diff options
| author |   IlanaP <ilanap@amdocs.com> | 2019-11-18 21:10:08 +0200 |
|---|---|---|
| committer | IlanaP <ilanap@amdocs.com> | 2019-12-17 14:27:45 +0200 |
| commit | c80bff934c950c2ad75fe06b0abcc91502f57fdf (patch) | |
| tree | c75408726c62d0e38c295c0aa10686cac23f2f9b /kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml | |
| parent | 8501d7cee5a887f9e19d5fe3671ef8180bce526b (diff) | |
Secure FE communications to the workflow backend
Update of the workflow fe and be charts to secure the communications and to start the backend server is https mode with a secured connection to SDC
Issue-ID: OOM-1954
Signed-off-by: IlanaP <ilanap@amdocs.com>
Change-Id: Ia3c4c714e317b8f8b6b4ee9245daa50eea50275f
Signed-off-by: IlanaP <ilanap@amdocs.com>
Diffstat (limited to 'kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml')
| -rw-r--r-- | kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml | 27 |
1 files changed, 16 insertions, 11 deletions
diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml index 31ab7d5eaf..00a986f4d2 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml @@ -53,20 +53,19 @@ spec: image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - - containerPort: {{ .Values.service.internalPort }} - - containerPort: {{ .Values.service.internalPort2 }} + - containerPort: {{ template "wfd-be.internalPort" . }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{ if .Values.liveness.enabled }} livenessProbe: tcpSocket: - port: {{ .Values.service.internalPort2 }} + port: {{ template "wfd-be.internalPort" . }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end }} readinessProbe: tcpSocket: - port: {{ .Values.service.internalPort2 }} + port: {{ template "wfd-be.internalPort" . }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: @@ -89,7 +88,8 @@ spec: - name: CS_TRUST_STORE_PATH value: "{{ .Values.config.cassandraTrustStorePath }}" - name: CS_TRUST_STORE_PASSWORD - value: "{{ .Values.config.cassandraTrustStorePassword }}" + valueFrom: + secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: cs_truststore_password} - name: SDC_PROTOCOL value: "{{ .Values.config.sdcProtocol }}" - name: SDC_ENDPOINT @@ -97,7 +97,8 @@ spec: - name: SDC_USER value: "{{ .Values.config.sdcExternalUser }}" - name: SDC_PASSWORD - value: "{{ .Values.config.sdcExternalUserPassword }}" + valueFrom: + secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: wf_external_user_password} - name: SERVER_SSL_ENABLED value: "{{ .Values.config.serverSSLEnabled }}" - name: SERVER_SSL_KEYSTORE_TYPE @@ -105,10 +106,14 @@ spec: - name: SERVER_SSL_KEYSTORE_PATH value: "{{ .Values.config.serverSSLKeyStorePath }}" - name: SERVER_SSL_KEY_PASSWORD - value: "{{ .Values.config.serverSSLKeyPassword }}" - volumeMounts: - {{- template "sdc-wfd-be.volumeMounts" . }} - volumes: - {{- template "sdc-wfd-be.volumes" . }} + valueFrom: + secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: keystore_password} + - name: SERVER_SSL_TRUSTSTORE_TYPE + value: "{{ .Values.config.serverSSLTrustStoreType }}" + - name: SERVER_SSL_TRUSTSTORE_PATH + value: "{{ .Values.config.serverSSLTrustStorePath }}" + - name: SERVER_SSL_TRUST_PASSWORD + valueFrom: + secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: truststore_password} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" |