summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorpriyanshu <pagarwal@amdocs.com>2019-03-20 12:45:21 +0530
committerpriyanshua <pagarwal@amdocs.com>2019-03-20 12:45:21 +0530
commitbd7fbe2babda72ce78049ab7d6b3e7c963cae996 (patch)
tree38b4bad8a0a4b7ad0e2f331d4b7cbd5ae5a82de1
parentbb26706ffcfbbe412a43a2c04a5e127f4a21b5d4 (diff)
Support HTTPS and SSL Cassandra in workflow
1. Added multiple property mapping parameters. 2. Added some placeholder volume mounts. 3. Refactored few property names. 4. Didn't expose service on HTTPS due to absence of preserved node port. Change-Id: I55e66b5a1ff8798afa86088428d304f932ac37f8 Issue-ID: OOM-1740 Signed-off-by: priyanshua <pagarwal@amdocs.com>
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml41
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml2
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-be/values.yaml11
3 files changed, 52 insertions, 2 deletions
diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml
index 84285c4a29..26ad05555a 100644
--- a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml
@@ -54,6 +54,7 @@ spec:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- containerPort: {{ .Values.service.internalPort }}
+ - containerPort: {{ .Values.service.internalPort2 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{ if .Values.liveness.enabled }}
@@ -75,12 +76,20 @@ spec:
value: "{{ .Values.config.cassandraHosts }}"
- name: CS_PORT
value: "{{ .Values.config.cassandraClientPort }}"
+ - name: CS_AUTHENTICATE
+ value: "{{ .Values.config.cassandraAuthenticationEnabled }}"
- name: CS_USER
valueFrom:
secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: sdc_user}
- name: CS_PASSWORD
valueFrom:
secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: sdc_password}
+ - name: CS_SSL_ENABLED
+ value: "{{ .Values.config.cassandraSSLEnabled }}"
+ - name: CS_TRUST_STORE_PATH
+ value: "{{ .Values.config.cassandraTrustStorePath }}"
+ - name: CS_TRUST_STORE_PASSWORD
+ value: "{{ .Values.config.cassandraTrustStorePassword }}"
- name: SDC_PROTOCOL
value: "{{ .Values.config.sdcProtocol }}"
- name: SDC_ENDPOINT
@@ -89,5 +98,37 @@ spec:
value: "{{ .Values.config.sdcExternalUser }}"
- name: SDC_PASSWORD
value: "{{ .Values.config.sdcExternalUserPassword }}"
+ - name: SERVER_SSL_ENABLED
+ value: "{{ .Values.config.serverSSLEnabled }}"
+ - name: SERVER_SSL_KEYSTORE_TYPE
+ value: "{{ .Values.config.ser }}"
+ - name: SERVER_SSL_KEYSTORE_PATH
+ value: "{{ .Values.config.serverSSLKeyStorePath }}"
+ - name: SERVER_SSL_KEY_PASSWORD
+ value: "{{ .Values.config.serverSSLKeyPassword }}"
+ volumeMounts:
+ {{ if .Values.config.cassandraSSLEnabled }}
+ - name: {{ include "common.fullname" . }}-cassandra-client-truststore
+ mountPath: /config/cassandra-client-truststore
+ subPath: truststore
+ readOnly: true
+ {{- end }}
+ {{ if .Values.config.serverSSLEnabled }}
+ - name: {{ include "common.fullname" . }}-server-https-keystore
+ mountPath: /config/server-https-keystore
+ subPath: keystore
+ readOnly: true
+ {{- end }}
+ volumes:
+ {{ if .Values.config.cassandraSSLEnabled }}
+ - name: {{ include "common.fullname" . }}-cassandra-client-truststore
+ hostPath:
+ path: /config/cassandra-client-truststore
+ {{- end }}
+ {{ if .Values.config.serverSSLEnabled }}
+ - name: {{ include "common.fullname" . }}-server-https-keystore
+ hostPath:
+ path: /config/server-https-keystore
+ {{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml b/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml
index 2cfdacbe87..38f526d215 100644
--- a/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml
@@ -58,7 +58,7 @@ spec:
- name: CS_PORT
value: "{{ .Values.config.cassandraThriftClientPort }}"
- name: CS_AUTHENTICATE
- value: "{{ .Values.config.cassandaAuthenticationEnabled }}"
+ value: "{{ .Values.config.cassandraAuthenticationEnabled }}"
- name: CS_USER
valueFrom:
secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: sdc_user}
diff --git a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
index 8f41fbd669..ed8833a9e5 100644
--- a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
@@ -40,7 +40,7 @@ initJob:
config:
javaOptions: "-Xdebug -agentlib:jdwp=transport=dt_socket,address=7001,server=y,suspend=n -Xmx1536m -Xms1536m"
- cassandaAuthenticationEnabled: true
+ cassandraAuthenticationEnabled: true
cassandraHosts: sdc-cs
cassandraThriftClientPort: 9160
cassandraClientPort: 9042
@@ -48,6 +48,13 @@ config:
sdcEndpoint: sdc-be:8080
sdcExternalUser: workflow
sdcExternalUserPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+ serverSSLEnabled: false
+ serverSSLKeyStoreType: jks
+ serverSSLKeyStorePath: /config/server-https-keystore/keystore
+ serverSSLKeyPassword: password
+ cassandraSSLEnabled: false
+ cassandraTrustStorePath: /config/cassandra-client-truststore/truststore
+ cassandraTrustStorePassword: password
# default number of instances
replicaCount: 1
@@ -72,6 +79,8 @@ service:
type: NodePort
internalPort: 8080
externalPort: 8080
+ internalPort2: 8443
+ externalPort2: 8443
portName: sdc-wfd-be
nodePort: "57"