From: Alexis de Talhouët <adetalhouet89@gmail.com>
Date: Tue, 14 May 2019 12:45:57 +0000 (+0000)
Subject: Merge "Disable unsecure DMaaP NodePorts"
X-Git-Tag: 4.0.0-ONAP~94
X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=a2b2dd4898ea5c208e5e0315ee398ffa50c263db;hp=d4ed00562bbd0ff18f4faac54875058e30d3d183;p=oom.git

Merge "Disable unsecure DMaaP NodePorts"
---

diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/service.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/service.yaml
index 4b51d44fa2..200988a3e2 100644
--- a/kubernetes/dmaap/components/dmaap-bc/templates/service.yaml
+++ b/kubernetes/dmaap/components/dmaap-bc/templates/service.yaml
@@ -27,10 +27,12 @@ spec:
   type: {{ .Values.service.type }}
   ports:
     {{if eq .Values.service.type "NodePort" -}}
+    {{- if .Values.global.allow_http }}
     - port: {{ .Values.service.externalPort }}
       targetPort: {{ .Values.service.internalPort }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
       name: {{ .Values.service.name }}
+    {{- end}}
     - port: {{ .Values.service.externalPort2 }}
       targetPort: {{ .Values.service.internalPort2 }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml
index c935ce4ca6..633898c213 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml
@@ -28,10 +28,12 @@ spec:
   type: {{.Values.config.dmaapDrNode.servicetype}}
   ports:
     {{if eq .Values.config.dmaapDrNode.servicetype "NodePort" -}}
+    {{- if .Values.global.allow_http }}
     - port: {{.Values.config.dmaapDrNode.externalPort}}
       targetPort: {{.Values.config.dmaapDrNode.internalPort}}
       nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{.Values.config.dmaapDrNode.nodePort}}
       name: {{.Values.config.dmaapDrNode.name}}
+    {{- end}}
     - port: {{.Values.config.dmaapDrNode.externalPort2}}
       targetPort: {{.Values.config.dmaapDrNode.internalPort2}}
       nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{.Values.config.dmaapDrNode.nodePort2}}
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml
index 691c9dcc9f..0b40389b55 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml
@@ -30,7 +30,7 @@ metadata:
           "version": "v1",
           "url": "/",
           "protocol": "REST",
-          "port": "{{.Values.config.dmaapDrProv.externalPort}}",
+          "port": "{{.Values.config.dmaapDrProv.externalPort2}}",
           "visualRange":"1"
       }
       ]'
@@ -38,11 +38,13 @@ metadata:
 spec:
   type: {{.Values.config.dmaapDrProv.servicetype}}
   ports:
-    {{if eq .Values.config.dmaapDrProv.servicetype "NodePort" -}}
+    {{- if eq .Values.config.dmaapDrProv.servicetype "NodePort" }}
+    {{- if .Values.global.allow_http }}
     - port: {{.Values.config.dmaapDrProv.externalPort}}
       targetPort: {{.Values.config.dmaapDrProv.internalPort}}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{.Values.config.dmaapDrProv.nodePort}}
       name: {{.Values.config.dmaapDrProv.name}}
+    {{- end}}
     - port: {{.Values.config.dmaapDrProv.externalPort2}}
       targetPort: {{.Values.config.dmaapDrProv.internalPort2}}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{.Values.config.dmaapDrProv.nodePort2}}
diff --git a/kubernetes/dmaap/components/message-router/templates/service.yaml b/kubernetes/dmaap/components/message-router/templates/service.yaml
index dfd90b28f2..1bce881a8e 100644
--- a/kubernetes/dmaap/components/message-router/templates/service.yaml
+++ b/kubernetes/dmaap/components/message-router/templates/service.yaml
@@ -39,9 +39,11 @@ spec:
   type: {{ .Values.service.type }}
   ports:
     {{if eq .Values.service.type "NodePort" -}}
+    {{- if .Values.global.allow_http }}
     - port: {{ .Values.service.externalPort }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
       name: {{ .Values.service.portName }}-{{ .Values.service.externalPort }}
+    {{- end}}
     - port: {{ .Values.service.externalPort2 }}
       nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
       name: {{ .Values.service.portName }}-{{ .Values.service.externalPort2 }}
diff --git a/kubernetes/dmaap/values.yaml b/kubernetes/dmaap/values.yaml
index aa5165d443..333a3e3f6d 100644
--- a/kubernetes/dmaap/values.yaml
+++ b/kubernetes/dmaap/values.yaml
@@ -23,6 +23,10 @@ global:
   loggingRepository: docker.elastic.co
   loggingImage: beats/filebeat:5.5.0
   clientImage: onap/dmaap/dbc-client:1.0.9
+
+#Global DMaaP app config
+  allow_http: false
+
 # application configuration
 config:
   logstashServiceName: log-ls