summaryrefslogtreecommitdiffstats
path: root/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/dcaegen2/charts/dcae-config-binding-service/templates')
-rw-r--r--kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/deployment.yaml94
-rw-r--r--kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/service.yaml31
2 files changed, 112 insertions, 13 deletions
diff --git a/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/deployment.yaml b/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/deployment.yaml
index a968204575..5496aee2cb 100644
--- a/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/deployment.yaml
@@ -50,36 +50,68 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ {{- if .Values.service.secure.enabled }}
+ - name: init-tls
+ env:
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: status.podIP
+ image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ resources: {}
+ volumeMounts:
+ - mountPath: /opt/tls/shared
+ name: tls-info
+ {{ end }}
containers:
+ {{- if .Values.service.secure.enabled }}
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources:
{{ include "common.resources" . | indent 12 }}
ports:
- - containerPort: {{ .Values.service.internalPort }}
+ - containerPort: {{ .Values.service.secure.internalPort }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort }}
+ port: {{ .Values.service.secure.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
httpGet:
+ scheme: "HTTPS"
path: {{ .Values.readiness.path }}
- port: {{ .Values.service.internalPort }}
+ port: {{ .Values.service.secure.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
- name: {{ include "common.fullname" . }}-logs
mountPath: /opt/logs
+ - name: tls-info
+ mountPath: /opt/tls
env:
- name: CONSUL_HOST
value: consul.{{ include "common.namespace" . }}
-
+ - name: USE_HTTPS
+ value: "1"
+ - name: HTTPS_CERT_PATH
+ value: "/opt/tls/cert.pem"
+ - name: HTTPS_KEY_PATH
+ value: "/opt/tls/key.pem"
+ - name: TRUST_STORE_PATH
+ value: "/opt/app/prh/etc/cert/trust.jks"
+ - name: TRUST_STORE_PASS_PATH
+ value: "/opt/app/prh/etc/cert/trust.pass"
+ - name: KEY_STORE_PATH
+ value: "/opt/app/prh/etc/cert/key.p12"
+ - name: KEY_STORE_PASS_PATH
+ value: "/opt/app/prh/etc/cert/key.pass"
- name: {{ include "common.name" . }}-filebeat-onap
image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
@@ -91,13 +123,67 @@ spec:
mountPath: /usr/share/filebeat/data
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
+ {{ end }}
+ {{- if .Values.service.insecure.enabled }}
+ - name: {{ include "common.name" . }}-insecure
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ ports:
+ - containerPort: {{ .Values.service.insecure.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.insecure.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ httpGet:
+ scheme: "HTTP"
+ path: {{ .Values.readiness.path }}
+ port: {{ .Values.service.insecure.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-logs-insecure
+ mountPath: /opt/logs
+ env:
+ - name: CONSUL_HOST
+ value: consul.{{ include "common.namespace" . }}
+ - name: {{ include "common.name" . }}-filebeat-onap-insecure
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat-insecure
+ mountPath: /usr/share/filebeat/data
+ - name: {{ include "common.fullname" . }}-logs-insecure
+ mountPath: /var/log/onap
+ {{ end }}
volumes:
- name: {{ include "common.fullname" . }}-filebeat-conf
configMap:
name: {{ .Release.Name }}-cbs-filebeat-configmap
+ {{- if .Values.service.secure.enabled }}
- name: {{ include "common.fullname" . }}-data-filebeat
emptyDir: {}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
+ - name: tls-info
+ emptyDir: {}
+ {{ end }}
+ {{- if .Values.service.insecure.enabled }}
+ - name: {{ include "common.fullname" . }}-data-filebeat-insecure
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs-insecure
+ emptyDir: {}
+ {{ end }}
+
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/service.yaml b/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/service.yaml
index 794b896eef..8176e77c1e 100644
--- a/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/service.yaml
+++ b/kubernetes/dcaegen2/charts/dcae-config-binding-service/templates/service.yaml
@@ -28,16 +28,29 @@ metadata:
spec:
type: {{ .Values.service.type }}
ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefixExt| default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.name }}
+ {{ if eq .Values.service.type "NodePort" -}}
+ {{ if .Values.service.insecure.enabled -}}
+ - port: {{ .Values.service.insecure.externalPort }}
+ nodePort: {{ .Values.global.nodePortPrefixExt| default .Values.nodePortPrefixExt }}{{ .Values.service.insecure.nodePort }}
+ name: {{ .Values.service.name }}-insecure
+ {{- end }}
+ {{ if .Values.service.secure.enabled -}}
+ - port: {{ .Values.service.secure.externalPort }}
+ nodePort: {{ .Values.global.nodePortPrefixExt| default .Values.nodePortPrefixExt }}{{ .Values.service.secure.nodePort }}
+ name: {{ .Values.service.name }}-secure
+ {{- end }}
{{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- {{- end}}
+ {{ if .Values.service.insecure.enabled -}}
+ - port: {{ .Values.service.insecure.externalPort }}
+ targetPort: {{ .Values.service.insecure.internalPort }}
+ name: {{ .Values.service.name }}-insecure
+ {{- end }}
+ {{ if .Values.service.secure.enabled -}}
+ - port: {{ .Values.service.secure.externalPort }}
+ targetPort: {{ .Values.service.secure.internalPort }}
+ name: {{ .Values.service.name }}-secure
+ {{- end }}
+ {{- end }}
selector:
app: {{ include "common.name" . }}
release: {{ .Release.Name }}
-