diff options
author | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2020-03-04 11:31:11 +0100 |
---|---|---|
committer | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2020-03-06 09:04:31 +0100 |
commit | 88b2f92e51dc29461e0ebe443a24b9e5d99b11be (patch) | |
tree | ba7b43fa3056c09b4fb32a79ba7fc26f2d2f48c6 /kubernetes/common/common/templates/_serviceMesh.tpl | |
parent | ff1c5075c21a7fe77e9be438eb1831c5dbcb552f (diff) |
[COMMON] Handle TLS/Non-TLS for Service
Current service and headlessService templates doesn't handle the fact
that out of cluster ports must be TLS encrypted only.
With a new (backward compatible) DSL, this is now possible.
In values.yaml, all ports in service part with port AND plain_port will
have the ability to be HTTP or HTTPS depending on the context.
Per default, they'll be HTTPS.
TLS choice will be done according this table:
| tlsOverride | global.tlsEnabled | global.serviceMesh.enabled | global.serviceMesh.tls | result |
|-------------|-------------------|----------------------------|------------------------|--------|
| not present | not present | not present | any | true |
| not present | not present | false | any | true |
| not present | not present | true | false | true |
| not present | not present | true | true | false |
| not present | true | any | any | true |
| not present | false | any | any | false |
| true | any | any | any | true |
| false | any | any | any | false |
Service template will create one or two service templates according to this table:
| serviceType | both_tls_and_plain | result |
|---------------|--------------------|--------------|
| ClusterIP | any | one Service |
| Not ClusterIP | not present | one Service |
| Not ClusterIP | false | one Service |
| Not ClusterIP | true | two Services |
If two services are created, one is ClusterIP with both crypted and plain
ports and the other one is NodePort (or LoadBalancer) with crypted port only.
Issue-ID: OOM-1936
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: If766dd73132022d1a6e578fd36113c461bb91ea5
Diffstat (limited to 'kubernetes/common/common/templates/_serviceMesh.tpl')
-rw-r--r-- | kubernetes/common/common/templates/_serviceMesh.tpl | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/kubernetes/common/common/templates/_serviceMesh.tpl b/kubernetes/common/common/templates/_serviceMesh.tpl new file mode 100644 index 0000000000..6b6a26fc45 --- /dev/null +++ b/kubernetes/common/common/templates/_serviceMesh.tpl @@ -0,0 +1,27 @@ +{/* +# Copyright © 2020 Amdocs, Bell Canada, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + + +{/* + Calculate if we are on service mesh. +*/}} +{{- define "common.onServiceMesh" -}} +{{- if .Values.global.serviceMesh -}} +{{- if (default false .Values.global.serviceMesh.enabled) -}} +true +{{- end -}} +{{- end -}} +{{- end -}} |