aboutsummaryrefslogtreecommitdiffstats
path: root/certService/helm/aaf-cert-service/templates
diff options
context:
space:
mode:
authorawudzins <adam.wudzinski@nokia.com>2020-03-13 16:54:18 +0100
committerawudzins <adam.wudzinski@nokia.com>2020-04-03 11:29:59 +0200
commitb81c681cb6be761a2abb5e2f5af1b923bef1f6b4 (patch)
tree9e0712775bee897d3c0156a8fa6bf9d69846f2ed /certService/helm/aaf-cert-service/templates
parentfa33d3f9cf9b613968bf277284841164d392fc21 (diff)
Switch client and server to communicate over TLS
Issue-ID: AAF-1084 Signed-off-by: Adam WudziƄski <adam.wudzinski@nokia.com> Change-Id: I7f11b27c7dcdf4fc3eba2d5e64b6dc775c80dd74
Diffstat (limited to 'certService/helm/aaf-cert-service/templates')
-rw-r--r--certService/helm/aaf-cert-service/templates/deployment.yaml37
-rw-r--r--certService/helm/aaf-cert-service/templates/secret_client_tls.yaml10
-rw-r--r--certService/helm/aaf-cert-service/templates/secret_server_tls.yaml14
-rw-r--r--certService/helm/aaf-cert-service/templates/service.yaml2
4 files changed, 56 insertions, 7 deletions
diff --git a/certService/helm/aaf-cert-service/templates/deployment.yaml b/certService/helm/aaf-cert-service/templates/deployment.yaml
index f8b2d43f..f4a28f46 100644
--- a/certService/helm/aaf-cert-service/templates/deployment.yaml
+++ b/certService/helm/aaf-cert-service/templates/deployment.yaml
@@ -16,27 +16,52 @@ spec:
- name: {{ .Values.volume.name }}
secret:
secretName: {{ .Values.secret.name }}
+ - name: {{ .Values.tls.server.volume.name }}
+ secret:
+ secretName: {{ .Values.tls.server.secret.name }}
containers:
- name: aaf-cert-service
image: {{ .Values.repository }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.pullPolicy }}
ports:
- containerPort: {{ .Values.containerPort }}
+ env:
+ - name: HTTPS_PORT
+ value: "{{ .Values.containerPort }}"
+ - name: KEYSTORE_PATH
+ value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.keystore.jksName }}"
+ - name: KEYSTORE_P12_PATH
+ value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.keystore.p12Name }}"
+ - name: TRUSTSTORE_PATH
+ value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.truststore.jksName }}"
+ - name: ROOT_CERT
+ value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.truststore.crtName }}"
+ - name: KEYSTORE_PASSWORD
+ value: "{{ .Values.envs.keystore.password }}"
+ - name: TRUSTSTORE_PASSWORD
+ value: "{{ .Values.envs.truststore.password }}"
livenessProbe:
- httpGet:
- port: {{ .Values.containerPort }}
- path: {{ .Values.liveness.path }}
+ exec:
+ command:
+ - /bin/bash
+ - -c
+ - {{ .Values.liveness.command }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
readinessProbe:
- httpGet:
- port: {{ .Values.containerPort }}
- path: {{ .Values.readiness.path }}
+ exec:
+ command:
+ - /bin/bash
+ - -c
+ - {{ .Values.readiness.command }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
- name: {{ .Values.volume.name }}
mountPath: {{ .Values.volume.mountPath }}
readOnly: true
+ - name: {{ .Values.tls.server.volume.name }}
+ mountPath: {{ .Values.tls.server.volume.mountPath }}
+ readOnly: true
resources:
{{ toYaml .Values.resources }}
diff --git a/certService/helm/aaf-cert-service/templates/secret_client_tls.yaml b/certService/helm/aaf-cert-service/templates/secret_client_tls.yaml
new file mode 100644
index 00000000..b80a4af4
--- /dev/null
+++ b/certService/helm/aaf-cert-service/templates/secret_client_tls.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Values.tls.client.secret.name }}
+type: Opaque
+data:
+ certServiceClient-keystore.jks:
+ {{ (.Files.Glob "resources/certServiceClient-keystore.jks").AsSecrets }}
+ truststore.jks:
+ {{ (.Files.Glob "resources/truststore.jks").AsSecrets }}
diff --git a/certService/helm/aaf-cert-service/templates/secret_server_tls.yaml b/certService/helm/aaf-cert-service/templates/secret_server_tls.yaml
new file mode 100644
index 00000000..535e3dbd
--- /dev/null
+++ b/certService/helm/aaf-cert-service/templates/secret_server_tls.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Values.tls.server.secret.name }}
+type: Opaque
+data:
+ certServiceServer-keystore.jks:
+ {{ (.Files.Glob "resources/certServiceServer-keystore.jks").AsSecrets }}
+ certServiceServer-keystore.p12:
+ {{ (.Files.Glob "resources/certServiceServer-keystore.p12").AsSecrets }}
+ truststore.jks:
+ {{ (.Files.Glob "resources/truststore.jks").AsSecrets }}
+ root.crt:
+ {{ (.Files.Glob "resources/root.crt").AsSecrets }} \ No newline at end of file
diff --git a/certService/helm/aaf-cert-service/templates/service.yaml b/certService/helm/aaf-cert-service/templates/service.yaml
index fba7e5fa..f3c0ee0c 100644
--- a/certService/helm/aaf-cert-service/templates/service.yaml
+++ b/certService/helm/aaf-cert-service/templates/service.yaml
@@ -1,7 +1,7 @@
apiVersion: v1
kind: Service
metadata:
- name: {{ .Chart.Name }}-service
+ name: {{ .Chart.Name }}
spec:
type: {{ .Values.service.type }}
selector: