Support HTTPS and SSL Cassandra in workflow

1. Added multiple property mapping parameters.
2. Added some placeholder volume mounts.
3. Refactored few property names.
4. Didn't expose service on HTTPS due to absence of preserved node port.

Change-Id: I55e66b5a1ff8798afa86088428d304f932ac37f8
Issue-ID: OOM-1740
Signed-off-by: priyanshua <pagarwal@amdocs.com>

diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml
index 84285c4..26ad055 100644 (file)
--- a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml
@@ -54,6 +54,7 @@ spec:
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           ports:
           - containerPort: {{ .Values.service.internalPort }}
+          - containerPort: {{ .Values.service.internalPort2 }}
           # disable liveness probe when breakpoints set in debugger
           # so K8s doesn't restart unresponsive container
           {{ if .Values.liveness.enabled }}
@@ -75,12 +76,20 @@ spec:
             value: "{{ .Values.config.cassandraHosts }}"
           - name: CS_PORT
             value: "{{ .Values.config.cassandraClientPort }}"
+          - name: CS_AUTHENTICATE
+            value: "{{ .Values.config.cassandraAuthenticationEnabled }}"
           - name: CS_USER
             valueFrom:
               secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: sdc_user}
           - name: CS_PASSWORD
             valueFrom:
               secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: sdc_password}
+          - name: CS_SSL_ENABLED
+            value: "{{ .Values.config.cassandraSSLEnabled }}"
+          - name: CS_TRUST_STORE_PATH
+            value: "{{ .Values.config.cassandraTrustStorePath }}"
+          - name: CS_TRUST_STORE_PASSWORD
+            value: "{{ .Values.config.cassandraTrustStorePassword }}"
           - name: SDC_PROTOCOL
             value: "{{ .Values.config.sdcProtocol }}"
           - name: SDC_ENDPOINT
@@ -89,5 +98,37 @@ spec:
             value: "{{ .Values.config.sdcExternalUser }}"
           - name: SDC_PASSWORD
             value: "{{ .Values.config.sdcExternalUserPassword }}"
+          - name: SERVER_SSL_ENABLED
+            value: "{{ .Values.config.serverSSLEnabled }}"
+          - name: SERVER_SSL_KEYSTORE_TYPE
+            value: "{{ .Values.config.ser }}"
+          - name: SERVER_SSL_KEYSTORE_PATH
+            value: "{{ .Values.config.serverSSLKeyStorePath }}"
+          - name: SERVER_SSL_KEY_PASSWORD
+            value: "{{ .Values.config.serverSSLKeyPassword }}"
+          volumeMounts:
+          {{ if .Values.config.cassandraSSLEnabled }}
+          - name: {{ include "common.fullname" . }}-cassandra-client-truststore
+            mountPath: /config/cassandra-client-truststore
+            subPath: truststore
+            readOnly: true
+          {{- end }}
+          {{ if .Values.config.serverSSLEnabled }}
+          - name: {{ include "common.fullname" . }}-server-https-keystore
+            mountPath: /config/server-https-keystore
+            subPath: keystore
+            readOnly: true
+          {{- end }}
+      volumes:
+      {{ if .Values.config.cassandraSSLEnabled }}
+      - name: {{ include "common.fullname" . }}-cassandra-client-truststore
+        hostPath:
+          path: /config/cassandra-client-truststore
+      {{- end }}
+      {{ if .Values.config.serverSSLEnabled }}
+      - name: {{ include "common.fullname" . }}-server-https-keystore
+        hostPath:
+          path: /config/server-https-keystore
+      {{- end }}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"

diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml b/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml
index 2cfdacb..38f526d 100644 (file)
--- a/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml
@@ -58,7 +58,7 @@ spec:
         - name: CS_PORT
           value: "{{ .Values.config.cassandraThriftClientPort }}"
         - name: CS_AUTHENTICATE
-          value: "{{ .Values.config.cassandaAuthenticationEnabled }}"
+          value: "{{ .Values.config.cassandraAuthenticationEnabled }}"
         - name: CS_USER
           valueFrom:
             secretKeyRef: {name: {{ .Release.Name }}-sdc-cs-secrets, key: sdc_user}

diff --git a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
index 8f41fbd..ed8833a 100644 (file)
--- a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
+++ b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml
@@ -40,7 +40,7 @@ initJob:
 
 config:
   javaOptions: "-Xdebug -agentlib:jdwp=transport=dt_socket,address=7001,server=y,suspend=n -Xmx1536m -Xms1536m"
-  cassandaAuthenticationEnabled: true
+  cassandraAuthenticationEnabled: true
   cassandraHosts: sdc-cs
   cassandraThriftClientPort: 9160
   cassandraClientPort: 9042
@@ -48,6 +48,13 @@ config:
   sdcEndpoint: sdc-be:8080
   sdcExternalUser: workflow
   sdcExternalUserPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+  serverSSLEnabled: false
+  serverSSLKeyStoreType: jks
+  serverSSLKeyStorePath: /config/server-https-keystore/keystore
+  serverSSLKeyPassword: password
+  cassandraSSLEnabled: false
+  cassandraTrustStorePath: /config/cassandra-client-truststore/truststore
+  cassandraTrustStorePassword: password
 
 # default number of instances
 replicaCount: 1
@@ -72,6 +79,8 @@ service:
   type: NodePort
   internalPort: 8080
   externalPort: 8080
+  internalPort2: 8443
+  externalPort2: 8443
   portName: sdc-wfd-be
   nodePort: "57"