Add TLS server support for CM and CBS

Issue-ID: DCAEGEN2-909 Issue-ID: DCAEGEN2-904 Issue-ID: DCAEGEN2-1513 Issue-ID: DCAEGEN2-1550 Issue-ID: DCAEGEN2-1550 Change-Id: Ia59284e3ed786dcecd397482ca04b6b06c7e610d Signed-off-by: Jack Lucas <jflucas@research.att.com>
author: Jack Lucas <jflucas@research.att.com> 2019-05-31 08:35:34 -0400
committer: Jack Lucas <jflucas@research.att.com> 2019-06-27 15:41:04 +0000
commit: c5f685fd58b54f2a6fb21d33cc427f487db6be2b (patch)
tree: cd8873fb75399fa41802d9987921ea5f2ff5f2fa /kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates
parent: 3befe3f9fe76963beb76b360dac9ea8743616a72 (diff)
1 files changed, 26 insertions, 0 deletions
diff --git a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml
index d6c58cd75f..b3e90a2efb 100644
--- a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml
@@ -34,6 +34,12 @@ spec:
         app: {{ include "common.name" . }}
         release: {{ .Release.Name }}
     spec:
+      # host alias allows local 'cfy' command to use https and match
+      # the host name in the certificate
+      hostAliases:
+      - ip: "127.0.0.1"
+        hostnames:
+        - "dcae-cloudify-manager"
       initContainers:
       - name: {{ include "common.name" . }}-multisite-init
         image: {{ include "common.repository" . }}/{{ .Values.multisiteInitImage }}
@@ -44,10 +50,26 @@ spec:
           - --configmap
           - {{ .Values.multisiteConfigMapName }}
         restartPolicy: Never
+      - name: init-tls
+        env:
+          - name: POD_IP
+            valueFrom:
+              fieldRef:
+                apiVersion: v1
+                fieldPath: status.podIP
+        image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        resources: {}
+        volumeMounts:
+            - mountPath: /opt/tls/shared
+              name: tls-info
       containers:
         - name: {{ include "common.name" . }}
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          env:
+            - name: REQUESTS_CA_BUNDLE
+              value: "/opt/onap/certs/cacert.pem"
           resources:
 {{ include "common.resources" . | indent 12 }}
           ports:
@@ -86,6 +108,8 @@ spec:
             readOnly: true
           - mountPath: /cfy-persist
             name: cm-persistent
+          - mountPath: /opt/onap/certs
+            name: tls-info
           securityContext:
             privileged: True
       volumes:
@@ -107,5 +131,7 @@ spec:
         - name: cm-persistent
           persistentVolumeClaim:
             claimName: {{ include "common.fullname" . }}-data
+        - emptyDir: {}
+          name: tls-info
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
author	Jack Lucas <jflucas@research.att.com>	2019-05-31 08:35:34 -0400
committer	Jack Lucas <jflucas@research.att.com>	2019-06-27 15:41:04 +0000
commit	c5f685fd58b54f2a6fb21d33cc427f487db6be2b (patch)
tree	cd8873fb75399fa41802d9987921ea5f2ff5f2fa /kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates
parent	3befe3f9fe76963beb76b360dac9ea8743616a72 (diff)