[#3478] Disable insecure ports in Sandbox deployment

Fixes #3478 Signed-off-by: Kai Hudalla <[email protected]>
eclipse-hono · Jul 10, 2023 · 08ffc39 · 08ffc39
1 parent 3beb386
commit 08ffc39
Showing 1 changed file with 10 additions and 11 deletions.
diff --git a/deploy/src/main/sandbox/hono-values.yml b/deploy/src/main/sandbox/hono-values.yml
@@ -19,6 +19,7 @@ messagingNetworkTypes:
 
 amqpMessagingNetworkExample:
   enabled: true
+  insecurePortEnabled: false
   dispatchRouter:
     uidFormat: "n"
     adapterUids: "hono.eclipseprojects.io"
@@ -46,11 +47,10 @@ adapters:
     imageName: "eclipse/hono-adapter-http-native"
     hono:
       http:
+        insecurePortEnabled: false
         bindAddress: "0.0.0.0"
         keyPath: "/opt/hono/tls/tls.key"
         certPath: "/opt/hono/tls/tls.crt"
-        insecurePortEnabled: true
-        insecurePortBindAddress: "0.0.0.0"
         idleTimeout: 20
         jmsVendorPropsEnabled: true
         maxPayloadSize: 8096
@@ -70,11 +70,10 @@ adapters:
     imageName: "eclipse/hono-adapter-mqtt-native"
     hono:
       mqtt:
+        insecurePortEnabled: false
         bindAddress: "0.0.0.0"
         keyPath: "/opt/hono/tls/tls.key"
         certPath: "/opt/hono/tls/tls.crt"
-        insecurePortEnabled: true
-        insecurePortBindAddress: "0.0.0.0"
         jmsVendorPropsEnabled: true
         maxPayloadSize: 8096
         tenantIdleTimeout: "1h"
@@ -94,11 +93,10 @@ adapters:
     imageName: "eclipse/hono-adapter-amqp-native"
     hono:
       amqp:
+        insecurePortEnabled: false
         bindAddress: "0.0.0.0"
         keyPath: "/opt/hono/tls/tls.key"
         certPath: "/opt/hono/tls/tls.crt"
-        insecurePortEnabled: true
-        insecurePortBindAddress: "0.0.0.0"
         tenantIdleTimeout: "1h"
         maxConnections: 200
     tlsKeysSecret: "sandbox-tls"
@@ -116,6 +114,7 @@ adapters:
     imageName: "eclipse/hono-adapter-coap-native"
     hono:
       coap:
+        insecurePortEnabled: false
         bindAddress: "0.0.0.0"
         port: 5684
         keyPath: "/opt/hono/tls/tls.key"
@@ -168,11 +167,10 @@ deviceRegistryExample:
         certPath: "/opt/hono/tls/tls.crt"
       http:
         authenticationRequired: false
+        insecurePortEnabled: false
         bindAddress: "0.0.0.0"
         keyPath: "/opt/hono/tls/tls.key"
         certPath: "/opt/hono/tls/tls.crt"
-        insecurePortEnabled: true
-        insecurePortBindAddress: "0.0.0.0"
       svc:
         maxDevicesPerTenant: 10
   tlsKeysSecret: "sandbox-tls"
@@ -227,10 +225,11 @@ kafka:
   ## 10MB
   logSegmentBytes: _10485760
   auth:
-    # no TLS. That would be "sasl_tls"
-    clientProtocol: "sasl"
     tls:
-      existingSecrets: []
+      type: "pem"
+      pemChainIncluded: true
+      existingSecrets:
+      - "sandbox-tls"
   externalAccess:
     autoDiscovery:
       enabled: false