[VNFSDK] Make VNFSDK ServiceMesh ready

Disable TLS interface, add job sidecar cleanup and cleanup charts Fix the deployment.yaml Issue-ID: OOM-3095 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: I88a9b01ecf5e4cbb247346b6b2da1c521199a2fb
author: Andreas Geissler <andreas-geissler@telekom.de> 2023-02-27 10:31:01 +0100
committer: Andreas Geissler <andreas-geissler@telekom.de> 2023-02-28 20:30:10 +0100
commit: 7479042d780f5c9281c67d141ac61ca0c0c76529 (patch)
tree: 6a39f8bad99b53a4339649ed09df01584df3b14c
parent: a7eeecb520f5046e490fa3f4cd6bfc52265f9799 (diff)
7 files changed, 49 insertions, 106 deletions
diff --git a/kubernetes/vnfsdk/Chart.yaml b/kubernetes/vnfsdk/Chart.yaml
index 1c67281798..52eec854d8 100644
--- a/kubernetes/vnfsdk/Chart.yaml
+++ b/kubernetes/vnfsdk/Chart.yaml
@@ -23,12 +23,12 @@ dependencies:
   - name: common
     version: ~12.x-0
     repository: '@local'
-  - name: certInitializer
-    version: ~12.x-0
-    repository: '@local'
   - name: postgres
     version: ~12.x-0
     repository: '@local'
   - name: repositoryGenerator
     version: ~12.x-0
     repository: '@local'
+  - name: readinessCheck
+    version: ~12.x-0
+    repository: '@local'
diff --git a/kubernetes/vnfsdk/resources/nginx/nginx.conf b/kubernetes/vnfsdk/resources/nginx/nginx.conf
index d26cc5d813..9d7aa78b36 100644
--- a/kubernetes/vnfsdk/resources/nginx/nginx.conf
+++ b/kubernetes/vnfsdk/resources/nginx/nginx.conf
@@ -38,16 +38,8 @@ http {
         error_log            /var/log/nginx/error.log;
 
     server {
-         listen *:8703 ssl;
-        server_name
-        ssl on;
-        ssl_certificate           {{ .Values.certInitializer.credsPath }}/certs/cert.pem;
-        ssl_certificate_key       {{ .Values.certInitializer.credsPath }}/certs/cert.key;
-        ssl_session_cache  builtin:1000  shared:SSL:80m;
-        ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
-        ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
-        ssl_prefer_server_ciphers on;
-        ssl_session_timeout 10m;
+        listen      {{ .Values.service.internalPort }};
+        server_name {{ .Values.service.name }};
         keepalive_timeout   70;
 
         location / {
diff --git a/kubernetes/vnfsdk/templates/deployment.yaml b/kubernetes/vnfsdk/templates/deployment.yaml
index 89eba2f360..9ba8f27521 100644
--- a/kubernetes/vnfsdk/templates/deployment.yaml
+++ b/kubernetes/vnfsdk/templates/deployment.yaml
@@ -1,5 +1,6 @@
 {{/*
 # Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2023 Deutsche Telekom
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -16,26 +17,14 @@
 
 apiVersion: apps/v1
 kind: Deployment
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
 spec:
-  selector:
-    matchLabels:
-      app: {{ include "common.name" . }}
+  selector: {{- include "common.selectors" . | nindent 4 }}
+  replicas: {{ .Values.replicaCount }}
   template:
-    metadata:
-      labels:
-        app: {{ include "common.name" . }}
-        release: {{ include "common.release" . }}
-      name: {{ include "common.name" . }}
+    metadata: {{- include "common.templateMetadata" . | nindent 6 }}
     spec:
-      initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+      initContainers:
       - command:
         - sh
         args:
@@ -54,28 +43,14 @@ spec:
         image: {{ include "repositoryGenerator.image.envsubst" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}-update-config
-
-      - command:
-        - /app/ready.py
-        args:
-        - --container-name
-        - "{{ .Values.postgres.nameOverride }}"
-        env:
-        - name: NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-        image: {{ include "repositoryGenerator.image.readiness" . }}
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        name: {{ include "common.name" . }}-readiness
+      {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
       containers:
       - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         name: {{ include "common.name" . }}
-        resources:
-{{ include "common.resources" . | indent 12 }}
-        volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+        ports: {{ include "common.containerPorts" . | nindent 8  }}
+        resources: {{ include "common.resources" . | nindent 10 }}
+        volumeMounts:
         - mountPath: /service/webapps/ROOT/WEB-INF/classes/mybatis/configuration/configuration.xml
           name: init-data
           subPath: configuration.xml
@@ -89,7 +64,7 @@ spec:
           periodSeconds: {{ .Values.readiness.periodSeconds }}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
-      volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+      volumes:
       - name: init-data-input
         configMap:
           name: {{ include "common.fullname" . }}
diff --git a/kubernetes/vnfsdk/templates/ingress.yaml b/kubernetes/vnfsdk/templates/ingress.yaml
index 8f87c68f1e..1f6ec7ab0e 100644
--- a/kubernetes/vnfsdk/templates/ingress.yaml
+++ b/kubernetes/vnfsdk/templates/ingress.yaml
@@ -1 +1,17 @@
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
 {{ include "common.ingress" . }}
diff --git a/kubernetes/vnfsdk/templates/job.yaml b/kubernetes/vnfsdk/templates/job.yaml
index 7c320fc86f..5e9ad8a6fc 100644
--- a/kubernetes/vnfsdk/templates/job.yaml
+++ b/kubernetes/vnfsdk/templates/job.yaml
@@ -1,5 +1,6 @@
 {{/*
 # Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2023 Deutsche Telekom
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -66,6 +67,7 @@ spec:
         - name: init-data
           mountPath: /aaa/init/marketplace_tables_postgres.sql
           subPath: marketplace_tables_postgres.sql
+      {{ include "common.waitForJobContainer" . | indent 6 | trim }}
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
       volumes:
diff --git a/kubernetes/vnfsdk/templates/service.yaml b/kubernetes/vnfsdk/templates/service.yaml
index 25786bd7ad..6127b2b373 100644
--- a/kubernetes/vnfsdk/templates/service.yaml
+++ b/kubernetes/vnfsdk/templates/service.yaml
@@ -1,5 +1,6 @@
 {{/*
 # Copyright © 2017 Amdocs, Bell Canada
+# Modification © 2023 Deutsche Telekom
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -14,27 +15,4 @@
 # limitations under the License.
 */}}
 
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "common.servicename" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    {{if eq .Values.service.type "NodePort" -}}
-    - port: {{ .Values.service.internalPort }}
-      nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
-    {{- else -}}
-    - port: {{ .Values.service.externalPort }}
-      targetPort: {{ .Values.service.internalPort }}
-    {{- end}}
-      name: {{ .Values.service.portName | default "http" }}
-  selector:
-    app: {{ include "common.name" . }}
-    release: {{ include "common.release" . }}
+{{ include "common.service" . }}
+\ No newline at end of file
diff --git a/kubernetes/vnfsdk/values.yaml b/kubernetes/vnfsdk/values.yaml
index a19f15d991..654657273c 100644
--- a/kubernetes/vnfsdk/values.yaml
+++ b/kubernetes/vnfsdk/values.yaml
@@ -1,4 +1,5 @@
 # Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2023 Deutsche Telekom
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -34,37 +35,6 @@ secrets:
     passwordPolicy: generate
 
 #################################################################
-# AAF part
-#################################################################
-certInitializer:
-  nameOverride: refrepo-cert-initializer
-  aafDeployFqi: deployer@people.osaaf.org
-  aafDeployPass: demo123456!
-  # aafDeployCredsExternalSecret: some secret
-  fqdn: refrepo
-  fqi: refrepo@refrepo.onap.org
-  fqi_namespace: org.onap.refrepo
-  public_fqdn: refrepo.onap.org
-  cadi_longitude: "0.0"
-  cadi_latitude: "0.0"
-  app_ns: org.osaaf.aaf
-  credsPath: /opt/app/osaaf/local
-  aaf_add_config: |
-    echo "*** transform AAF certs into pem files"
-    mkdir -p {{ .Values.credsPath }}/certs
-    echo "keystore password: $$cadi_keystore_password_p12"
-    openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \
-      -nokeys -out {{ .Values.credsPath }}/certs/cert.pem \
-      -passin pass:$cadi_keystore_password_p12 \
-      -passout pass:$cadi_keystore_password_p12
-    echo "*** copy key"
-    cp {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key \
-      {{ .Values.credsPath }}/certs/cert.key
-    echo "*** change ownership of certificates to targeted user"
-    chown -R 999 {{ .Values.credsPath }}/certs
-
-
-#################################################################
 # Application configuration defaults.
 #################################################################
 # application image
@@ -133,9 +103,11 @@ readiness:
 service:
   type: NodePort
   name: refrepo
-  portName: https
-  nodePort: 97
   internalPort: 8703
+  ports:
+    - name: http
+      port: 8703
+      nodePort: '97'
 
 ingress:
   enabled: false
@@ -145,3 +117,11 @@ ingress:
       port: 8703
   config:
     ssl: "redirect"
+
+readinessCheck:
+  wait_for:
+    - '{{ .Values.postgres.nameOverride }}'
+
+wait_for_job_container:
+  containers:
+    - '{{ include "common.name" . }}-job'
author	Andreas Geissler <andreas-geissler@telekom.de>	2023-02-27 10:31:01 +0100
committer	Andreas Geissler <andreas-geissler@telekom.de>	2023-02-28 20:30:10 +0100
commit	7479042d780f5c9281c67d141ac61ca0c0c76529 (patch)
tree	6a39f8bad99b53a4339649ed09df01584df3b14c
parent	a7eeecb520f5046e490fa3f4cd6bfc52265f9799 (diff)