Secure FE communications to the workflow backend

[oom.git] / kubernetes / sdc / charts / sdc-wfd-be / templates / deployment.yaml

diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml
index 31ab7d5..00a986f 100644 (file)
--- a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml
@@ -53,20 +53,19 @@ spec:
           image: "{{ include "common.repository" . }}/{{ .Values.image }}"
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
-          - containerPort: {{ .Values.service.internalPort }}
-          - containerPort: {{ .Values.service.internalPort2 }}
+          - containerPort: {{ template "wfd-be.internalPort" . }}
           # disable liveness probe when breakpoints set in debugger
           # so K8s doesn't restart unresponsive container
           {{ if .Values.liveness.enabled }}
           livenessProbe:
             tcpSocket:
-              port: {{ .Values.service.internalPort2 }}
+              port: {{ template "wfd-be.internalPort" . }}
             initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
             periodSeconds: {{ .Values.liveness.periodSeconds }}
           {{ end }}
           readinessProbe:
             tcpSocket:
-              port: {{ .Values.service.internalPort2 }}
+              port: {{ template "wfd-be.internalPort" . }}
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
           env:
@@ -89,7 +88,8 @@ spec:
           - name: CS_TRUST_STORE_PATH
             value: "{{ .Values.config.cassandraTrustStorePath }}"
           - name: CS_TRUST_STORE_PASSWORD
-            value: "{{ .Values.config.cassandraTrustStorePassword }}"
+            valueFrom:
+              secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: cs_truststore_password}
           - name: SDC_PROTOCOL
             value: "{{ .Values.config.sdcProtocol }}"
           - name: SDC_ENDPOINT
@@ -97,7 +97,8 @@ spec:
           - name: SDC_USER
             value: "{{ .Values.config.sdcExternalUser }}"
           - name: SDC_PASSWORD
-            value: "{{ .Values.config.sdcExternalUserPassword }}"
+            valueFrom:
+              secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: wf_external_user_password}
           - name: SERVER_SSL_ENABLED
             value: "{{ .Values.config.serverSSLEnabled }}"
           - name: SERVER_SSL_KEYSTORE_TYPE
@@ -105,10 +106,14 @@ spec:
           - name: SERVER_SSL_KEYSTORE_PATH
             value: "{{ .Values.config.serverSSLKeyStorePath }}"
           - name: SERVER_SSL_KEY_PASSWORD
-            value: "{{ .Values.config.serverSSLKeyPassword }}"
-          volumeMounts:
-            {{- template "sdc-wfd-be.volumeMounts" . }}
-      volumes:
-        {{- template "sdc-wfd-be.volumes" . }}
+            valueFrom:
+              secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: keystore_password}
+          - name: SERVER_SSL_TRUSTSTORE_TYPE
+            value: "{{ .Values.config.serverSSLTrustStoreType }}"
+          - name: SERVER_SSL_TRUSTSTORE_PATH
+            value: "{{ .Values.config.serverSSLTrustStorePath }}"
+          - name: SERVER_SSL_TRUST_PASSWORD
+            valueFrom:
+              secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: truststore_password}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"