summaryrefslogtreecommitdiffstats
path: root/kubernetes/sdc/charts/sdc-wfd-fe/templates
diff options
context:
space:
mode:
authorIlanaP <ilanap@amdocs.com>2019-11-18 21:10:08 +0200
committerIlanaP <ilanap@amdocs.com>2019-12-17 14:27:45 +0200
commitc80bff934c950c2ad75fe06b0abcc91502f57fdf (patch)
treec75408726c62d0e38c295c0aa10686cac23f2f9b /kubernetes/sdc/charts/sdc-wfd-fe/templates
parent8501d7cee5a887f9e19d5fe3671ef8180bce526b (diff)
Secure FE communications to the workflow backend
Update of the workflow fe and be charts to secure the communications and to start the backend server is https mode with a secured connection to SDC Issue-ID: OOM-1954 Signed-off-by: IlanaP <ilanap@amdocs.com> Change-Id: Ia3c4c714e317b8f8b6b4ee9245daa50eea50275f Signed-off-by: IlanaP <ilanap@amdocs.com>
Diffstat (limited to 'kubernetes/sdc/charts/sdc-wfd-fe/templates')
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-fe/templates/_helper.tpl1
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml15
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml18
3 files changed, 16 insertions, 18 deletions
diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/_helper.tpl b/kubernetes/sdc/charts/sdc-wfd-fe/templates/_helper.tpl
new file mode 100644
index 0000000000..546bab7ddf
--- /dev/null
+++ b/kubernetes/sdc/charts/sdc-wfd-fe/templates/_helper.tpl
@@ -0,0 +1 @@
+{{- define "wfd-fe.internalPort" }}{{ if .Values.config.isHttpsEnabled }}{{ .Values.service.internalPort2 }}{{ else }}{{ .Values.service.internalPort }}{{ end }}{{- end }}
diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml
index 1daee714b6..08ecaa6daa 100644
--- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml
@@ -50,18 +50,17 @@ spec:
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- - containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
+ - containerPort: {{ template "wfd-fe.internalPort" . }}
{{ if .Values.liveness.enabled }}
livenessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort }}
+ port: {{ template "wfd-fe.internalPort" . }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end }}
readinessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort }}
+ port: {{ template "wfd-fe.internalPort" . }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
@@ -75,13 +74,17 @@ spec:
value: "{{ .Values.config.isHttpsEnabled}}"
{{ if and .Values.config.isHttpsEnabled (eq .Values.security.isDefaultStore false) }}
- name: KEYSTORE_PASS
- value: "{{ .Values.security.keystorePass}}"
+ valueFrom:
+ secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: keystore_password}
- name: TRUSTSTORE_PASS
- value: "{{ .Values.security.truststorePass}}"
+ valueFrom:
+ secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: truststore_password}
- name: TRUSTSTORE_PATH
value: "{{ .Values.security.storePath }}/{{ .Values.security.truststoreFilename }}"
- name: KEYSTORE_PATH
value: "{{ .Values.security.storePath }}/{{ .Values.security.keystoreFilename }}"
+ - name: TRUST_ALL
+ value: "{{ .Values.config.isTrustAll}}"
{{ end }}
volumeMounts:
- name: {{ include "common.fullname" . }}-localtime
diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml
index 87ca3607d7..d8a105513a 100644
--- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml
@@ -29,7 +29,7 @@ metadata:
"version": "v1",
"url": "/",
"protocol": "UI",
- "port": "{{ .Values.service.internalPort }}",
+ "port": "{{ .Values.service.internalPort2 }}",
"visualRange":"0|1"
}
]'
@@ -37,19 +37,13 @@ spec:
type: {{ .Values.service.type }}
ports:
{{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
+ - port: {{ template "wfd-fe.internalPort" . }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName | default "http" }}
- - port: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName2 | default "https" }}
+ name: {{ .Values.service.portName }}
{{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName | default "http" }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName2 | default "https" }}
+ - port: {{ if .Values.config.isHttpsEnabled }}{{ .Values.service.externalPort2 }}{{ else }}{{ .Values.service.externalPort }}{{ end }}
+ targetPort: {{ template "wfd-fe.internalPort" . }}
+ name: {{ .Values.service.portName }}
{{- end}}
selector:
app: {{ include "common.name" . }}