diff options
Diffstat (limited to 'kubernetes/dcaegen2/charts/dcae-config-binding-service/templates')
-rw-r--r-- | kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/deployment.yaml | 94 | ||||
-rw-r--r-- | kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/service.yaml | 31 |
2 files changed, 112 insertions, 13 deletions
diff --git a/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/deployment.yaml b/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/deployment.yaml index a968204575..5496aee2cb 100644 --- a/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/deployment.yaml +++ b/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/deployment.yaml @@ -50,36 +50,68 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + {{- if .Values.service.secure.enabled }} + - name: init-tls + env: + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: {} + volumeMounts: + - mountPath: /opt/tls/shared + name: tls-info + {{ end }} containers: + {{- if .Values.service.secure.enabled }} - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} resources: {{ include "common.resources" . | indent 12 }} ports: - - containerPort: {{ .Values.service.internalPort }} + - containerPort: {{ .Values.service.secure.internalPort }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: - port: {{ .Values.service.internalPort }} + port: {{ .Values.service.secure.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} readinessProbe: httpGet: + scheme: "HTTPS" path: {{ .Values.readiness.path }} - port: {{ .Values.service.internalPort }} + port: {{ .Values.service.secure.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: - name: {{ include "common.fullname" . }}-logs mountPath: /opt/logs + - name: tls-info + mountPath: /opt/tls env: - name: CONSUL_HOST value: consul.{{ include "common.namespace" . }} - + - name: USE_HTTPS + value: "1" + - name: HTTPS_CERT_PATH + value: "/opt/tls/cert.pem" + - name: HTTPS_KEY_PATH + value: "/opt/tls/key.pem" + - name: TRUST_STORE_PATH + value: "/opt/app/prh/etc/cert/trust.jks" + - name: TRUST_STORE_PASS_PATH + value: "/opt/app/prh/etc/cert/trust.pass" + - name: KEY_STORE_PATH + value: "/opt/app/prh/etc/cert/key.p12" + - name: KEY_STORE_PASS_PATH + value: "/opt/app/prh/etc/cert/key.pass" - name: {{ include "common.name" . }}-filebeat-onap image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -91,13 +123,67 @@ spec: mountPath: /usr/share/filebeat/data - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap + {{ end }} + {{- if .Values.service.insecure.enabled }} + - name: {{ include "common.name" . }}-insecure + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: +{{ include "common.resources" . | indent 12 }} + ports: + - containerPort: {{ .Values.service.insecure.internalPort }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.insecure.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + httpGet: + scheme: "HTTP" + path: {{ .Values.readiness.path }} + port: {{ .Values.service.insecure.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - name: {{ include "common.fullname" . }}-logs-insecure + mountPath: /opt/logs + env: + - name: CONSUL_HOST + value: consul.{{ include "common.namespace" . }} + - name: {{ include "common.name" . }}-filebeat-onap-insecure + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ include "common.fullname" . }}-filebeat-conf + mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + - name: {{ include "common.fullname" . }}-data-filebeat-insecure + mountPath: /usr/share/filebeat/data + - name: {{ include "common.fullname" . }}-logs-insecure + mountPath: /var/log/onap + {{ end }} volumes: - name: {{ include "common.fullname" . }}-filebeat-conf configMap: name: {{ .Release.Name }}-cbs-filebeat-configmap + {{- if .Values.service.secure.enabled }} - name: {{ include "common.fullname" . }}-data-filebeat emptyDir: {} - name: {{ include "common.fullname" . }}-logs emptyDir: {} + - name: tls-info + emptyDir: {} + {{ end }} + {{- if .Values.service.insecure.enabled }} + - name: {{ include "common.fullname" . }}-data-filebeat-insecure + emptyDir: {} + - name: {{ include "common.fullname" . }}-logs-insecure + emptyDir: {} + {{ end }} + imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/service.yaml b/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/service.yaml index 794b896eef..8176e77c1e 100644 --- a/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/service.yaml +++ b/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/service.yaml @@ -28,16 +28,29 @@ metadata: spec: type: {{ .Values.service.type }} ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - nodePort: {{ .Values.global.nodePortPrefixExt| default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort }} - name: {{ .Values.service.name }} + {{ if eq .Values.service.type "NodePort" -}} + {{ if .Values.service.insecure.enabled -}} + - port: {{ .Values.service.insecure.externalPort }} + nodePort: {{ .Values.global.nodePortPrefixExt| default .Values.nodePortPrefixExt }}{{ .Values.service.insecure.nodePort }} + name: {{ .Values.service.name }}-insecure + {{- end }} + {{ if .Values.service.secure.enabled -}} + - port: {{ .Values.service.secure.externalPort }} + nodePort: {{ .Values.global.nodePortPrefixExt| default .Values.nodePortPrefixExt }}{{ .Values.service.secure.nodePort }} + name: {{ .Values.service.name }}-secure + {{- end }} {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.name }} - {{- end}} + {{ if .Values.service.insecure.enabled -}} + - port: {{ .Values.service.insecure.externalPort }} + targetPort: {{ .Values.service.insecure.internalPort }} + name: {{ .Values.service.name }}-insecure + {{- end }} + {{ if .Values.service.secure.enabled -}} + - port: {{ .Values.service.secure.externalPort }} + targetPort: {{ .Values.service.secure.internalPort }} + name: {{ .Values.service.name }}-secure + {{- end }} + {{- end }} selector: app: {{ include "common.name" . }} release: {{ .Release.Name }} - |