X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fcommon%2Fcommon%2Ftemplates%2F_pod.tpl;h=810350bfa689e5c173a19c581ddf9522796b4651;hb=refs%2Fheads%2Fmaster;hp=9329572a923cebdae5059b3da652001ba8a25e2f;hpb=1a3678797eae08ff2acd5c02aa25a21be5328d1a;p=oom.git

diff --git a/kubernetes/common/common/templates/_pod.tpl b/kubernetes/common/common/templates/_pod.tpl
index 9329572a92..810350bfa6 100644
--- a/kubernetes/common/common/templates/_pod.tpl
+++ b/kubernetes/common/common/templates/_pod.tpl
@@ -19,10 +19,12 @@
   Will use first ".Values.service.ports" list.
   Will append ports from ".Values.service.headlessPorts" only if port number is
   not already in port list.
+  Will add tls port AND plain port if both_tls_and_plain is set to true
 */}}
 {{- define "common.containerPorts" -}}
 {{-   $ports := default (list) .Values.service.ports }}
 {{-   $portsNumber := list }}
+{{-   $both_tls_and_plain:= default false .Values.service.both_tls_and_plain }}
 {{-   range $index, $port := $ports }}
 {{-     $portsNumber = append $portsNumber $port.port }}
 {{-   end }}
@@ -31,8 +33,40 @@
 {{-       $ports = append $ports $port }}
 {{-     end }}
 {{-   end }}
+{{- $global := . }}
 {{-   range $index, $port := $ports }}
-- containerPort: {{ $port.port }}
+{{-     if (include "common.needTLS" $global) }}
+- containerPort: {{ default $port.port $port.internal_port }}
+{{-     else }}
+- containerPort: {{ default (default $port.port $port.internal_port) (default $port.plain_port $port.internal_plain_port) }}
+{{-     end }}
   name: {{ $port.name }}
+{{-     if (and $port.plain_port (and (include "common.needTLS" $global) $both_tls_and_plain))  }}
+- containerPort: {{ default $port.plain_port $port.internal_plain_port }}
+  name: {{ $port.name }}-plain
+{{-     end }}
+{{-     if $port.l4_protocol }}
+  protocol: {{ $port.l4_protocol }}
+{{-     end }}
 {{-   end }}
 {{- end -}}
+
+{{/*
+   Generate securityContext for pod
+*/}}
+{{- define "common.podSecurityContext" -}}
+securityContext:
+  runAsUser: {{ .Values.securityContext.user_id }}
+  runAsGroup: {{ .Values.securityContext.group_id }}
+  fsGroup: {{ .Values.securityContext.group_id }}
+{{- end }}
+
+{{/*
+   Generate securityContext for container
+*/}}
+{{- define "common.containerSecurityContext" -}}
+securityContext:
+  readOnlyRootFilesystem: true
+  privileged: false
+  allowPrivilegeEscalation: false
+{{- end }}