From 736bf37d0369fd88154f228efa4d94dd37156486 Mon Sep 17 00:00:00 2001 From: amatthews Date: Tue, 14 Dec 2021 16:04:15 +0000 Subject: [POLICY] Service Mesh Compliance for Policy Updating the basic requirements for Service Mesh Compliance within Policy. Changing the DB jobs and updating the configuration files to use HTTP Issue-ID: OOM-2253 Change-Id: If1aed68f0ed2f00d6a5cf06e5f95837f9405f65b Signed-off-by: amatthews Signed-off-by: jhh --- .../components/policy-gui/templates/configmap.yaml | 4 +- .../policy-gui/templates/deployment.yaml | 47 +++++++++++++++++++--- .../components/policy-gui/templates/service.yaml | 4 +- 3 files changed, 46 insertions(+), 9 deletions(-) (limited to 'kubernetes/policy/components/policy-gui/templates') diff --git a/kubernetes/policy/components/policy-gui/templates/configmap.yaml b/kubernetes/policy/components/policy-gui/templates/configmap.yaml index 4f600882e9..9426b0f54f 100644 --- a/kubernetes/policy/components/policy-gui/templates/configmap.yaml +++ b/kubernetes/policy/components/policy-gui/templates/configmap.yaml @@ -21,7 +21,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }} + name: {{ include "common.fullname" . }}-configmap namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} @@ -29,6 +29,6 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/*.{xml,yaml,yml}").AsConfig . | indent 2 }} {{ include "common.log.configMap" . }} diff --git a/kubernetes/policy/components/policy-gui/templates/deployment.yaml b/kubernetes/policy/components/policy-gui/templates/deployment.yaml index a155715580..5a43fc71b0 100644 --- a/kubernetes/policy/components/policy-gui/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-gui/templates/deployment.yaml @@ -40,11 +40,35 @@ spec: release: {{ include "common.release" . }} spec: initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: KEYSTORE + value: {{ .Values.certStores.keystoreLocation }} + - name: KEYSTORE_PASSWD + value: {{ .Values.certStores.keyStorePassword }} + - name: TRUSTSTORE + value: {{ .Values.certStores.truststoreLocation }} + - name: TRUSTSTORE_PASSWD + value: {{ .Values.certStores.trustStorePassword }} + - name: POLICY_LOGS + value: {{ .Values.log.path }} + volumeMounts: + - mountPath: /config-input + name: policy-gui-config + - mountPath: /config + name: policy-gui-config-processed + image: {{ include "repositoryGenerator.image.envsubst" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config - command: - /app/ready.py args: - --container-name - - policy-clamp-be + - policy-clamp-runtime-acm env: - name: NAMESPACE valueFrom: @@ -62,20 +86,20 @@ spec: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} -{{- if .Values.global.aafEnabled }} +{{- if not (include "common.onServiceMesh" .) }} command: ["sh","-c"] args: ["source {{ .Values.certInitializer.credsPath }}/.ci;/opt/app/policy/gui/bin/policy-gui.sh"] env: -{{- else }} +{{ else }} command: ["/opt/app/policy/gui/bin/policy-gui.sh"] env: - name: KEYSTORE_PASSWD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} - name: TRUSTSTORE_PASSWD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} -{{- end }} +{{ end }} - name: CLAMP_URL - value: https://policy-clamp-be:8443 + value: http://policy-clamp-runtime-acm:6969 ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -95,6 +119,12 @@ spec: volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - name: logs mountPath: {{ .Values.log.path }} + - mountPath: /opt/app/policy/gui/etc/application.yml + name: policy-gui-config-processed + subPath: application.yml + - mountPath: /opt/app/policy/gui/etc/logback.xml + name: policy-gui-config-processed + subPath: logback.xml resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -113,5 +143,12 @@ spec: - name: logs emptyDir: {} {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }} + - name: policy-gui-config + configMap: + name: {{ include "common.fullname" . }}-configmap + defaultMode: 0755 + - name: policy-gui-config-processed + emptyDir: + medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/components/policy-gui/templates/service.yaml b/kubernetes/policy/components/policy-gui/templates/service.yaml index 44e66b8680..827e93a4f2 100644 --- a/kubernetes/policy/components/policy-gui/templates/service.yaml +++ b/kubernetes/policy/components/policy-gui/templates/service.yaml @@ -34,11 +34,11 @@ spec: {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} {{- else -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} {{- end}} selector: app: {{ include "common.name" . }} -- cgit 1.2.3-korg