diff options
author | Borislav Glozman <Borislav.Glozman@amdocs.com> | 2019-03-20 14:50:16 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2019-03-20 14:50:16 +0000 |
commit | f0b50f8ea7ce03a3a57f1c39ffca4c7b6f46286a (patch) | |
tree | 9e29d9bbc12d614ee53e70bf501445a8fce2e63c | |
parent | 609ea28886b7aefa77cc6fca064fc363fcaa71a5 (diff) | |
parent | bd7fbe2babda72ce78049ab7d6b3e7c963cae996 (diff) |
Merge "Support HTTPS and SSL Cassandra in workflow"
-rw-r--r-- | kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml | 41 | ||||
-rw-r--r-- | kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml | 2 | ||||
-rw-r--r-- | kubernetes/sdc/charts/sdc-wfd-be/values.yaml | 11 |
3 files changed, 52 insertions, 2 deletions
diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml index 84285c4a29..26ad05555a 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml @@ -54,6 +54,7 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} + - containerPort: {{ .Values.service.internalPort2 }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{ if .Values.liveness.enabled }} @@ -75,12 +76,20 @@ spec: value: "{{ .Values.config.cassandraHosts }}" - name: CS_PORT value: "{{ .Values.config.cassandraClientPort }}" + - name: CS_AUTHENTICATE + value: "{{ .Values.config.cassandraAuthenticationEnabled }}" - name: CS_USER valueFrom: secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: sdc_user} - name: CS_PASSWORD valueFrom: secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: sdc_password} + - name: CS_SSL_ENABLED + value: "{{ .Values.config.cassandraSSLEnabled }}" + - name: CS_TRUST_STORE_PATH + value: "{{ .Values.config.cassandraTrustStorePath }}" + - name: CS_TRUST_STORE_PASSWORD + value: "{{ .Values.config.cassandraTrustStorePassword }}" - name: SDC_PROTOCOL value: "{{ .Values.config.sdcProtocol }}" - name: SDC_ENDPOINT @@ -89,5 +98,37 @@ spec: value: "{{ .Values.config.sdcExternalUser }}" - name: SDC_PASSWORD value: "{{ .Values.config.sdcExternalUserPassword }}" + - name: SERVER_SSL_ENABLED + value: "{{ .Values.config.serverSSLEnabled }}" + - name: SERVER_SSL_KEYSTORE_TYPE + value: "{{ .Values.config.ser }}" + - name: SERVER_SSL_KEYSTORE_PATH + value: "{{ .Values.config.serverSSLKeyStorePath }}" + - name: SERVER_SSL_KEY_PASSWORD + value: "{{ .Values.config.serverSSLKeyPassword }}" + volumeMounts: + {{ if .Values.config.cassandraSSLEnabled }} + - name: {{ include "common.fullname" . }}-cassandra-client-truststore + mountPath: /config/cassandra-client-truststore + subPath: truststore + readOnly: true + {{- end }} + {{ if .Values.config.serverSSLEnabled }} + - name: {{ include "common.fullname" . }}-server-https-keystore + mountPath: /config/server-https-keystore + subPath: keystore + readOnly: true + {{- end }} + volumes: + {{ if .Values.config.cassandraSSLEnabled }} + - name: {{ include "common.fullname" . }}-cassandra-client-truststore + hostPath: + path: /config/cassandra-client-truststore + {{- end }} + {{ if .Values.config.serverSSLEnabled }} + - name: {{ include "common.fullname" . }}-server-https-keystore + hostPath: + path: /config/server-https-keystore + {{- end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml b/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml index 2cfdacbe87..38f526d215 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml @@ -58,7 +58,7 @@ spec: - name: CS_PORT value: "{{ .Values.config.cassandraThriftClientPort }}" - name: CS_AUTHENTICATE - value: "{{ .Values.config.cassandaAuthenticationEnabled }}" + value: "{{ .Values.config.cassandraAuthenticationEnabled }}" - name: CS_USER valueFrom: secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: sdc_user} diff --git a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml index 8f41fbd669..ed8833a9e5 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml @@ -40,7 +40,7 @@ initJob: config: javaOptions: "-Xdebug -agentlib:jdwp=transport=dt_socket,address=7001,server=y,suspend=n -Xmx1536m -Xms1536m" - cassandaAuthenticationEnabled: true + cassandraAuthenticationEnabled: true cassandraHosts: sdc-cs cassandraThriftClientPort: 9160 cassandraClientPort: 9042 @@ -48,6 +48,13 @@ config: sdcEndpoint: sdc-be:8080 sdcExternalUser: workflow sdcExternalUserPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + serverSSLEnabled: false + serverSSLKeyStoreType: jks + serverSSLKeyStorePath: /config/server-https-keystore/keystore + serverSSLKeyPassword: password + cassandraSSLEnabled: false + cassandraTrustStorePath: /config/cassandra-client-truststore/truststore + cassandraTrustStorePassword: password # default number of instances replicaCount: 1 @@ -72,6 +79,8 @@ service: type: NodePort internalPort: 8080 externalPort: 8080 + internalPort2: 8443 + externalPort2: 8443 portName: sdc-wfd-be nodePort: "57" |