commit bd7fbe2babda72ce78049ab7d6b3e7c963cae996
author priyanshu <pagarwal@amdocs.com> Wed Mar 20 12:45:21 2019 +0530
committer priyanshua <pagarwal@amdocs.com> Wed Mar 20 12:45:21 2019 +0530
tree 38b4bad8a0a4b7ad0e2f331d4b7cbd5ae5a82de1
parent bb26706ffcfbbe412a43a2c04a5e127f4a21b5d4

Support HTTPS and SSL Cassandra in workflow

1. Added multiple property mapping parameters.
2. Added some placeholder volume mounts.
3. Refactored few property names.
4. Didn't expose service on HTTPS due to absence of preserved node port.

Change-Id: I55e66b5a1ff8798afa86088428d304f932ac37f8
Issue-ID: OOM-1740
Signed-off-by: priyanshua <pagarwal@amdocs.com>

kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml

diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml
index 84285c4..26ad055 100644
--- a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml
@@ -54,6 +54,7 @@
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
+          - containerPort: {{ .Values.service.internalPort2 }}
           # disable liveness probe when breakpoints set in debugger
           # so K8s doesn't restart unresponsive container
           {{ if .Values.liveness.enabled }}
@@ -75,12 +76,20 @@
             value: "{{ .Values.config.cassandraHosts }}"
           - name: CS_PORT
             value: "{{ .Values.config.cassandraClientPort }}"
+          - name: CS_AUTHENTICATE
+            value: "{{ .Values.config.cassandraAuthenticationEnabled }}"
           - name: CS_USER
             valueFrom:
               secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: sdc_user}
           - name: CS_PASSWORD
             valueFrom:
               secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: sdc_password}
+          - name: CS_SSL_ENABLED
+            value: "{{ .Values.config.cassandraSSLEnabled }}"
+          - name: CS_TRUST_STORE_PATH
+            value: "{{ .Values.config.cassandraTrustStorePath }}"
+          - name: CS_TRUST_STORE_PASSWORD
+            value: "{{ .Values.config.cassandraTrustStorePassword }}"
           - name: SDC_PROTOCOL
             value: "{{ .Values.config.sdcProtocol }}"
           - name: SDC_ENDPOINT
@@ -89,5 +98,37 @@
             value: "{{ .Values.config.sdcExternalUser }}"
           - name: SDC_PASSWORD
             value: "{{ .Values.config.sdcExternalUserPassword }}"
+          - name: SERVER_SSL_ENABLED
+            value: "{{ .Values.config.serverSSLEnabled }}"
+          - name: SERVER_SSL_KEYSTORE_TYPE
+            value: "{{ .Values.config.ser }}"
+          - name: SERVER_SSL_KEYSTORE_PATH
+            value: "{{ .Values.config.serverSSLKeyStorePath }}"
+          - name: SERVER_SSL_KEY_PASSWORD
+            value: "{{ .Values.config.serverSSLKeyPassword }}"
+          volumeMounts:
+          {{ if .Values.config.cassandraSSLEnabled }}
+          - name: {{ include "common.fullname" . }}-cassandra-client-truststore
+            mountPath: /config/cassandra-client-truststore
+            subPath: truststore
+            readOnly: true
+          {{- end }}
+          {{ if .Values.config.serverSSLEnabled }}
+          - name: {{ include "common.fullname" . }}-server-https-keystore
+            mountPath: /config/server-https-keystore
+            subPath: keystore
+            readOnly: true
+          {{- end }}
+      volumes:
+      {{ if .Values.config.cassandraSSLEnabled }}
+      - name: {{ include "common.fullname" . }}-cassandra-client-truststore
+        hostPath:
+          path: /config/cassandra-client-truststore
+      {{- end }}
+      {{ if .Values.config.serverSSLEnabled }}
+      - name: {{ include "common.fullname" . }}-server-https-keystore
+        hostPath:
+          path: /config/server-https-keystore
+      {{- end }}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"

kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml

diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml b/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml
index 2cfdacb..38f526d 100644
--- a/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml
@@ -58,7 +58,7 @@
         - name: CS_PORT
           value: "{{ .Values.config.cassandraThriftClientPort }}"
         - name: CS_AUTHENTICATE
-          value: "{{ .Values.config.cassandaAuthenticationEnabled }}"
+          value: "{{ .Values.config.cassandraAuthenticationEnabled }}"
         - name: CS_USER
           valueFrom:
             secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: sdc_user}

kubernetes/sdc/charts/sdc-wfd-be/values.yaml

diff --git a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
index 8f41fbd..ed8833a 100644
--- a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
@@ -40,7 +40,7 @@
 
 config:
   javaOptions: "-Xdebug -agentlib:jdwp=transport=dt_socket,address=7001,server=y,suspend=n -Xmx1536m -Xms1536m"
-  cassandaAuthenticationEnabled: true
+  cassandraAuthenticationEnabled: true
   cassandraHosts: sdc-cs
   cassandraThriftClientPort: 9160
   cassandraClientPort: 9042
@@ -48,6 +48,13 @@
   sdcEndpoint: sdc-be:8080
   sdcExternalUser: workflow
   sdcExternalUserPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+  serverSSLEnabled: false
+  serverSSLKeyStoreType: jks
+  serverSSLKeyStorePath: /config/server-https-keystore/keystore
+  serverSSLKeyPassword: password
+  cassandraSSLEnabled: false
+  cassandraTrustStorePath: /config/cassandra-client-truststore/truststore
+  cassandraTrustStorePassword: password
 
 # default number of instances
 replicaCount: 1
@@ -72,6 +79,8 @@
   type: NodePort
   internalPort: 8080
   externalPort: 8080
+  internalPort2: 8443
+  externalPort2: 8443
   portName: sdc-wfd-be
   nodePort: "57"