summaryrefslogtreecommitdiffstats
path: root/kubernetes/sdc
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/sdc')
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-be/templates/_helper.tpl29
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml21
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml2
-rw-r--r--kubernetes/sdc/charts/sdc-wfd-be/values.yaml11
4 files changed, 61 insertions, 2 deletions
diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/_helper.tpl b/kubernetes/sdc/charts/sdc-wfd-be/templates/_helper.tpl
new file mode 100644
index 0000000000..c69fb7c81c
--- /dev/null
+++ b/kubernetes/sdc/charts/sdc-wfd-be/templates/_helper.tpl
@@ -0,0 +1,29 @@
+{{- define "sdc-wfd-be.volumes" }}
+ {{ if .Values.config.cassandraSSLEnabled }}
+ - name: {{ include "common.fullname" . }}-cassandra-client-truststore
+ hostPath:
+ path: /etc/cassandra-client-truststore/truststore
+ type: File
+ {{- end }}
+ {{ if .Values.config.serverSSLEnabled }}
+ - name: {{ include "common.fullname" . }}-server-https-keystore
+ hostPath:
+ path: /config/server-https-keystore/keystore
+ type: File
+ {{- end }}
+{{- end }}
+
+{{- define "sdc-wfd-be.volumeMounts" }}
+ {{ if .Values.config.cassandraSSLEnabled }}
+ - name: {{ include "common.fullname" . }}-cassandra-client-truststore
+ mountPath: /etc/cassandra-client-truststore/truststore
+ subPath: truststore
+ readOnly: true
+ {{- end }}
+ {{ if .Values.config.serverSSLEnabled }}
+ - name: {{ include "common.fullname" . }}-server-https-keystore
+ mountPath: /etc/server-https-keystore/keystore
+ subPath: keystore
+ readOnly: true
+ {{- end }}
+{{- end }} \ No newline at end of file
diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml
index 84285c4a29..bb96d342f7 100644
--- a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml
@@ -54,6 +54,7 @@ spec:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- containerPort: {{ .Values.service.internalPort }}
+ - containerPort: {{ .Values.service.internalPort2 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{ if .Values.liveness.enabled }}
@@ -75,12 +76,20 @@ spec:
value: "{{ .Values.config.cassandraHosts }}"
- name: CS_PORT
value: "{{ .Values.config.cassandraClientPort }}"
+ - name: CS_AUTHENTICATE
+ value: "{{ .Values.config.cassandraAuthenticationEnabled }}"
- name: CS_USER
valueFrom:
secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: sdc_user}
- name: CS_PASSWORD
valueFrom:
secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: sdc_password}
+ - name: CS_SSL_ENABLED
+ value: "{{ .Values.config.cassandraSSLEnabled }}"
+ - name: CS_TRUST_STORE_PATH
+ value: "{{ .Values.config.cassandraTrustStorePath }}"
+ - name: CS_TRUST_STORE_PASSWORD
+ value: "{{ .Values.config.cassandraTrustStorePassword }}"
- name: SDC_PROTOCOL
value: "{{ .Values.config.sdcProtocol }}"
- name: SDC_ENDPOINT
@@ -89,5 +98,17 @@ spec:
value: "{{ .Values.config.sdcExternalUser }}"
- name: SDC_PASSWORD
value: "{{ .Values.config.sdcExternalUserPassword }}"
+ - name: SERVER_SSL_ENABLED
+ value: "{{ .Values.config.serverSSLEnabled }}"
+ - name: SERVER_SSL_KEYSTORE_TYPE
+ value: "{{ .Values.config.serverSSLKeyStoreType }}"
+ - name: SERVER_SSL_KEYSTORE_PATH
+ value: "{{ .Values.config.serverSSLKeyStorePath }}"
+ - name: SERVER_SSL_KEY_PASSWORD
+ value: "{{ .Values.config.serverSSLKeyPassword }}"
+ volumeMounts:
+ {{- template "sdc-wfd-be.volumeMounts" . }}
+ volumes:
+ {{- template "sdc-wfd-be.volumes" . }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml b/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml
index 2cfdacbe87..38f526d215 100644
--- a/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml
@@ -58,7 +58,7 @@ spec:
- name: CS_PORT
value: "{{ .Values.config.cassandraThriftClientPort }}"
- name: CS_AUTHENTICATE
- value: "{{ .Values.config.cassandaAuthenticationEnabled }}"
+ value: "{{ .Values.config.cassandraAuthenticationEnabled }}"
- name: CS_USER
valueFrom:
secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: sdc_user}
diff --git a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
index 8f41fbd669..63554369ed 100644
--- a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
@@ -40,7 +40,7 @@ initJob:
config:
javaOptions: "-Xdebug -agentlib:jdwp=transport=dt_socket,address=7001,server=y,suspend=n -Xmx1536m -Xms1536m"
- cassandaAuthenticationEnabled: true
+ cassandraAuthenticationEnabled: true
cassandraHosts: sdc-cs
cassandraThriftClientPort: 9160
cassandraClientPort: 9042
@@ -48,6 +48,13 @@ config:
sdcEndpoint: sdc-be:8080
sdcExternalUser: workflow
sdcExternalUserPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+ serverSSLEnabled: false
+ serverSSLKeyStoreType: jks
+ serverSSLKeyStorePath: /etc/server-https-keystore/keystore
+ serverSSLKeyPassword: password
+ cassandraSSLEnabled: false
+ cassandraTrustStorePath: /etc/cassandra-client-truststore/truststore
+ cassandraTrustStorePassword: password
# default number of instances
replicaCount: 1
@@ -72,6 +79,8 @@ service:
type: NodePort
internalPort: 8080
externalPort: 8080
+ internalPort2: 8443
+ externalPort2: 8443
portName: sdc-wfd-be
nodePort: "57"