feat: Enable ssl in status component (#1878)

* feat: Enable ssl in status component

* fixup! feat: Enable ssl in status component

catalog/helm/templates/status/deployment.yaml

@@ -41,9 +41,21 @@ spec:
         livenessProbe:
           initialDelaySeconds: 30
           tcpSocket:
-            port: 8080
+            port: 443
           timeoutSeconds: 1
         {{- with .Values.status.resources }}
         resources:
           {{- toYaml . | nindent 10 }}
         {{- end }}
+        ports:
+        - containerPort: 443
+          name: public
+          protocol: TCP
+        volumeMounts:
+        - name: proxy-tls
+          mountPath: /etc/tls/private
+      volumes:
+      - name: proxy-tls
+        secret:
+          defaultMode: 0644
+          secretName: {{ printf "%s-tls" (include "babylonCatalog.statusName" .) }}

catalog/helm/templates/status/route.yaml

@@ -20,6 +20,8 @@ spec:
   to:
     kind: Service
     name: {{ include "babylonCatalog.statusName" . }}
+  port:
+    targetPort: proxy
 {{- if and .Values.route.certManager.enable .Values.status.host }}
 ---
 apiVersion: cert-manager.io/v1

catalog/helm/templates/status/service.yaml

@@ -10,7 +10,7 @@ spec:
   - name: proxy
     port: 443
     protocol: TCP
-    targetPort: 8080
+    targetPort: 443
   selector:
     {{- include "babylonCatalog.statusSelectorLabels" . | nindent 4 }}
   type: ClusterIP

catalog/helm/values.yaml

@@ -50,7 +50,7 @@ status:
   name: # default use chart name + '-status'
   image:
     #override:
-    tag: v0.0.1
+    tag: v0.0.2
     repository: quay.io/redhat-gpte/babylon-catalog-status
     pullPolicy: IfNotPresent
   replicaCount: 1

catalog/status/Dockerfile

@@ -19,3 +19,4 @@ USER 1001
 CMD /usr/libexec/s2i/run
 
 EXPOSE 8080
+EXPOSE 443

catalog/status/nginx-default-cfg/redirect.conf

@@ -1,3 +1,13 @@
+server {
+  listen 8080;
+  listen 443 ssl;
+  ssl_certificate_key /etc/tls/private/tls.key;
+  ssl_certificate /etc/tls/private/tls.crt;
+  ssl_session_timeout 5m;
+  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+  ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
+  ssl_prefer_server_ciphers on;
+}
 location ~* \.(?:css|js)$ {
   try_files $uri =404;
   access_log off;

helm/templates/catalog/interfaces/status/deployment.yaml

@@ -32,12 +32,19 @@ spec:
         livenessProbe:
           initialDelaySeconds: 30
           tcpSocket:
-            port: 8080
+            port: 443
           timeoutSeconds: 1
         {{- with $status.resources }}
         resources:
           {{- toYaml . | nindent 10 }}
         {{- end }}
+        ports:
+        - containerPort: 443
+          name: public
+          protocol: TCP
+        volumeMounts:
+        - name: proxy-tls
+          mountPath: /etc/tls/private
       {{- with $status.image.pullSecrets }}
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
@@ -51,4 +58,9 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      volumes:
+      - name: proxy-tls
+        secret:
+          defaultMode: 0644
+          secretName: babylon-catalog-status-tls
 {{- end }}

helm/templates/catalog/interfaces/status/route.yaml

@@ -23,5 +23,7 @@ spec:
     kind: Service
     name: babylon-catalog-status
     weight: 100
+  port:
+    targetPort: proxy
   wildcardPolicy: None
 {{- end }}

helm/templates/catalog/interfaces/status/service.yaml

@@ -13,7 +13,7 @@ spec:
   - name: proxy
     port: 443
     protocol: TCP
-    targetPort: 8080
+    targetPort: 443
   selector:
     {{- include "babylon.selectorLabels" $ | nindent 4 }}
     app.kubernetes.io/component: catalog-status

helm/values.yaml

@@ -139,7 +139,7 @@ catalog:
           memory: "256Mi"
     status:
       image:
-        tag: v0.0.1
+        tag: v0.0.2
         repository: quay.io/redhat-gpte/babylon-catalog-status
         pullPolicy: IfNotPresent
       replicaCount: 1