Secure FE communications to the workflow backend

Update of the workflow fe and be charts to secure the communications and to start the backend server is https mode with a secured connection to SDC Issue-ID: OOM-1954 Signed-off-by: IlanaP <ilanap@amdocs.com> Change-Id: Ia3c4c714e317b8f8b6b4ee9245daa50eea50275f Signed-off-by: IlanaP <ilanap@amdocs.com>
author: IlanaP <ilanap@amdocs.com> 2019-11-18 21:10:08 +0200
committer: IlanaP <ilanap@amdocs.com> 2019-12-17 14:27:45 +0200
commit: c80bff934c950c2ad75fe06b0abcc91502f57fdf (patch)
tree: c75408726c62d0e38c295c0aa10686cac23f2f9b /kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml
parent: 8501d7cee5a887f9e19d5fe3671ef8180bce526b (diff)
1 files changed, 9 insertions, 6 deletions
diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml
index 1daee714b6..08ecaa6daa 100644
--- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml
@@ -50,18 +50,17 @@ spec:
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
-          - containerPort: {{ .Values.service.internalPort }}
-          - containerPort: {{ .Values.service.internalPort2 }}
+          - containerPort: {{ template "wfd-fe.internalPort" . }}
           {{ if .Values.liveness.enabled }}
           livenessProbe:
             tcpSocket:
-              port: {{ .Values.service.internalPort }}
+              port: {{ template "wfd-fe.internalPort" . }}
             initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
             periodSeconds: {{ .Values.liveness.periodSeconds }}
           {{ end }}
           readinessProbe:
             tcpSocket:
-              port: {{ .Values.service.internalPort }}
+              port: {{ template "wfd-fe.internalPort" . }}
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
           env:
@@ -75,13 +74,17 @@ spec:
             value: "{{ .Values.config.isHttpsEnabled}}"
             {{ if and .Values.config.isHttpsEnabled (eq .Values.security.isDefaultStore false) }}
           - name: KEYSTORE_PASS
-            value: "{{ .Values.security.keystorePass}}"
+            valueFrom:
+              secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: keystore_password}
           - name: TRUSTSTORE_PASS
-            value: "{{ .Values.security.truststorePass}}"
+            valueFrom:
+              secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: truststore_password}
           - name: TRUSTSTORE_PATH
             value: "{{ .Values.security.storePath }}/{{ .Values.security.truststoreFilename }}"
           - name: KEYSTORE_PATH
             value: "{{ .Values.security.storePath }}/{{ .Values.security.keystoreFilename }}"
+          - name: TRUST_ALL
+            value: "{{ .Values.config.isTrustAll}}"
             {{ end }}
           volumeMounts:
           - name: {{ include "common.fullname" . }}-localtime
author	IlanaP <ilanap@amdocs.com>	2019-11-18 21:10:08 +0200
committer	IlanaP <ilanap@amdocs.com>	2019-12-17 14:27:45 +0200
commit	c80bff934c950c2ad75fe06b0abcc91502f57fdf (patch)
tree	c75408726c62d0e38c295c0aa10686cac23f2f9b /kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml
parent	8501d7cee5a887f9e19d5fe3671ef8180bce526b (diff)