diff options
Diffstat (limited to 'kubernetes/sdc')
9 files changed, 131 insertions, 2 deletions
diff --git a/kubernetes/sdc/charts/sdc-dcae-be/templates/configmap.yaml b/kubernetes/sdc/charts/sdc-dcae-be/templates/configmap.yaml index 1d0751a01b..5c922783a4 100644 --- a/kubernetes/sdc/charts/sdc-dcae-be/templates/configmap.yaml +++ b/kubernetes/sdc/charts/sdc-dcae-be/templates/configmap.yaml @@ -17,5 +17,10 @@ kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-logging-configmap namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/templates/configmap.yaml b/kubernetes/sdc/charts/sdc-dcae-dt/templates/configmap.yaml index 144bdb719f..a96f3c8902 100644 --- a/kubernetes/sdc/charts/sdc-dcae-dt/templates/configmap.yaml +++ b/kubernetes/sdc/charts/sdc-dcae-dt/templates/configmap.yaml @@ -17,5 +17,10 @@ kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-logging-configmap namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }} diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/templates/configmap.yaml b/kubernetes/sdc/charts/sdc-dcae-fe/templates/configmap.yaml index 144bdb719f..a96f3c8902 100644 --- a/kubernetes/sdc/charts/sdc-dcae-fe/templates/configmap.yaml +++ b/kubernetes/sdc/charts/sdc-dcae-fe/templates/configmap.yaml @@ -17,5 +17,10 @@ kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-logging-configmap namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }} diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/_helper.tpl b/kubernetes/sdc/charts/sdc-wfd-be/templates/_helper.tpl new file mode 100644 index 0000000000..c69fb7c81c --- /dev/null +++ b/kubernetes/sdc/charts/sdc-wfd-be/templates/_helper.tpl @@ -0,0 +1,29 @@ +{{- define "sdc-wfd-be.volumes" }} + {{ if .Values.config.cassandraSSLEnabled }} + - name: {{ include "common.fullname" . }}-cassandra-client-truststore + hostPath: + path: /etc/cassandra-client-truststore/truststore + type: File + {{- end }} + {{ if .Values.config.serverSSLEnabled }} + - name: {{ include "common.fullname" . }}-server-https-keystore + hostPath: + path: /config/server-https-keystore/keystore + type: File + {{- end }} +{{- end }} + +{{- define "sdc-wfd-be.volumeMounts" }} + {{ if .Values.config.cassandraSSLEnabled }} + - name: {{ include "common.fullname" . }}-cassandra-client-truststore + mountPath: /etc/cassandra-client-truststore/truststore + subPath: truststore + readOnly: true + {{- end }} + {{ if .Values.config.serverSSLEnabled }} + - name: {{ include "common.fullname" . }}-server-https-keystore + mountPath: /etc/server-https-keystore/keystore + subPath: keystore + readOnly: true + {{- end }} +{{- end }}
\ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml index 50062a1b9b..bb96d342f7 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml @@ -32,6 +32,7 @@ spec: release: {{ .Release.Name }} spec: initContainers: + {{- if .Values.initJob.enabled }} - name: {{ include "common.name" . }}-job-completion image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}" @@ -46,12 +47,14 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + {{ end }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} + - containerPort: {{ .Values.service.internalPort2 }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{ if .Values.liveness.enabled }} @@ -73,12 +76,20 @@ spec: value: "{{ .Values.config.cassandraHosts }}" - name: CS_PORT value: "{{ .Values.config.cassandraClientPort }}" + - name: CS_AUTHENTICATE + value: "{{ .Values.config.cassandraAuthenticationEnabled }}" - name: CS_USER valueFrom: secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: sdc_user} - name: CS_PASSWORD valueFrom: secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: sdc_password} + - name: CS_SSL_ENABLED + value: "{{ .Values.config.cassandraSSLEnabled }}" + - name: CS_TRUST_STORE_PATH + value: "{{ .Values.config.cassandraTrustStorePath }}" + - name: CS_TRUST_STORE_PASSWORD + value: "{{ .Values.config.cassandraTrustStorePassword }}" - name: SDC_PROTOCOL value: "{{ .Values.config.sdcProtocol }}" - name: SDC_ENDPOINT @@ -87,5 +98,17 @@ spec: value: "{{ .Values.config.sdcExternalUser }}" - name: SDC_PASSWORD value: "{{ .Values.config.sdcExternalUserPassword }}" + - name: SERVER_SSL_ENABLED + value: "{{ .Values.config.serverSSLEnabled }}" + - name: SERVER_SSL_KEYSTORE_TYPE + value: "{{ .Values.config.serverSSLKeyStoreType }}" + - name: SERVER_SSL_KEYSTORE_PATH + value: "{{ .Values.config.serverSSLKeyStorePath }}" + - name: SERVER_SSL_KEY_PASSWORD + value: "{{ .Values.config.serverSSLKeyPassword }}" + volumeMounts: + {{- template "sdc-wfd-be.volumeMounts" . }} + volumes: + {{- template "sdc-wfd-be.volumes" . }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml b/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml index 2b142533c7..38f526d215 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml @@ -13,6 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. +{{ if .Values.initJob.enabled }} apiVersion: batch/v1 kind: Job metadata: @@ -57,7 +58,7 @@ spec: - name: CS_PORT value: "{{ .Values.config.cassandraThriftClientPort }}" - name: CS_AUTHENTICATE - value: "{{ .Values.config.cassandaAuthenticationEnabled }}" + value: "{{ .Values.config.cassandraAuthenticationEnabled }}" - name: CS_USER valueFrom: secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: sdc_user} @@ -66,3 +67,4 @@ spec: secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: sdc_password} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" +{{ end }}
\ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml index 1e0ea51764..63554369ed 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml @@ -35,9 +35,12 @@ pullPolicy: Always # flag to enable debugging - application support required debugEnabled: false +initJob: + enabled: true + config: javaOptions: "-Xdebug -agentlib:jdwp=transport=dt_socket,address=7001,server=y,suspend=n -Xmx1536m -Xms1536m" - cassandaAuthenticationEnabled: true + cassandraAuthenticationEnabled: true cassandraHosts: sdc-cs cassandraThriftClientPort: 9160 cassandraClientPort: 9042 @@ -45,6 +48,13 @@ config: sdcEndpoint: sdc-be:8080 sdcExternalUser: workflow sdcExternalUserPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + serverSSLEnabled: false + serverSSLKeyStoreType: jks + serverSSLKeyStorePath: /etc/server-https-keystore/keystore + serverSSLKeyPassword: password + cassandraSSLEnabled: false + cassandraTrustStorePath: /etc/cassandra-client-truststore/truststore + cassandraTrustStorePassword: password # default number of instances replicaCount: 1 @@ -69,6 +79,8 @@ service: type: NodePort internalPort: 8080 externalPort: 8080 + internalPort2: 8443 + externalPort2: 8443 portName: sdc-wfd-be nodePort: "57" diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/ingress.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/templates/ingress.yaml new file mode 100644 index 0000000000..d051eafead --- /dev/null +++ b/kubernetes/sdc/charts/sdc-wfd-fe/templates/ingress.yaml @@ -0,0 +1,39 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.ingress.enabled }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ include "common.fullname" . }}-ingress + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- with .Values.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + rules: + - http: + paths: + - path: /workflows/ + backend: + serviceName: {{.Values.service.name}} + servicePort: {{.Values.service.internalPort}} +{{ end }} + diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml index 8c002af181..d9b4dee17e 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml @@ -65,6 +65,15 @@ service: ingress: enabled: false + annotations: + ingress.kubernetes.io/secure-backends: "false" + nginx.ingress.kubernetes.io/secure-backends: "false" + nginx.ingress.kubernetes.io/proxy-body-size: "0" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + nginx.ingress.kubernetes.io/rewrite-target: /workflows/ + nginx.ingress.kubernetes.io/server-snippet: | + underscores_in_headers on; resources: {} # We usually recommend not to specify default resources and to leave this as a conscious |