Gitiles
Code Review Sign In
gerrit.nordix.org / onap / oom / c80bff934c950c2ad75fe06b0abcc91502f57fdf^! / . / kubernetes / sdc / charts / sdc-wfd-fe / templates
commitc80bff934c950c2ad75fe06b0abcc91502f57fdf[log] [tgz]
authorIlanaP <ilanap@amdocs.com>Mon Nov 18 21:10:08 2019 +0200
committerIlanaP <ilanap@amdocs.com>Tue Dec 17 14:27:45 2019 +0200
treec75408726c62d0e38c295c0aa10686cac23f2f9b
parent8501d7cee5a887f9e19d5fe3671ef8180bce526b [diff]
Secure FE communications to the workflow backend

Update of the workflow fe and be charts to secure the communications and to start the backend server is https mode with a secured connection to SDC

Issue-ID: OOM-1954

Signed-off-by: IlanaP <ilanap@amdocs.com>
Change-Id: Ia3c4c714e317b8f8b6b4ee9245daa50eea50275f
Signed-off-by: IlanaP <ilanap@amdocs.com>

diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/_helper.tpl b/kubernetes/sdc/charts/sdc-wfd-fe/templates/_helper.tpl
new file mode 100644
index 0000000..546bab7
--- /dev/null
+++ b/kubernetes/sdc/charts/sdc-wfd-fe/templates/_helper.tpl

@@ -0,0 +1 @@
+{{- define "wfd-fe.internalPort" }}{{ if .Values.config.isHttpsEnabled }}{{ .Values.service.internalPort2 }}{{ else }}{{ .Values.service.internalPort }}{{ end }}{{- end }}

diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml
index 1daee71..08ecaa6 100644
--- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-fe/templates/deployment.yaml

@@ -50,18 +50,17 @@
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
-          - containerPort: {{ .Values.service.internalPort }}
-          - containerPort: {{ .Values.service.internalPort2 }}
+          - containerPort: {{ template "wfd-fe.internalPort" . }}
           {{ if .Values.liveness.enabled }}
           livenessProbe:
             tcpSocket:
-              port: {{ .Values.service.internalPort }}
+              port: {{ template "wfd-fe.internalPort" . }}
             initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
             periodSeconds: {{ .Values.liveness.periodSeconds }}
           {{ end }}
           readinessProbe:
             tcpSocket:
-              port: {{ .Values.service.internalPort }}
+              port: {{ template "wfd-fe.internalPort" . }}
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
           env:
@@ -75,13 +74,17 @@
             value: "{{ .Values.config.isHttpsEnabled}}"
             {{ if and .Values.config.isHttpsEnabled (eq .Values.security.isDefaultStore false) }}
           - name: KEYSTORE_PASS
-            value: "{{ .Values.security.keystorePass}}"
+            valueFrom:
+              secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: keystore_password}
           - name: TRUSTSTORE_PASS
-            value: "{{ .Values.security.truststorePass}}"
+            valueFrom:
+              secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: truststore_password}
           - name: TRUSTSTORE_PATH
             value: "{{ .Values.security.storePath }}/{{ .Values.security.truststoreFilename }}"
           - name: KEYSTORE_PATH
             value: "{{ .Values.security.storePath }}/{{ .Values.security.keystoreFilename }}"
+          - name: TRUST_ALL
+            value: "{{ .Values.config.isTrustAll}}"
             {{ end }}
           volumeMounts:
           - name: {{ include "common.fullname" . }}-localtime

diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml
index 87ca360..d8a1055 100644
--- a/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-fe/templates/service.yaml

@@ -29,7 +29,7 @@
           "version": "v1",
           "url": "/",
           "protocol": "UI",
-          "port": "{{ .Values.service.internalPort }}",
+          "port": "{{ .Values.service.internalPort2 }}",
           "visualRange":"0|1"
       }
       ]'
@@ -37,19 +37,13 @@
   type: {{ .Values.service.type }}
   ports:
     {{if eq .Values.service.type "NodePort" -}}
-    - port: {{ .Values.service.internalPort }}
+    - port: {{ template "wfd-fe.internalPort" . }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
-      name: {{ .Values.service.portName | default "http" }}
-    - port: {{ .Values.service.internalPort2 }}
-      nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort2 }}
-      name: {{ .Values.service.portName2 | default "https" }}
+      name: {{ .Values.service.portName  }}
     {{- else -}}
-    - port: {{ .Values.service.externalPort }}
-      targetPort: {{ .Values.service.internalPort }}
-      name: {{ .Values.service.portName | default "http" }}
-    - port: {{ .Values.service.externalPort2 }}
-      targetPort: {{ .Values.service.internalPort2 }}
-      name: {{ .Values.service.portName2 | default "https" }}
+    - port:  {{ if .Values.config.isHttpsEnabled }}{{ .Values.service.externalPort2 }}{{ else }}{{ .Values.service.externalPort }}{{ end }}
+      targetPort: {{ template "wfd-fe.internalPort" . }}
+      name: {{ .Values.service.portName }}
     {{- end}}
   selector:
     app: {{ include "common.name" . }}