15 +333,16 @@ dds:
password: "dnode_ext"
# Whether to enable client encryption on the Cassandra connection.
clientEncryption: false
# If required, provide the type of Cassandra truststore and keystore that you used to hold keys and certificates for client encryption. Available store types
# are JKS and PKCS12. Default is JKS.
clientEncryptionStoreType: ""
# If required, provide the trustStore certificate file name.
# When using a trustStore certificate, you must also include a Kubernetes secret name that contains the trustStore certificate in the global.certificatesSecrets parameter.
# Pega deployments only support trustStores using the Java Key Store (.jks) format.
trustStore: ""
# If required provide trustStorePassword value in plain text.
trustStorePassword: ""
# If required, provide the keystore certificate file name.
# When using a keystore certificate, you must also include a Kubernetes secret name that contains the keystore certificate in the global.certificatesSecrets parameter.
# Pega deployments only support keystore using the Java Key Store (.jks) format.
keyStore: ""
# If required provide keyStorePassword value in plain text.
keyStorePassword: ""
Expand Down
5 changes: 3 additions & 2 deletions terratest/src/test/pega/data/values_ingress_disabled.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -400,15 +400,16 @@ dds:
password: "dnode_ext"
# Whether to enable client encryption on the Cassandra connection.
clientEncryption: false
# If required, provide the type of Cassandra truststore and keystore that you used to hold keys and certificates for client encryption. Available store types
# are JKS and PKCS12. Default is JKS.
clientEncryptionStoreType: ""
# If required, provide the trustStore certificate file name.
# When using a trustStore certificate, you must also include a Kubernetes secret name that contains the trustStore certificate in the global.certificatesSecrets parameter.
# Pega deployments only support trustStores using the Java Key Store (.jks) format.
trustStore: ""
# If required provide trustStorePassword value in plain text.
trustStorePassword: ""
# If required, provide the keystore certificate file name.
# When using a keystore certificate, you must also include a Kubernetes secret name that contains the keystore certificate in the global.certificatesSecrets parameter.
# Pega deployments only support keystore using the Java Key Store (.jks) format.
keyStore: ""
# If required provide keyStorePassword value in plain text.
keyStorePassword: ""
Expand Down
1 change: 1 addition & 0 deletions terratest/src/test/pega/data/values_pdb_custom_labels.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -248,6 +248,7 @@ dds:
username: "dnode_ext"
password: "dnode_ext"
clientEncryption: false
clientEncryptionStoreType: ""
trustStore: ""
trustStorePassword: ""
keyStore: ""
Expand Down
1 change: 1 addition & 0 deletions terratest/src/test/pega/data/values_pdb_disabled.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -244,6 +244,7 @@ dds:
username: "dnode_ext"
password: "dnode_ext"
clientEncryption: false
clientEncryptionStoreType: ""
trustStore: ""
trustStorePassword: ""
keyStore: ""
Expand Down
1 change: 1 addition & 0 deletions terratest/src/test/pega/data/values_pdb_enabled.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -244,6 +244,7 @@ dds:
username: "dnode_ext"
password: "dnode_ext"
clientEncryption: false
clientEncryptionStoreType: ""
trustStore: ""
trustStorePassword: ""
keyStore: ""
Expand Down
1 change: 1 addition & 0 deletions terratest/src/test/pega/data/values_with_overidden_liveness_probe_config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -322,6 +322,7 @@ dds:
username: "dnode_ext"
password: "dnode_ext"
clientEncryption: false
clientEncryptionStoreType: ""
trustStore: ""
trustStorePassword: ""
keyStore: ""
Expand Down
5 changes: 3 additions & 2 deletions .../test/pega/data/values_zdt_upgrade_http_default_port_renamed_deployment_renamed_tier.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -349,15 +349,16 @@ dds:
password: "dnode_ext"
# Whether to enable client encryption on the Cassandra connection.
clientEncryption: false
# If required, provide the type of Cassandra truststore and keystore that you used to hold keys and certificates for client encryption. Available store types
# are JKS and PKCS12. Default is JKS.
clientEncryptionStoreType: ""
# If required, provide the trustStore certificate file name.
# When using a trustStore certificate, you must also include a Kubernetes secret name that contains the trustStore certificate in the global.certificatesSecrets parameter.
# Pega deployments only support trustStores using the Java Key Store (.jks) format.
trustStore: ""
# If required provide trustStorePassword value in plain text.
trustStorePassword: ""
# If required, provide the keystore certificate file name.
# When using a keystore certificate, you must also include a Kubernetes secret name that contains the keystore certificate in the global.certificatesSecrets parameter.
# Pega deployments only support keystore using the Java Key Store (.jks) format.
keyStore: ""
# If required provide keyStorePassword value in plain text.
keyStorePassword: ""
Expand Down
5 changes: 3 additions & 2 deletions terratest/src/test/pega/data/values_zdt_upgrade_http_non_default_port81.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -346,15 +346,16 @@ dds:
password: "dnode_ext"
# Whether to enable client encryption on the Cassandra connection.
clientEncryption: false
# If required, provide the type of Cassandra truststore and keystore that you used to hold keys and certificates for client encryption. Available store types
# are JKS and PKCS12. Default is JKS.
clientEncryptionStoreType: ""
# If required, provide the trustStore certificate file name.
# When using a trustStore certificate, you must also include a Kubernetes secret name that contains the trustStore certificate in the global.certificatesSecrets parameter.
# Pega deployments only support trustStores using the Java Key Store (.jks) format.
trustStore: ""
# If required provide trustStorePassword value in plain text.
trustStorePassword: ""
# If required, provide the keystore certificate file name.
# When using a keystore certificate, you must also include a Kubernetes secret name that contains the keystore certificate in the global.certificatesSecrets parameter.
# Pega deployments only support keystore using the Java Key Store (.jks) format.
keyStore: ""
# If required provide keyStorePassword value in plain text.
keyStorePassword: ""
Expand Down
5 changes: 3 additions & 2 deletions terratest/src/test/pega/data/values_zdt_upgrade_https_default_port.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -346,15 +346,16 @@ dds:
password: "dnode_ext"
# Whether to enable client encryption on the Cassandra connection.
clientEncryption: false
# If required, provide the type of Cassandra truststore and keystore that you used to hold keys and certificates for client encryption. Available store types
# are JKS and PKCS12. Default is JKS.
clientEncryptionStoreType: ""
# If required, provide the trustStore certificate file name.
# When using a trustStore certificate, you must also include a Kubernetes secret name that contains the trustStore certificate in the global.certificatesSecrets parameter.
# Pega deployments only support trustStores using the Java Key Store (.jks) format.
trustStore: ""
# If required provide trustStorePassword value in plain text.
trustStorePassword: ""
# If required, provide the keystore certificate file name.
# When using a keystore certificate, you must also include a Kubernetes secret name that contains the keystore certificate in the global.certificatesSecrets parameter.
# Pega deployments only support keystore using the Java Key Store (.jks) format.
keyStore: ""
# If required provide keyStorePassword value in plain text.
keyStorePassword: ""
Expand Down
5 changes: 3 additions & 2 deletions terratest/src/test/pega/data/values_zdt_upgrade_https_non_default_port.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -346,15 +346,16 @@ dds:
password: "dnode_ext"
# Whether to enable client encryption on the Cassandra connection.
clientEncryption: false
# If required, provide the type of Cassandra truststore and keystore that you used to hold keys and certificates for client encryption. Available store types
# are JKS and PKCS12. Default is JKS.
clientEncryptionStoreType: ""
# If required, provide the trustStore certificate file name.
# When using a trustStore certificate, you must also include a Kubernetes secret name that contains the trustStore certificate in the global.certificatesSecrets parameter.
# Pega deployments only support trustStores using the Java Key Store (.jks) format.
trustStore: ""
# If required provide trustStorePassword value in plain text.
trustStorePassword: ""
# If required, provide the keystore certificate file name.
# When using a keystore certificate, you must also include a Kubernetes secret name that contains the keystore certificate in the global.certificatesSecrets parameter.
# Pega deployments only support keystore using the Java Key Store (.jks) format.
keyStore: ""
# If required provide keyStorePassword value in plain text.
keyStorePassword: ""
Expand Down
Loading