diff options
Diffstat (limited to 'kubernetes/common')
5 files changed, 41 insertions, 9 deletions
diff --git a/kubernetes/common/cassandra/templates/statefulset.yaml b/kubernetes/common/cassandra/templates/statefulset.yaml index 471f88f735..953c89d24d 100644 --- a/kubernetes/common/cassandra/templates/statefulset.yaml +++ b/kubernetes/common/cassandra/templates/statefulset.yaml @@ -100,6 +100,14 @@ spec: value: {{ default "GossipingPropertyFileSnitch" .Values.config.endpoint_snitch | quote }} - name: CASSANDRA_AUTHENTICATOR value: {{ default "PasswordAuthenticator" .Values.config.authenticator | quote }} + {{- if include "common.onServiceMesh" . }} + - name: CASSANDRA_LISTEN_ADDRESS + value: "127.0.0.1" + - name: CASSANDRA_BROADCAST_ADDRESS + valueFrom: + fieldRef: + fieldPath: status.podIP + {{- end }} - name: POD_IP valueFrom: fieldRef: diff --git a/kubernetes/common/cassandra/values.yaml b/kubernetes/common/cassandra/values.yaml index fbdf8e3e19..c3d22cedc0 100644 --- a/kubernetes/common/cassandra/values.yaml +++ b/kubernetes/common/cassandra/values.yaml @@ -55,8 +55,8 @@ affinity: {} # probe configuration parameters liveness: initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 3 + periodSeconds: 20 + timeoutSeconds: 10 successThreshold: 1 failureThreshold: 3 # necessary to disable liveness probe when setting breakpoints @@ -65,8 +65,8 @@ liveness: readiness: initialDelaySeconds: 120 - periodSeconds: 10 - timeoutSeconds: 3 + periodSeconds: 20 + timeoutSeconds: 10 successThreshold: 1 failureThreshold: 3 diff --git a/kubernetes/common/certManagerCertificate/templates/_certificate.tpl b/kubernetes/common/certManagerCertificate/templates/_certificate.tpl index 4e43f621de..f820c30ca9 100644 --- a/kubernetes/common/certManagerCertificate/templates/_certificate.tpl +++ b/kubernetes/common/certManagerCertificate/templates/_certificate.tpl @@ -181,8 +181,10 @@ spec: {{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}} {{- range $i, $certificate := $dot.Values.certificates -}} {{- $mountPath := $certificate.mountPath -}} -- mountPath: {{ $mountPath }} +- mountPath: {{ (printf "%s/secret-%d" $mountPath $i) }} name: certmanager-certs-volume-{{ $i }} +- mountPath: {{ $mountPath }} + name: certmanager-certs-volume-{{ $i }}-dir {{- end -}} {{- end -}} @@ -194,6 +196,8 @@ spec: {{- range $i, $certificate := $certificates -}} {{- $name := include "common.fullname" $dot -}} {{- $certificatesSecretName := default (printf "%s-secret-%d" $name $i) $certificate.secretName -}} +- name: certmanager-certs-volume-{{ $i }}-dir + emptyDir: {} - name: certmanager-certs-volume-{{ $i }} projected: sources: @@ -217,3 +221,17 @@ spec: {{- end }} {{- end -}} {{- end -}} + +{{- define "common.certManager.linkVolumeMounts" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.certManagerCertificate .initRoot -}} +{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}} +{{- $certificates := $dot.Values.certificates -}} +{{- $certsLinkCommand := "" -}} + {{- range $i, $certificate := $certificates -}} + {{- $destnationPath := (required "'mountPath' for Certificate is required." $certificate.mountPath) -}} + {{- $sourcePath := (printf "%s/secret-%d/*" $destnationPath $i) -}} + {{- $certsLinkCommand = (printf "ln -s %s %s; %s" $sourcePath $destnationPath $certsLinkCommand) -}} + {{- end -}} +{{ $certsLinkCommand }} +{{- end -}} diff --git a/kubernetes/common/cmpv2Certificate/templates/_certServiceClient.tpl b/kubernetes/common/cmpv2Certificate/templates/_certServiceClient.tpl index 57e6c69b1f..58cc9c7249 100644 --- a/kubernetes/common/cmpv2Certificate/templates/_certServiceClient.tpl +++ b/kubernetes/common/cmpv2Certificate/templates/_certServiceClient.tpl @@ -27,7 +27,9 @@ Full example (other fields are ignored): certificates: - mountPath: /var/custom-certs caName: RA - outputType: JKS + keystore: + outputType: + - jks commonName: common-name dnsNames: - dns-name-1 @@ -65,7 +67,7 @@ There also need to be some includes used in a target component deployment (inden {{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}} {{- range $index, $certificate := $dot.Values.certificates -}} {{/*# General certifiacate attributes #*/}} -{{- $commonName := $certificate.commonName -}} +{{- $commonName := (required "'commonName' for Certificate is required." $certificate.commonName) -}} {{/*# SAN's #*/}} {{- $dnsNames := default (list) $certificate.dnsNames -}} {{- $ipAddresses := default (list) $certificate.ipAddresses -}} @@ -87,7 +89,11 @@ There also need to be some includes used in a target component deployment (inden {{- $orgUnit := $certificate.subject.organizationalUnit -}} {{- end -}} {{- $caName := default $subchartGlobal.platform.certServiceClient.envVariables.caName $certificate.caName -}} -{{- $outputType := default $subchartGlobal.platform.certServiceClient.envVariables.outputType $certificate.outputType -}} +{{- $outputType := $subchartGlobal.platform.certServiceClient.envVariables.outputType -}} +{{- if $certificate.keystore -}} +{{- $outputTypeList := (required "'outputType' in 'keystore' section is required." $certificate.keystore.outputType) -}} +{{- $outputType = mustFirst ($outputTypeList) | upper -}} +{{- end -}} {{- $requestUrl := $subchartGlobal.platform.certServiceClient.envVariables.requestURL -}} {{- $certPath := $subchartGlobal.platform.certServiceClient.envVariables.certPath -}} {{- $requestTimeout := $subchartGlobal.platform.certServiceClient.envVariables.requestTimeout -}} diff --git a/kubernetes/common/common/templates/_service.tpl b/kubernetes/common/common/templates/_service.tpl index dddd63491d..9c3010c209 100644 --- a/kubernetes/common/common/templates/_service.tpl +++ b/kubernetes/common/common/templates/_service.tpl @@ -128,7 +128,7 @@ labels: {{- include "common.labels" (dict "labels" $labels "dot" $dot) | nindent name: {{ $port.name }} {{- end }} {{- if (eq $serviceType "NodePort") }} - nodePort: {{ include "common.nodePortPrefix" (dict "dot" $dot "portNodePortExt" $port.useNodePortExt) }}{{ $port.nodePort }} + nodePort: {{ include "common.nodePortPrefix" (dict "dot" $dot "useNodePortExt" $port.useNodePortExt) }}{{ $port.nodePort }} {{- end }} {{- else }} - port: {{ default $port.port $port.plain_port }} |