[SDC] Service Mesh Compliance for SDC
Adding basic requirements for Service Mesh Compliance within SDC.
Change-Id: Ib9104ef2e8b6daf0b9b529288cee158b297ce9e4
Issue-ID: OOM-2253
Signed-off-by: rope252 <gareth.roper@est.tech>
Signed-off-by: othman touijer <othman.touijer@soprasteria.com>
diff --git a/kubernetes/sdc/components/sdc-wfd-fe/templates/_helper.tpl b/kubernetes/sdc/components/sdc-wfd-fe/templates/_helper.tpl
deleted file mode 100644
index 546bab7..0000000
--- a/kubernetes/sdc/components/sdc-wfd-fe/templates/_helper.tpl
+++ /dev/null
@@ -1 +0,0 @@
-{{- define "wfd-fe.internalPort" }}{{ if .Values.config.isHttpsEnabled }}{{ .Values.service.internalPort2 }}{{ else }}{{ .Values.service.internalPort }}{{ end }}{{- end }}
diff --git a/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml
index b703e66..d573090 100644
--- a/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml
@@ -98,11 +98,11 @@
./startup.sh
{{- end }}
ports:
- - containerPort: {{ template "wfd-fe.internalPort" . }}
+ - containerPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
{{ if .Values.liveness.enabled }}
livenessProbe:
tcpSocket:
- port: {{ template "wfd-fe.internalPort" . }}
+ port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
successThreshold: {{ .Values.liveness.successThreshold }}
@@ -110,14 +110,14 @@
{{ end }}
readinessProbe:
tcpSocket:
- port: {{ template "wfd-fe.internalPort" . }}
+ port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
successThreshold: {{ .Values.readiness.successThreshold }}
failureThreshold: {{ .Values.readiness.failureThreshold }}
startupProbe:
tcpSocket:
- port: {{ template "wfd-fe.internalPort" . }}
+ port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }}
periodSeconds: {{ .Values.startup.periodSeconds }}
successThreshold: {{ .Values.startup.successThreshold }}
@@ -128,13 +128,13 @@
- name: JAVA_OPTIONS
value: {{ .Values.config.javaOptions }}
- name: BACKEND
- value: {{ .Values.config.backendServerURL }}
+ value: "{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.backendServerURL.https .Values.config.backendServerURL.http }}"
- name: IS_HTTPS
- value: "{{ .Values.config.isHttpsEnabled}}"
- {{ if and .Values.config.isHttpsEnabled (eq .Values.security.isDefaultStore false) }}
+ value: "{{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}"
+ {{- if and (include "common.needTLS" .) (eq .Values.security.isDefaultStore false) }}
- name: TRUST_ALL
value: "{{ .Values.config.isTrustAll}}"
- {{ end }}
+ {{- end }}
volumeMounts:
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
diff --git a/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml
index bc838ac..08feb5a 100644
--- a/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml
@@ -31,7 +31,7 @@
"version": "v1",
"url": "/",
"protocol": "UI",
- "port": "{{ .Values.service.internalPort2 }}",
+ "port": "{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}",
"visualRange":"0|1"
}
]'
@@ -39,13 +39,13 @@
type: {{ .Values.service.type }}
ports:
{{if eq .Values.service.type "NodePort" -}}
- - port: {{ template "wfd-fe.internalPort" . }}
+ - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- else -}}
- - port: {{ if .Values.config.isHttpsEnabled }}{{ .Values.service.externalPort2 }}{{ else }}{{ .Values.service.externalPort }}{{ end }}
- targetPort: {{ template "wfd-fe.internalPort" . }}
- name: {{ .Values.service.portName }}
+ - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.externalPort2 .Values.service.externalPort }}
+ targetPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
{{- end}}
selector:
app: {{ include "common.name" . }}
diff --git a/kubernetes/sdc/components/sdc-wfd-fe/values.yaml b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml
index b3e3b39..c7e680a 100644
--- a/kubernetes/sdc/components/sdc-wfd-fe/values.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml
@@ -55,8 +55,9 @@
config:
javaOptions: "-Xmx256m -Xms256m"
- backendServerURL: "https://sdc-wfd-be:8443"
- isHttpsEnabled: true
+ backendServerURL:
+ https: "https://sdc-wfd-be:8443"
+ http: "http://sdc-wfd-be:8080"
# following flag decides whether to check the certificate on the outgoing proxy request or whether to trust all parties
isTrustAll: true
# https relevant settings. Change in case you have other trust files then default ones.