summaryrefslogtreecommitdiffstats
path: root/kubernetes/sdc/charts/sdc-wfd-fe
diff options
context:
space:
mode:
authorSylvain Desbureaux <sylvain.desbureaux@orange.com>2019-12-17 18:57:12 +0000
committerGerrit Code Review <gerrit@onap.org>2019-12-17 18:57:12 +0000
commit4a18669124ad341e06ffec59711a477d7223c873 (patch)
treed5a9a171e72a50b2971db9e479f31936c5e332b4 /kubernetes/sdc/charts/sdc-wfd-fe
parent448a16ef7f4816620fb45e842a664c6e6dc65c52 (diff)
parentc80bff934c950c2ad75fe06b0abcc91502f57fdf (diff)
Merge "Secure FE communications to the workflow backend"
Diffstat (limited to 'kubernetes/sdc/charts/sdc-wfd-fe')
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-fe/templates/_helper.tpl1
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml15
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml18
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-fe/values.yaml15
4 files changed, 22 insertions, 27 deletions
diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/_helper.tpl b/kubernetes/sdc/charts/sdc-wfd-fe/templates/_helper.tpl
new file mode 100644
index 0000000000..546bab7ddf
--- /dev/null
+++ b/kubernetes/sdc/charts/sdc-wfd-fe/templates/_helper.tpl
@@ -0,0 +1 @@
+{{- define "wfd-fe.internalPort" }}{{ if .Values.config.isHttpsEnabled }}{{ .Values.service.internalPort2 }}{{ else }}{{ .Values.service.internalPort }}{{ end }}{{- end }}
diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml
index 1daee714b6..08ecaa6daa 100644
--- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml
@@ -50,18 +50,17 @@ spec:
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- - containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
+ - containerPort: {{ template "wfd-fe.internalPort" . }}
{{ if .Values.liveness.enabled }}
livenessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort }}
+ port: {{ template "wfd-fe.internalPort" . }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end }}
readinessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort }}
+ port: {{ template "wfd-fe.internalPort" . }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
@@ -75,13 +74,17 @@ spec:
value: "{{ .Values.config.isHttpsEnabled}}"
{{ if and .Values.config.isHttpsEnabled (eq .Values.security.isDefaultStore false) }}
- name: KEYSTORE_PASS
- value: "{{ .Values.security.keystorePass}}"
+ valueFrom:
+ secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: keystore_password}
- name: TRUSTSTORE_PASS
- value: "{{ .Values.security.truststorePass}}"
+ valueFrom:
+ secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: truststore_password}
- name: TRUSTSTORE_PATH
value: "{{ .Values.security.storePath }}/{{ .Values.security.truststoreFilename }}"
- name: KEYSTORE_PATH
value: "{{ .Values.security.storePath }}/{{ .Values.security.keystoreFilename }}"
+ - name: TRUST_ALL
+ value: "{{ .Values.config.isTrustAll}}"
{{ end }}
volumeMounts:
- name: {{ include "common.fullname" . }}-localtime
diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml
index 87ca3607d7..d8a105513a 100644
--- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml
@@ -29,7 +29,7 @@ metadata:
"version": "v1",
"url": "/",
"protocol": "UI",
- "port": "{{ .Values.service.internalPort }}",
+ "port": "{{ .Values.service.internalPort2 }}",
"visualRange":"0|1"
}
]'
@@ -37,19 +37,13 @@ spec:
type: {{ .Values.service.type }}
ports:
{{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
+ - port: {{ template "wfd-fe.internalPort" . }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName | default "http" }}
- - port: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName2 | default "https" }}
+ name: {{ .Values.service.portName }}
{{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName | default "http" }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName2 | default "https" }}
+ - port: {{ if .Values.config.isHttpsEnabled }}{{ .Values.service.externalPort2 }}{{ else }}{{ .Values.service.externalPort }}{{ end }}
+ targetPort: {{ template "wfd-fe.internalPort" . }}
+ name: {{ .Values.service.portName }}
{{- end}}
selector:
app: {{ include "common.name" . }}
diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml
index 4de1b20249..fc30297885 100644
--- a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml
@@ -28,7 +28,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/workflow-frontend:1.5.2
+image: onap/workflow-frontend:1.6.0
pullPolicy: Always
# flag to enable debugging - application support required
@@ -36,16 +36,15 @@ debugEnabled: false
config:
javaOptions: "-Xmx256m -Xms256m"
- backendServerURL: "http://sdc-wfd-be:8080"
+ backendServerURL: "https://sdc-wfd-be:8443"
isHttpsEnabled: true
-
+ # following flag decides whether to check the certificate on the outgoing proxy request or whether to trust all parties
+ isTrustAll: true
# https relevant settings. Change in case you have other trust files then default ones.
security:
isDefaultStore: false
truststoreFilename: "org.onap.sdc.trust.jks"
keystoreFilename: "org.onap.sdc.p12"
- keystorePass: "!ppJ.JvWn0hGh)oVF]([Kv)^"
- truststorePass: "].][xgtze]hBhz*wy]}m#lf*"
storePath: "etc"
# default number of instances
@@ -71,12 +70,10 @@ service:
type: NodePort
internalPort: 8080
externalPort: 8080
- portName: sdc-wfd-fe
- nodePort: "56"
- portName2: sdc-wfd-fe2
internalPort2: 8443
externalPort2: 8443
- nodePort2: "31"
+ portName: sdc-wfd-fe
+ nodePort: "56" # only one node port. set to http or https port depending on isHttpsEnabled property
ingress:
enabled: false