Diff - 88b2f92e51dc29461e0ebe443a24b9e5d99b11be^! - onap/oom

commit	88b2f92e51dc29461e0ebe443a24b9e5d99b11be	[log] [tgz]
author	Sylvain Desbureaux <sylvain.desbureaux@orange.com>	Wed Mar 04 11:31:11 2020 +0100
committer	Sylvain Desbureaux <sylvain.desbureaux@orange.com>	Fri Mar 06 09:04:31 2020 +0100
tree	ba7b43fa3056c09b4fb32a79ba7fc26f2d2f48c6
parent	ff1c5075c21a7fe77e9be438eb1831c5dbcb552f [diff] [blame]

[COMMON] Handle TLS/Non-TLS for Service

Current service and headlessService templates doesn't handle the fact
that out of cluster ports must be TLS encrypted only.
With a new (backward compatible) DSL, this is now possible.

In values.yaml, all ports in service part with port AND plain_port will
have the ability to be HTTP or HTTPS depending on the context.

Per default, they'll be HTTPS.

TLS choice will be done according this table:

| tlsOverride | global.tlsEnabled | global.serviceMesh.enabled | global.serviceMesh.tls | result |
|-------------|-------------------|----------------------------|------------------------|--------|
| not present | not present       | not present                | any                    | true   |
| not present | not present       | false                      | any                    | true   |
| not present | not present       | true                       | false                  | true   |
| not present | not present       | true                       | true                   | false  |
| not present | true              | any                        | any                    | true   |
| not present | false             | any                        | any                    | false  |
| true        | any               | any                        | any                    | true   |
| false       | any               | any                        | any                    | false  |

Service template will create one or two service templates according to this table:

| serviceType   | both_tls_and_plain | result       |
|---------------|--------------------|--------------|
| ClusterIP     | any                | one Service  |
| Not ClusterIP | not present        | one Service  |
| Not ClusterIP | false              | one Service  |
| Not ClusterIP | true               | two Services |

If two services are created, one is ClusterIP with both crypted and plain
ports and the other one is NodePort (or LoadBalancer) with crypted port only.

Issue-ID: OOM-1936
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: If766dd73132022d1a6e578fd36113c461bb91ea5

diff --git a/docs/oom_developer_guide.rst b/docs/oom_developer_guide.rst
index c3fb603..3cced83 100644
--- a/docs/oom_developer_guide.rst
+++ b/docs/oom_developer_guide.rst

@@ -373,6 +373,9 @@
 Ingress, Services, ...) or part of Kubernetes resources (names, labels,
 resources requests and limits, ...).
 
+a full list and simple description is done in
+`kubernetes/common/common/documentation.rst`.
+
 Service template
 ----------------