aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/sdc/charts
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/sdc/charts')
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml43
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml4
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-be/values.yaml16
3 files changed, 57 insertions, 6 deletions
diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml
index fc1538f87a..26ad05555a 100644
--- a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml
@@ -32,7 +32,7 @@ spec:
release: {{ .Release.Name }}
spec:
initContainers:
- {{- if .Values.global.initJob.enabled }}
+ {{- if .Values.initJob.enabled }}
- name: {{ include "common.name" . }}-job-completion
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
@@ -54,6 +54,7 @@ spec:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- containerPort: {{ .Values.service.internalPort }}
+ - containerPort: {{ .Values.service.internalPort2 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{ if .Values.liveness.enabled }}
@@ -75,12 +76,20 @@ spec:
value: "{{ .Values.config.cassandraHosts }}"
- name: CS_PORT
value: "{{ .Values.config.cassandraClientPort }}"
+ - name: CS_AUTHENTICATE
+ value: "{{ .Values.config.cassandraAuthenticationEnabled }}"
- name: CS_USER
valueFrom:
secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: sdc_user}
- name: CS_PASSWORD
valueFrom:
secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: sdc_password}
+ - name: CS_SSL_ENABLED
+ value: "{{ .Values.config.cassandraSSLEnabled }}"
+ - name: CS_TRUST_STORE_PATH
+ value: "{{ .Values.config.cassandraTrustStorePath }}"
+ - name: CS_TRUST_STORE_PASSWORD
+ value: "{{ .Values.config.cassandraTrustStorePassword }}"
- name: SDC_PROTOCOL
value: "{{ .Values.config.sdcProtocol }}"
- name: SDC_ENDPOINT
@@ -89,5 +98,37 @@ spec:
value: "{{ .Values.config.sdcExternalUser }}"
- name: SDC_PASSWORD
value: "{{ .Values.config.sdcExternalUserPassword }}"
+ - name: SERVER_SSL_ENABLED
+ value: "{{ .Values.config.serverSSLEnabled }}"
+ - name: SERVER_SSL_KEYSTORE_TYPE
+ value: "{{ .Values.config.ser }}"
+ - name: SERVER_SSL_KEYSTORE_PATH
+ value: "{{ .Values.config.serverSSLKeyStorePath }}"
+ - name: SERVER_SSL_KEY_PASSWORD
+ value: "{{ .Values.config.serverSSLKeyPassword }}"
+ volumeMounts:
+ {{ if .Values.config.cassandraSSLEnabled }}
+ - name: {{ include "common.fullname" . }}-cassandra-client-truststore
+ mountPath: /config/cassandra-client-truststore
+ subPath: truststore
+ readOnly: true
+ {{- end }}
+ {{ if .Values.config.serverSSLEnabled }}
+ - name: {{ include "common.fullname" . }}-server-https-keystore
+ mountPath: /config/server-https-keystore
+ subPath: keystore
+ readOnly: true
+ {{- end }}
+ volumes:
+ {{ if .Values.config.cassandraSSLEnabled }}
+ - name: {{ include "common.fullname" . }}-cassandra-client-truststore
+ hostPath:
+ path: /config/cassandra-client-truststore
+ {{- end }}
+ {{ if .Values.config.serverSSLEnabled }}
+ - name: {{ include "common.fullname" . }}-server-https-keystore
+ hostPath:
+ path: /config/server-https-keystore
+ {{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml b/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml
index 98de4760bf..38f526d215 100644
--- a/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml
@@ -13,7 +13,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ if .Values.global.initJob.enabled }}
+{{ if .Values.initJob.enabled }}
apiVersion: batch/v1
kind: Job
metadata:
@@ -58,7 +58,7 @@ spec:
- name: CS_PORT
value: "{{ .Values.config.cassandraThriftClientPort }}"
- name: CS_AUTHENTICATE
- value: "{{ .Values.config.cassandaAuthenticationEnabled }}"
+ value: "{{ .Values.config.cassandraAuthenticationEnabled }}"
- name: CS_USER
valueFrom:
secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: sdc_user}
diff --git a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
index 9d1fbe65cb..ed8833a9e5 100644
--- a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
@@ -22,8 +22,6 @@ global:
readinessImage: readiness-check:2.0.0
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
- initJob:
- enabled: true
#################################################################
# Application configuration defaults.
@@ -37,9 +35,12 @@ pullPolicy: Always
# flag to enable debugging - application support required
debugEnabled: false
+initJob:
+ enabled: true
+
config:
javaOptions: "-Xdebug -agentlib:jdwp=transport=dt_socket,address=7001,server=y,suspend=n -Xmx1536m -Xms1536m"
- cassandaAuthenticationEnabled: true
+ cassandraAuthenticationEnabled: true
cassandraHosts: sdc-cs
cassandraThriftClientPort: 9160
cassandraClientPort: 9042
@@ -47,6 +48,13 @@ config:
sdcEndpoint: sdc-be:8080
sdcExternalUser: workflow
sdcExternalUserPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+ serverSSLEnabled: false
+ serverSSLKeyStoreType: jks
+ serverSSLKeyStorePath: /config/server-https-keystore/keystore
+ serverSSLKeyPassword: password
+ cassandraSSLEnabled: false
+ cassandraTrustStorePath: /config/cassandra-client-truststore/truststore
+ cassandraTrustStorePassword: password
# default number of instances
replicaCount: 1
@@ -71,6 +79,8 @@ service:
type: NodePort
internalPort: 8080
externalPort: 8080
+ internalPort2: 8443
+ externalPort2: 8443
portName: sdc-wfd-be
nodePort: "57"