value: {{ .Values.config.javaOptions }}
- name: BACKEND
value: {{ .Values.config.backendServerURL }}
+ - name: IS_HTTPS
+ value: "{{ .Values.config.isHttpsEnabled}}"
+ {{ if and .Values.config.isHttpsEnabled (eq .Values.security.isDefaultStore false) }}
+ - name: KEYSTORE_PASS
+ {{- if .Values.global.security.keysFromCa }}
+ valueFrom:
+ secretKeyRef:
+ name: mft-sdc
+ key: keystore-password.txt
+ {{ else }}
+ value: {{ .Values.global.security.keyStorePass}}
+ {{- end }}
+ - name: TRUSTSTORE_PASS
+ {{- if .Values.global.security.keysFromCa }}
+ valueFrom:
+ secretKeyRef:
+ name: mft-catruststore
+ key: keystore-password.txt
+ {{ else }}
+ value: {{ .Values.global.security.trustStorePass}}
+ {{- end }}
+ - name: TRUSTSTORE_PATH
+ value: "{{ .Values.security.storePath }}/{{ .Values.security.truststoreFilename }}"
+ - name: KEYSTORE_PATH
+ value: "{{ .Values.security.storePath }}/{{ .Values.security.keystoreFilename }}"
+ - name: TRUSTSTORE_TYPE
+ value: {{ .Values.security.truststore.type }}
+ - name: KEYSTORE_TYPE
+ value: {{ .Values.security.keystore.type }}
+ {{ end }}
volumeMounts:
+ {{ if and .Values.config.isHttpsEnabled (eq .Values.security.isDefaultStore false) }}
+ - name: {{ include "common.fullname" . }}-jetty-https-truststore
+ mountPath: /var/lib/jetty/{{ .Values.security.storePath }}/{{ .Values.security.truststoreFilename }}
+ subPath: {{ .Values.security.truststoreFilename }}
+ - name: {{ include "common.fullname" . }}-jetty-https-keystore
+ mountPath: /var/lib/jetty/etc/{{ .Values.security.storePath }}/{{ .Values.security.keystoreFilename }}
+ subPath: {{ .Values.security.keystoreFilename }}
+ {{ end }}
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
name: {{ .Values.service.portName | default "http" }}
+ - port: {{ .Values.service.internalPort2 }}
+ nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort2 }}
+ name: {{ .Values.service.portName2 | default "https" }}
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
name: {{ .Values.service.portName | default "http" }}
+ - port: {{ .Values.service.externalPort2 }}
+ targetPort: {{ .Values.service.internalPort2 }}
+ name: {{ .Values.service.portName2 | default "https" }}
{{- end}}
selector:
app: {{ include "common.name" . }}
#################################################################
global:
nodePortPrefix: 302
+ nodePortPrefixExt: 304
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.2
loggingRepository: docker.elastic.co
config:
javaOptions: "-Xdebug -agentlib:jdwp=transport=dt_socket,address=7000,server=y,suspend=n -Xmx256m -Xms256m"
backendServerURL: "http://sdc-wfd-be:8080"
+ isHttpsEnabled: false
+
+# https relevant settings. Change in case you have other trust files then default ones.
+security:
+ isDefaultStore: true
+ truststoreType: "JKS"
+ keystoreType: "JKS"
+ truststoreFilename: "truststore"
+ keystoreFilename: "keystore"
+ storePath: "etc"
# default number of instances
replicaCount: 1
externalPort: 8080
portName: sdc-wfd-fe
nodePort: "56"
+ portName2: sdc-wfd-fe2
+ internalPort2: 8443
+ externalPort2: 8443
+ nodePort2: "31"
ingress:
enabled: false