Add Pluggable Security to aai-resources

Note that by default this feature is turned off. To enable update the
installSidecarSecurity in aai/values.yaml to true.

Change-Id: If5d2be859ead2f0bd81aabb4fde749f105974bcf
Issue-ID: AAF-616
Signed-off-by: Ravi Geda <gravik@amdocs.com>

2 files changed, 12 insertions, 0 deletions

diff --git a/kubernetes/aai/templates/configmap.yaml b/kubernetes/aai/templates/configmap.yaml
index 212f9cdc4c..a23ed5fdc7 100644
--- a/kubernetes/aai/templates/configmap.yaml
+++ b/kubernetes/aai/templates/configmap.yaml
@@ -37,7 +37,11 @@ metadata:
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
 data:
+{{ if .Values.global.installSidecarSecurity }}
+{{ tpl (.Files.Glob "resources/config/haproxy/haproxy-pluggable-security.cfg").AsConfig . | indent 2 }}
+{{ else }}
 {{ tpl (.Files.Glob "resources/config/haproxy/haproxy.cfg").AsConfig . | indent 2 }}
+{{ end }}
 ---
 apiVersion: v1
 kind: Secret
diff --git a/kubernetes/aai/templates/deployment.yaml b/kubernetes/aai/templates/deployment.yaml
index 3f16e25ffd..1f337e4374 100644
--- a/kubernetes/aai/templates/deployment.yaml
+++ b/kubernetes/aai/templates/deployment.yaml
@@ -64,7 +64,11 @@ spec:
         - mountPath: /dev/log
           name: aai-service-log
         - mountPath: /usr/local/etc/haproxy/haproxy.cfg
+        {{ if .Values.global.installSidecarSecurity }}
+          subPath: haproxy-pluggable-security.cfg
+        {{ else }}
           subPath: haproxy.cfg
+        {{ end }}
           name: haproxy-cfg
         ports:
         - containerPort: {{ .Values.service.internalPort }}
@@ -86,6 +90,10 @@ spec:
             httpHeaders:
             - name: X-FromAppId
               value: OOM_ReadinessCheck
+      {{ if .Values.global.installSidecarSecurity }}
+            - name: Authorization
+              value: Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==
+      {{ end }}
             - name: X-TransactionId
               value: {{ uuidv4 }}
             - name: Accept