[SDC] Service Mesh Compliance for SDC
Adding basic requirements for Service Mesh Compliance within SDC.
Change-Id: Ib9104ef2e8b6daf0b9b529288cee158b297ce9e4
Issue-ID: OOM-2253
Signed-off-by: rope252 <gareth.roper@est.tech>
Signed-off-by: othman touijer <othman.touijer@soprasteria.com>
diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/_helper.tpl b/kubernetes/sdc/components/sdc-wfd-be/templates/_helper.tpl
deleted file mode 100644
index 298a2cd..0000000
--- a/kubernetes/sdc/components/sdc-wfd-be/templates/_helper.tpl
+++ /dev/null
@@ -1 +0,0 @@
-{{- define "wfd-be.internalPort" }}{{ if .Values.config.serverSSLEnabled }}{{ .Values.service.internalPort2 }}{{ else }}{{ .Values.service.internalPort }}{{ end }}{{- end }}
diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml
index 1cfcad4..a187e19 100644
--- a/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml
@@ -79,13 +79,13 @@
./startup.sh
{{- end }}
ports:
- - containerPort: {{ template "wfd-be.internalPort" . }}
+ - containerPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{ if .Values.liveness.enabled }}
livenessProbe:
tcpSocket:
- port: {{ template "wfd-be.internalPort" . }}
+ port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
successThreshold: {{ .Values.liveness.successThreshold }}
@@ -93,14 +93,14 @@
{{ end }}
readinessProbe:
tcpSocket:
- port: {{ template "wfd-be.internalPort" . }}
+ port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
successThreshold: {{ .Values.readiness.successThreshold }}
failureThreshold: {{ .Values.readiness.failureThreshold }}
startupProbe:
tcpSocket:
- port: {{ template "wfd-be.internalPort" . }}
+ port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }}
periodSeconds: {{ .Values.startup.periodSeconds }}
successThreshold: {{ .Values.startup.successThreshold }}
@@ -128,20 +128,25 @@
valueFrom:
secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: cs_truststore_password}
- name: SDC_PROTOCOL
- value: "{{ .Values.config.sdcProtocol }}"
+ value: "{{ (eq "true" (include "common.needTLS" .)) | ternary "HTTPS" "HTTP" }}"
- name: SDC_ENDPOINT
- value: "{{ .Values.config.sdcEndpoint }}"
+ value: "{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.sdcEndpoint.https .Values.config.sdcEndpoint.http }}"
- name: SDC_USER
value: "{{ .Values.config.sdcExternalUser }}"
- name: SDC_PASSWORD
valueFrom:
secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: wf_external_user_password}
+ {{- if (include "common.needTLS" .) }}
- name: SERVER_SSL_ENABLED
- value: "{{ .Values.config.serverSSLEnabled }}"
+ value: "true"
- name: SERVER_SSL_KEYSTORE_TYPE
value: "{{ .Values.config.serverSSLKeyStoreType }}"
- name: SERVER_SSL_TRUSTSTORE_TYPE
value: "{{ .Values.config.serverSSLTrustStoreType }}"
+ {{- else }}
+ - name: SERVER_SSL_ENABLED
+ value: "false"
+ {{- end }}
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
resources: {{ include "common.resources" . | nindent 12 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml
index 8f87c68..171442d 100644
--- a/kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml
@@ -1 +1 @@
-{{ include "common.ingress" . }}
+{{include "common.ingress" .}}
diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml
index da3df90..2e5826d 100644
--- a/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml
@@ -60,23 +60,31 @@
cpu: 3m
memory: 20Mi
containers:
- - name: {{ include "common.name" . }}-job
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.configInitImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
+ - name: {{ include "common.name" . }}-job
+ image:
+ {{ include "repositoryGenerator.repository" . }}/{{ .Values.configInitImage }}
+ imagePullPolicy:
+ {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if include "common.onServiceMesh" . }}
+ args:
+ - echo "waiting 10s for istio side cars to be up"; sleep 10s; /start.sh
+ command:
+ - /bin/sh
+ - -c
+ {{- end }}
+ env:
- name: CS_HOST
value: "{{ .Values.global.sdc_cassandra.serviceName }}"
- name: CS_PORT
- value: "{{ .Values.config.cassandraClientPort }}"
+ value: {{ .Values.config.cassandraClientPort | quote }}
- name: CS_AUTHENTICATE
- value: "{{ .Values.config.cassandraAuthenticationEnabled }}"
+ value: {{ .Values.config.cassandraAuthenticationEnabled | quote }}
- name: CS_USER
- valueFrom:
- secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_user}
+ valueFrom: {secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_user}}
- name: CS_PASSWORD
- valueFrom:
- secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_password}
- resources: {{ include "common.resources" . | nindent 12 }}
+ valueFrom: {secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_password}}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{ include "common.waitForJobContainer" . | indent 6 | trim }}
imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
{{ end }}
diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml
index 2af5e2b..2f4129b 100644
--- a/kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml
@@ -30,13 +30,13 @@
type: {{ .Values.service.type }}
ports:
{{if eq .Values.service.type "NodePort" -}}
- - port: {{ template "wfd-be.internalPort" . }}
+ - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- else -}}
- - port: {{ if .Values.config.serverSslEnabled }}{{ .Values.service.externalPort2 }}{{ else }}{{ .Values.service.externalPort }}{{ end }}
- targetPort: {{ template "wfd-be.internalPort" . }}
- name: {{ .Values.service.portName }}
+ - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.externalPort2 .Values.service.externalPort }}
+ targetPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- end}}
selector:
app: {{ include "common.name" . }}