From: priyanshu Date: Tue, 26 Mar 2019 12:32:33 +0000 (+0530) Subject: Support HTTPS and SSL Cassandra in workflow X-Git-Tag: 4.0.0-ONAP~277^2 X-Git-Url: https://gerrit.onap.org/r/gitweb?p=oom.git;a=commitdiff_plain;h=5698c8336a4ee58e396654c1463cd7b104d0f9be Support HTTPS and SSL Cassandra in workflow 1. Moved certificate related info to helper file. 2. Minor bug fix Change-Id: I6769515e5ea4823309ffa478ea737234e9171b68 Issue-ID: OOM-1740 Signed-off-by: priyanshua --- diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/_helper.tpl b/kubernetes/sdc/charts/sdc-wfd-be/templates/_helper.tpl new file mode 100644 index 0000000000..c69fb7c81c --- /dev/null +++ b/kubernetes/sdc/charts/sdc-wfd-be/templates/_helper.tpl @@ -0,0 +1,29 @@ +{{- define "sdc-wfd-be.volumes" }} + {{ if .Values.config.cassandraSSLEnabled }} + - name: {{ include "common.fullname" . }}-cassandra-client-truststore + hostPath: + path: /etc/cassandra-client-truststore/truststore + type: File + {{- end }} + {{ if .Values.config.serverSSLEnabled }} + - name: {{ include "common.fullname" . }}-server-https-keystore + hostPath: + path: /config/server-https-keystore/keystore + type: File + {{- end }} +{{- end }} + +{{- define "sdc-wfd-be.volumeMounts" }} + {{ if .Values.config.cassandraSSLEnabled }} + - name: {{ include "common.fullname" . }}-cassandra-client-truststore + mountPath: /etc/cassandra-client-truststore/truststore + subPath: truststore + readOnly: true + {{- end }} + {{ if .Values.config.serverSSLEnabled }} + - name: {{ include "common.fullname" . }}-server-https-keystore + mountPath: /etc/server-https-keystore/keystore + subPath: keystore + readOnly: true + {{- end }} +{{- end }} \ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml index 26ad05555a..bb96d342f7 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-be/templates/deployment.yaml @@ -101,34 +101,14 @@ spec: - name: SERVER_SSL_ENABLED value: "{{ .Values.config.serverSSLEnabled }}" - name: SERVER_SSL_KEYSTORE_TYPE - value: "{{ .Values.config.ser }}" + value: "{{ .Values.config.serverSSLKeyStoreType }}" - name: SERVER_SSL_KEYSTORE_PATH value: "{{ .Values.config.serverSSLKeyStorePath }}" - name: SERVER_SSL_KEY_PASSWORD value: "{{ .Values.config.serverSSLKeyPassword }}" volumeMounts: - {{ if .Values.config.cassandraSSLEnabled }} - - name: {{ include "common.fullname" . }}-cassandra-client-truststore - mountPath: /config/cassandra-client-truststore - subPath: truststore - readOnly: true - {{- end }} - {{ if .Values.config.serverSSLEnabled }} - - name: {{ include "common.fullname" . }}-server-https-keystore - mountPath: /config/server-https-keystore - subPath: keystore - readOnly: true - {{- end }} + {{- template "sdc-wfd-be.volumeMounts" . }} volumes: - {{ if .Values.config.cassandraSSLEnabled }} - - name: {{ include "common.fullname" . }}-cassandra-client-truststore - hostPath: - path: /config/cassandra-client-truststore - {{- end }} - {{ if .Values.config.serverSSLEnabled }} - - name: {{ include "common.fullname" . }}-server-https-keystore - hostPath: - path: /config/server-https-keystore - {{- end }} + {{- template "sdc-wfd-be.volumes" . }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml index ed8833a9e5..63554369ed 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml @@ -50,10 +50,10 @@ config: sdcExternalUserPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U serverSSLEnabled: false serverSSLKeyStoreType: jks - serverSSLKeyStorePath: /config/server-https-keystore/keystore + serverSSLKeyStorePath: /etc/server-https-keystore/keystore serverSSLKeyPassword: password cassandraSSLEnabled: false - cassandraTrustStorePath: /config/cassandra-client-truststore/truststore + cassandraTrustStorePath: /etc/cassandra-client-truststore/truststore cassandraTrustStorePassword: password # default number of instances