aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBorislav Glozman <Borislav.Glozman@amdocs.com>2019-03-20 14:50:16 +0000
committerGerrit Code Review <gerrit@onap.org>2019-03-20 14:50:16 +0000
commitf0b50f8ea7ce03a3a57f1c39ffca4c7b6f46286a (patch)
tree9e29d9bbc12d614ee53e70bf501445a8fce2e63c
parent609ea28886b7aefa77cc6fca064fc363fcaa71a5 (diff)
parentbd7fbe2babda72ce78049ab7d6b3e7c963cae996 (diff)
Merge "Support HTTPS and SSL Cassandra in workflow"
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml41
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml2
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-be/values.yaml11
3 files changed, 52 insertions, 2 deletions
diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml
index 84285c4a29..26ad05555a 100644
--- a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml
@@ -54,6 +54,7 @@ spec:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- containerPort: {{ .Values.service.internalPort }}
+ - containerPort: {{ .Values.service.internalPort2 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{ if .Values.liveness.enabled }}
@@ -75,12 +76,20 @@ spec:
value: "{{ .Values.config.cassandraHosts }}"
- name: CS_PORT
value: "{{ .Values.config.cassandraClientPort }}"
+ - name: CS_AUTHENTICATE
+ value: "{{ .Values.config.cassandraAuthenticationEnabled }}"
- name: CS_USER
valueFrom:
secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: sdc_user}
- name: CS_PASSWORD
valueFrom:
secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: sdc_password}
+ - name: CS_SSL_ENABLED
+ value: "{{ .Values.config.cassandraSSLEnabled }}"
+ - name: CS_TRUST_STORE_PATH
+ value: "{{ .Values.config.cassandraTrustStorePath }}"
+ - name: CS_TRUST_STORE_PASSWORD
+ value: "{{ .Values.config.cassandraTrustStorePassword }}"
- name: SDC_PROTOCOL
value: "{{ .Values.config.sdcProtocol }}"
- name: SDC_ENDPOINT
@@ -89,5 +98,37 @@ spec:
value: "{{ .Values.config.sdcExternalUser }}"
- name: SDC_PASSWORD
value: "{{ .Values.config.sdcExternalUserPassword }}"
+ - name: SERVER_SSL_ENABLED
+ value: "{{ .Values.config.serverSSLEnabled }}"
+ - name: SERVER_SSL_KEYSTORE_TYPE
+ value: "{{ .Values.config.ser }}"
+ - name: SERVER_SSL_KEYSTORE_PATH
+ value: "{{ .Values.config.serverSSLKeyStorePath }}"
+ - name: SERVER_SSL_KEY_PASSWORD
+ value: "{{ .Values.config.serverSSLKeyPassword }}"
+ volumeMounts:
+ {{ if .Values.config.cassandraSSLEnabled }}
+ - name: {{ include "common.fullname" . }}-cassandra-client-truststore
+ mountPath: /config/cassandra-client-truststore
+ subPath: truststore
+ readOnly: true
+ {{- end }}
+ {{ if .Values.config.serverSSLEnabled }}
+ - name: {{ include "common.fullname" . }}-server-https-keystore
+ mountPath: /config/server-https-keystore
+ subPath: keystore
+ readOnly: true
+ {{- end }}
+ volumes:
+ {{ if .Values.config.cassandraSSLEnabled }}
+ - name: {{ include "common.fullname" . }}-cassandra-client-truststore
+ hostPath:
+ path: /config/cassandra-client-truststore
+ {{- end }}
+ {{ if .Values.config.serverSSLEnabled }}
+ - name: {{ include "common.fullname" . }}-server-https-keystore
+ hostPath:
+ path: /config/server-https-keystore
+ {{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml b/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml
index 2cfdacbe87..38f526d215 100644
--- a/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml
@@ -58,7 +58,7 @@ spec:
- name: CS_PORT
value: "{{ .Values.config.cassandraThriftClientPort }}"
- name: CS_AUTHENTICATE
- value: "{{ .Values.config.cassandaAuthenticationEnabled }}"
+ value: "{{ .Values.config.cassandraAuthenticationEnabled }}"
- name: CS_USER
valueFrom:
secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: sdc_user}
diff --git a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
index 8f41fbd669..ed8833a9e5 100644
--- a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
@@ -40,7 +40,7 @@ initJob:
config:
javaOptions: "-Xdebug -agentlib:jdwp=transport=dt_socket,address=7001,server=y,suspend=n -Xmx1536m -Xms1536m"
- cassandaAuthenticationEnabled: true
+ cassandraAuthenticationEnabled: true
cassandraHosts: sdc-cs
cassandraThriftClientPort: 9160
cassandraClientPort: 9042
@@ -48,6 +48,13 @@ config:
sdcEndpoint: sdc-be:8080
sdcExternalUser: workflow
sdcExternalUserPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+ serverSSLEnabled: false
+ serverSSLKeyStoreType: jks
+ serverSSLKeyStorePath: /config/server-https-keystore/keystore
+ serverSSLKeyPassword: password
+ cassandraSSLEnabled: false
+ cassandraTrustStorePath: /config/cassandra-client-truststore/truststore
+ cassandraTrustStorePassword: password
# default number of instances
replicaCount: 1
@@ -72,6 +79,8 @@ service:
type: NodePort
internalPort: 8080
externalPort: 8080
+ internalPort2: 8443
+ externalPort2: 8443
portName: sdc-wfd-be
nodePort: "57"