From 97a8b0f8162138d048cc6f7b1f901f1787fa1b17 Mon Sep 17 00:00:00 2001 From: Ravi Geda Date: Wed, 7 Nov 2018 22:37:16 +0000 Subject: Add Pluggable Security to aai-resources Note that by default this feature is turned off. To enable update the installSidecarSecurity in aai/values.yaml to true. Change-Id: If5d2be859ead2f0bd81aabb4fde749f105974bcf Issue-ID: AAF-616 Signed-off-by: Ravi Geda --- templates/configmap.yaml | 4 ++++ templates/deployment.yaml | 8 ++++++++ 2 files changed, 12 insertions(+) (limited to 'templates') diff --git a/templates/configmap.yaml b/templates/configmap.yaml index 212f9cd..a23ed5f 100644 --- a/templates/configmap.yaml +++ b/templates/configmap.yaml @@ -37,7 +37,11 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} data: +{{ if .Values.global.installSidecarSecurity }} +{{ tpl (.Files.Glob "resources/config/haproxy/haproxy-pluggable-security.cfg").AsConfig . | indent 2 }} +{{ else }} {{ tpl (.Files.Glob "resources/config/haproxy/haproxy.cfg").AsConfig . | indent 2 }} +{{ end }} --- apiVersion: v1 kind: Secret diff --git a/templates/deployment.yaml b/templates/deployment.yaml index 3f16e25..1f337e4 100644 --- a/templates/deployment.yaml +++ b/templates/deployment.yaml @@ -64,7 +64,11 @@ spec: - mountPath: /dev/log name: aai-service-log - mountPath: /usr/local/etc/haproxy/haproxy.cfg + {{ if .Values.global.installSidecarSecurity }} + subPath: haproxy-pluggable-security.cfg + {{ else }} subPath: haproxy.cfg + {{ end }} name: haproxy-cfg ports: - containerPort: {{ .Values.service.internalPort }} @@ -86,6 +90,10 @@ spec: httpHeaders: - name: X-FromAppId value: OOM_ReadinessCheck + {{ if .Values.global.installSidecarSecurity }} + - name: Authorization + value: Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ== + {{ end }} - name: X-TransactionId value: {{ uuidv4 }} - name: Accept -- cgit 1.2.3-korg