diff options
| author |   Andreas Seelinger <Andreas.Seelinger@accenture.com> | 2024-10-29 13:34:07 +0100 |
|---|---|---|
| committer | Andreas Seelinger <andreas.seelinger@accenture.com> | 2024-11-05 11:34:05 +0100 |
| commit | 26092e3d55ec4d7be061fbedce43d7b27439af01 (patch) | |
| tree | f2115541fe8bb7ad34db73656146ca647b840350 | |
| parent | 3fbefc8f671e10cec549019123555c4c5f07b51f (diff) | |
Kyverno fixes for AAI
- Change entrypoint of aai-haproxy to remove the need to modify
resolvers.conf
- Need an updated version of the aai-helmcharts. Since resolvers.conf is
a config map now
Issue-ID: AAI-4043
Change-Id: I97092b293ec6c27dd23215918b5368de7570ad4b
Signed-off-by: Andreas Seelinger <Andreas.Seelinger@accenture.com>
4 files changed, 8 insertions, 38 deletions
diff --git a/aai-common-docker/aai-haproxy-image/src/main/docker/Dockerfile b/aai-common-docker/aai-haproxy-image/src/main/docker/Dockerfile index 1508abca..3057d141 100644 --- a/aai-common-docker/aai-haproxy-image/src/main/docker/Dockerfile +++ b/aai-common-docker/aai-haproxy-image/src/main/docker/Dockerfile @@ -1,4 +1,4 @@ -FROM haproxy:2.4.13-alpine +FROM haproxy:2.4.27-alpine # For building the image in a proxy environment if necessary ARG HTTP_PROXY @@ -25,21 +25,18 @@ RUN apk add --no-cache \ RUN mkdir -p /etc/ssl/certs/ && mkdir -p /etc/ssl/private COPY --chown=haproxy aai.pem /etc/ssl/private/aai.pem -COPY --chown=haproxy docker-entrypoint.sh /docker-entrypoint.sh -COPY --chown=haproxy resolvers.conf /usr/local/etc/haproxy/resolvers.conf COPY --chown=haproxy haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg # Changing group and group permission to allow haproxy user to execute sed comamnd ot change files RUN chgrp haproxy /usr/local/etc/haproxy; \ - chgrp haproxy /docker-entrypoint.sh /usr/local/etc/haproxy/haproxy.cfg /usr/local/etc/haproxy/resolvers.conf + chgrp haproxy /usr/local/etc/haproxy/haproxy.cfg -RUN chmod +x /docker-entrypoint.sh; \ - chmod g+wx /usr/local/etc/haproxy; \ - chmod g+w /docker-entrypoint.sh /usr/local/etc/haproxy/haproxy.cfg /usr/local/etc/haproxy/resolvers.conf +RUN chmod g+wx /usr/local/etc/haproxy; \ + chmod g+w /usr/local/etc/haproxy/haproxy.cfg # Reverting to haproxy use to not run the pod with root permissions USER haproxy -ENTRYPOINT [ "/docker-entrypoint.sh" ] -CMD [ "haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg", "-f", "/usr/local/etc/haproxy/resolvers.conf" ] +ENTRYPOINT [ "haproxy" ] +CMD [ "-W", "-db", "-f", "/usr/local/etc/haproxy/haproxy.cfg", "-f", "/usr/local/etc/haproxy/resolvers.conf" ] EXPOSE 8443 diff --git a/aai-common-docker/aai-haproxy-image/src/main/docker/docker-entrypoint.sh b/aai-common-docker/aai-haproxy-image/src/main/docker/docker-entrypoint.sh deleted file mode 100644 index a8e521f1..00000000 --- a/aai-common-docker/aai-haproxy-image/src/main/docker/docker-entrypoint.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh -set -e - -# first arg is `-f` or `--some-option` -if [ "${1#-}" != "$1" ]; then - set -- haproxy "$@" -fi - -NAMESERVER_IP=$(cat /etc/resolv.conf | grep 'nameserver' | head -1 | awk '{ print $2; }'); - -sed -i 's/${ONAP_NAMESERVER_CLUSTER_IP}/'${NAMESERVER_IP}'/g' /usr/local/etc/haproxy/resolvers.conf || { - echo "Unable to overwrite the nameserver in the haproxy configuration file"; - exit 1; -} - -if [ "$1" = 'haproxy' ]; then - shift # "haproxy" - # if the user wants "haproxy", let's add a couple useful flags - # -W -- "master-worker mode" (similar to the old "haproxy-systemd-wrapper"; allows for reload via "SIGUSR2") - # -db -- disables background mode - set -- haproxy -W -db "$@" -fi - -exec "$@" diff --git a/aai-common-docker/aai-haproxy-image/src/main/docker/resolvers.conf b/aai-common-docker/aai-haproxy-image/src/main/docker/resolvers.conf deleted file mode 100644 index f996fa76..00000000 --- a/aai-common-docker/aai-haproxy-image/src/main/docker/resolvers.conf +++ /dev/null @@ -1,3 +0,0 @@ -resolvers kubernetes - nameserver dns1 ${ONAP_NAMESERVER_CLUSTER_IP}:53 - hold valid 1s diff --git a/docs/platform/Getting Started/AAI_Developer_Environment_Setup.rst b/docs/platform/Getting Started/AAI_Developer_Environment_Setup.rst index 4122a9e0..43101e06 100644 --- a/docs/platform/Getting Started/AAI_Developer_Environment_Setup.rst +++ b/docs/platform/Getting Started/AAI_Developer_Environment_Setup.rst @@ -89,8 +89,8 @@ For this exercise, I set up a new instance of Ubuntu in Virtualbox and gave it 1 $ sudo service haproxy restart -4. Follow the initial setup instructions in `Setting Up Your Development Environment <https://wiki.onap.org/display/DW/Setting+Up+Your+Development+Environment>`__ e.g. ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ +4. Follow the initial setup instructions in `Setting Up Your Development Environment <https://lf-onap.atlassian.net/wiki/display/DW/Setting+Up+Your+Development+Environment>`__ e.g. +------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ .. code-block:: bash $ sudo apt-get install git |