diff options
author | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2019-12-17 18:57:12 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2019-12-17 18:57:12 +0000 |
commit | 4a18669124ad341e06ffec59711a477d7223c873 (patch) | |
tree | d5a9a171e72a50b2971db9e479f31936c5e332b4 /kubernetes/sdc/charts/sdc-wfd-fe | |
parent | 448a16ef7f4816620fb45e842a664c6e6dc65c52 (diff) | |
parent | c80bff934c950c2ad75fe06b0abcc91502f57fdf (diff) |
Merge "Secure FE communications to the workflow backend"
Diffstat (limited to 'kubernetes/sdc/charts/sdc-wfd-fe')
4 files changed, 22 insertions, 27 deletions
diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/_helper.tpl b/kubernetes/sdc/charts/sdc-wfd-fe/templates/_helper.tpl new file mode 100644 index 0000000000..546bab7ddf --- /dev/null +++ b/kubernetes/sdc/charts/sdc-wfd-fe/templates/_helper.tpl @@ -0,0 +1 @@ +{{- define "wfd-fe.internalPort" }}{{ if .Values.config.isHttpsEnabled }}{{ .Values.service.internalPort2 }}{{ else }}{{ .Values.service.internalPort }}{{ end }}{{- end }} diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml index 1daee714b6..08ecaa6daa 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml @@ -50,18 +50,17 @@ spec: image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - - containerPort: {{ .Values.service.internalPort }} - - containerPort: {{ .Values.service.internalPort2 }} + - containerPort: {{ template "wfd-fe.internalPort" . }} {{ if .Values.liveness.enabled }} livenessProbe: tcpSocket: - port: {{ .Values.service.internalPort }} + port: {{ template "wfd-fe.internalPort" . }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end }} readinessProbe: tcpSocket: - port: {{ .Values.service.internalPort }} + port: {{ template "wfd-fe.internalPort" . }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: @@ -75,13 +74,17 @@ spec: value: "{{ .Values.config.isHttpsEnabled}}" {{ if and .Values.config.isHttpsEnabled (eq .Values.security.isDefaultStore false) }} - name: KEYSTORE_PASS - value: "{{ .Values.security.keystorePass}}" + valueFrom: + secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: keystore_password} - name: TRUSTSTORE_PASS - value: "{{ .Values.security.truststorePass}}" + valueFrom: + secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: truststore_password} - name: TRUSTSTORE_PATH value: "{{ .Values.security.storePath }}/{{ .Values.security.truststoreFilename }}" - name: KEYSTORE_PATH value: "{{ .Values.security.storePath }}/{{ .Values.security.keystoreFilename }}" + - name: TRUST_ALL + value: "{{ .Values.config.isTrustAll}}" {{ end }} volumeMounts: - name: {{ include "common.fullname" . }}-localtime diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml index 87ca3607d7..d8a105513a 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml @@ -29,7 +29,7 @@ metadata: "version": "v1", "url": "/", "protocol": "UI", - "port": "{{ .Values.service.internalPort }}", + "port": "{{ .Values.service.internalPort2 }}", "visualRange":"0|1" } ]' @@ -37,19 +37,13 @@ spec: type: {{ .Values.service.type }} ports: {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} + - port: {{ template "wfd-fe.internalPort" . }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName | default "http" }} - - port: {{ .Values.service.internalPort2 }} - nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort2 }} - name: {{ .Values.service.portName2 | default "https" }} + name: {{ .Values.service.portName }} {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName | default "http" }} - - port: {{ .Values.service.externalPort2 }} - targetPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.portName2 | default "https" }} + - port: {{ if .Values.config.isHttpsEnabled }}{{ .Values.service.externalPort2 }}{{ else }}{{ .Values.service.externalPort }}{{ end }} + targetPort: {{ template "wfd-fe.internalPort" . }} + name: {{ .Values.service.portName }} {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml index 4de1b20249..fc30297885 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/workflow-frontend:1.5.2 +image: onap/workflow-frontend:1.6.0 pullPolicy: Always # flag to enable debugging - application support required @@ -36,16 +36,15 @@ debugEnabled: false config: javaOptions: "-Xmx256m -Xms256m" - backendServerURL: "http://sdc-wfd-be:8080" + backendServerURL: "https://sdc-wfd-be:8443" isHttpsEnabled: true - + # following flag decides whether to check the certificate on the outgoing proxy request or whether to trust all parties + isTrustAll: true # https relevant settings. Change in case you have other trust files then default ones. security: isDefaultStore: false truststoreFilename: "org.onap.sdc.trust.jks" keystoreFilename: "org.onap.sdc.p12" - keystorePass: "!ppJ.JvWn0hGh)oVF]([Kv)^" - truststorePass: "].][xgtze]hBhz*wy]}m#lf*" storePath: "etc" # default number of instances @@ -71,12 +70,10 @@ service: type: NodePort internalPort: 8080 externalPort: 8080 - portName: sdc-wfd-fe - nodePort: "56" - portName2: sdc-wfd-fe2 internalPort2: 8443 externalPort2: 8443 - nodePort2: "31" + portName: sdc-wfd-fe + nodePort: "56" # only one node port. set to http or https port depending on isHttpsEnabled property ingress: enabled: false |