[besu] Q2T using http (#2489)

Signed-off-by: Roy,Sownak <[email protected]>

platforms/hyperledger-besu/charts/besu-node/templates/besu-config-configmap.yaml

@@ -88,7 +88,7 @@ data:
     {{ if .Values.tessera.enabled -}}
     # Privacy
     privacy-enabled={{ .Values.tessera.enabled }}
-    privacy-url="{{ .Values.node.besu.privacy.scheme }}://tessera-{{ .Release.Name }}:{{ .Values.node.besu.privacy.clientport }}"
+    privacy-url="{{ .Values.node.besu.privacy.scheme }}://tessera-{{ .Release.Name }}.{{ .Release.Namespace }}:{{ .Values.node.besu.privacy.clientport }}"
     {{- if and (ne .Values.global.cluster.provider "minikube") (.Values.global.cluster.cloudNativeServices) }}
     privacy-public-key-file="{{ .Values.node.besu.keysPath }}/{{ .Values.node.besu.privacy.pubkeyFile }}"
     {{ else }}

platforms/hyperledger-besu/charts/besu-node/values.yaml

@@ -121,7 +121,7 @@ node:
       interval: 15
       prometheusJob: "besu"
     privacy:
-      scheme: "https" # Must use https when TLS is STRICT
+      scheme: "http" # Must use https when TLS is STRICT
       clientport: 9101
       pubkeysPath: "/tessera"
       pubkeyFile: "tm.pub"

platforms/hyperledger-besu/charts/besu-tessera-node/templates/_helpers.tpl

@@ -51,14 +51,11 @@ Create tessera url depending on tls mode
 {{- end -}}
 
 {{/*
-Create client url depending on tls mode
+Client URL is defaulted to http; tls certificates need to be checked for using https
 */}}
 {{- define "besu-tessera-node.clientURL" -}}
 {{- $fullname := include "besu-tessera-node.fullname" . -}}
 {{- $port := .Values.tessera.q2tport | int -}}
-{{- if eq .Values.tessera.tlsMode "STRICT" -}}
-    {{- printf "https://%s.%s:%d" $fullname .Release.Namespace $port | quote }}
-{{- else -}}
-    {{- printf "http://%s.%s:%d" $fullname .Release.Namespace $port | quote }}
+{{- printf "http://%s.%s:%d" $fullname .Release.Namespace $port | quote }}
+{{- end -}}
 {{- end -}}
-{{- end -}}

platforms/hyperledger-besu/charts/besu-tessera-node/templates/configmap.yaml

@@ -39,8 +39,9 @@ data:
           "enabled": true,
           "serverAddress": {{ include "besu-tessera-node.clientURL" . }},          
           "sslConfig": {
-            "tls": {{ .Values.tessera.tlsMode | quote }},
+            "tls": "OFF",
             "generateKeyStoreIfNotExisted": true,
+            "sslConfigType": "SERVER_ONLY",
             "serverTrustMode": {{ .Values.tessera.trust | quote }},
             "serverTlsKeyPath": "{{ .Values.tessera.dataPath }}/crypto/tessera_cer.key",
             "serverTlsCertificatePath": "{{ .Values.tessera.dataPath }}/crypto/tessera_cer.pem",
@@ -49,9 +50,9 @@ data:
             "clientTlsKeyPath": "{{ .Values.tessera.dataPath }}/crypto/tessera_cer.key",
             "clientTlsCertificatePath": "{{ .Values.tessera.dataPath }}/crypto/tessera_cer.pem",
             "clientTrustCertificates": ["{{ .Values.tessera.dataPath }}/crypto/tessera_ca.pem"],
-            "knownClientsFile": "{{ .Values.tessera.dataPath }}/crypto/known_client1",
-            "knownServersFile": "{{ .Values.tessera.dataPath }}/crypto/known_server1",
-            "clientAuth": true
+            "knownClientsFile": "{{ .Values.tessera.dataPath }}/crypto/known_client",
+            "knownServersFile": "{{ .Values.tessera.dataPath }}/crypto/known_server",
+            "clientAuth": false
           },
           "communicationType": "REST"
         },
@@ -62,6 +63,7 @@ data:
           "sslConfig": {
             "tls": {{ .Values.tessera.tlsMode | quote }},
             "generateKeyStoreIfNotExisted": true,
+            "sslConfigType": "SERVER_AND_CLIENT",
             "serverTrustMode": {{ .Values.tessera.trust | quote }},
             "serverTlsKeyPath": "{{ .Values.tessera.dataPath }}/crypto/tessera_cer.key",
             "serverTlsCertificatePath": "{{ .Values.tessera.dataPath }}/crypto/tessera_cer.pem",

platforms/hyperledger-besu/configuration/roles/create/helm_component/templates/member.tpl

@@ -128,6 +128,8 @@ spec:
           enabled: {{ peer.metrics.enabled | default(false) }}
           port: {{ peer.metrics.port | default(9545) }}
           serviceMonitorEnabled: {{ network.prometheus.enabled | default(false)}}
+        privacy:
+          clientport: {{ peer.tm_clientport.port }}
         permissions:
           enabled: {{ network.permissioning.enabled | default(false) }} #Add other permissioning params below this
 {% if network.env.labels is defined %}