diff options
author | othman touijer <othman.touijer@soprasteria.com> | 2022-01-05 14:40:37 +0100 |
---|---|---|
committer | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2022-01-25 18:26:59 +0100 |
commit | 2b764d035310d91744b4c22ace83593b9a561116 (patch) | |
tree | f637fd322498ce1246d49bf92195352f10d17a0e /kubernetes/sdc/components/sdc-wfd-fe | |
parent | 0df88b139440c5bb2f0e46e5195bc2455554dc4d (diff) |
[SDC] Service Mesh Compliance for SDC
Adding basic requirements for Service Mesh Compliance within SDC.
Change-Id: Ib9104ef2e8b6daf0b9b529288cee158b297ce9e4
Issue-ID: OOM-2253
Signed-off-by: rope252 <gareth.roper@est.tech>
Signed-off-by: othman touijer <othman.touijer@soprasteria.com>
Diffstat (limited to 'kubernetes/sdc/components/sdc-wfd-fe')
4 files changed, 17 insertions, 17 deletions
diff --git a/kubernetes/sdc/components/sdc-wfd-fe/templates/_helper.tpl b/kubernetes/sdc/components/sdc-wfd-fe/templates/_helper.tpl deleted file mode 100644 index 546bab7ddf..0000000000 --- a/kubernetes/sdc/components/sdc-wfd-fe/templates/_helper.tpl +++ /dev/null @@ -1 +0,0 @@ -{{- define "wfd-fe.internalPort" }}{{ if .Values.config.isHttpsEnabled }}{{ .Values.service.internalPort2 }}{{ else }}{{ .Values.service.internalPort }}{{ end }}{{- end }} diff --git a/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml index b703e6656c..d57309004d 100644 --- a/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml @@ -98,11 +98,11 @@ spec: ./startup.sh {{- end }} ports: - - containerPort: {{ template "wfd-fe.internalPort" . }} + - containerPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} {{ if .Values.liveness.enabled }} livenessProbe: tcpSocket: - port: {{ template "wfd-fe.internalPort" . }} + port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} successThreshold: {{ .Values.liveness.successThreshold }} @@ -110,14 +110,14 @@ spec: {{ end }} readinessProbe: tcpSocket: - port: {{ template "wfd-fe.internalPort" . }} + port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} successThreshold: {{ .Values.readiness.successThreshold }} failureThreshold: {{ .Values.readiness.failureThreshold }} startupProbe: tcpSocket: - port: {{ template "wfd-fe.internalPort" . }} + port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }} periodSeconds: {{ .Values.startup.periodSeconds }} successThreshold: {{ .Values.startup.successThreshold }} @@ -128,13 +128,13 @@ spec: - name: JAVA_OPTIONS value: {{ .Values.config.javaOptions }} - name: BACKEND - value: {{ .Values.config.backendServerURL }} + value: "{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.backendServerURL.https .Values.config.backendServerURL.http }}" - name: IS_HTTPS - value: "{{ .Values.config.isHttpsEnabled}}" - {{ if and .Values.config.isHttpsEnabled (eq .Values.security.isDefaultStore false) }} + value: "{{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}" + {{- if and (include "common.needTLS" .) (eq .Values.security.isDefaultStore false) }} - name: TRUST_ALL value: "{{ .Values.config.isTrustAll}}" - {{ end }} + {{- end }} volumeMounts: - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime diff --git a/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml index bc838ac22f..08feb5a6ed 100644 --- a/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml @@ -31,7 +31,7 @@ metadata: "version": "v1", "url": "/", "protocol": "UI", - "port": "{{ .Values.service.internalPort2 }}", + "port": "{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}", "visualRange":"0|1" } ]' @@ -39,13 +39,13 @@ spec: type: {{ .Values.service.type }} ports: {{if eq .Values.service.type "NodePort" -}} - - port: {{ template "wfd-fe.internalPort" . }} + - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} {{- else -}} - - port: {{ if .Values.config.isHttpsEnabled }}{{ .Values.service.externalPort2 }}{{ else }}{{ .Values.service.externalPort }}{{ end }} - targetPort: {{ template "wfd-fe.internalPort" . }} - name: {{ .Values.service.portName }} + - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.externalPort2 .Values.service.externalPort }} + targetPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/sdc/components/sdc-wfd-fe/values.yaml b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml index b3e3b39a41..c7e680a745 100644 --- a/kubernetes/sdc/components/sdc-wfd-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml @@ -55,8 +55,9 @@ debugEnabled: false config: javaOptions: "-Xmx256m -Xms256m" - backendServerURL: "https://sdc-wfd-be:8443" - isHttpsEnabled: true + backendServerURL: + https: "https://sdc-wfd-be:8443" + http: "http://sdc-wfd-be:8080" # following flag decides whether to check the certificate on the outgoing proxy request or whether to trust all parties isTrustAll: true # https relevant settings. Change in case you have other trust files then default ones. |