Skip to content

Validation for Helm approach

Preparation

First, find out the external IP address for traefik ingress:

kubectl -n orthweb get service orthweb-traefik -o jsonpath='{.status.loadBalancer.ingress[0].ip}'

Ensure that the DNS names web.orthweb.com and dicom.orthweb.com resolve to the external IP address of the traefik service.

Web Service

To validate web service, export client CA and run curl command:

kubectl -n orthweb get secret https-secret -o jsonpath='{.data.ca\.crt}' | base64 -d > ca.crt

curl -HHost:web.orthweb.com -v -k -X GET https://web.orthweb.com:443/app/explorer.html -u admin:orthanc --cacert ca.crt

You should see HTML content of the website. Alternatively browse to the URL. However, browser may flag the self-signed certificate as insecure.

DICOM service

The steps to validate DICOM traffic is similiar to other deployment option. However, because dcmtk utility does not send SNI in the TLS negotiation, I used annonymous tls (+tla) without client certificate for C-ECHO and C-STORE test.

echoscu -aet TESTER -aec ORTHANC -d +tla -ic dicom.orthweb.com 11112
storescu -aet TESTER -aec ORTHANC -d +tla -ic dicom.orthweb.com 11112 DICOM_CT/123.dcm