From 26092e3d55ec4d7be061fbedce43d7b27439af01 Mon Sep 17 00:00:00 2001
From: Andreas Seelinger <Andreas.Seelinger@accenture.com>
Date: Tue, 29 Oct 2024 13:34:07 +0100
Subject: Kyverno fixes for AAI

- Change entrypoint of aai-haproxy to remove the need to modify
  resolvers.conf
- Need an updated version of the aai-helmcharts. Since resolvers.conf is
  a config map now

Issue-ID: AAI-4043
Change-Id: I97092b293ec6c27dd23215918b5368de7570ad4b
Signed-off-by: Andreas Seelinger <Andreas.Seelinger@accenture.com>
---
 .../aai-haproxy-image/src/main/docker/Dockerfile   | 15 ++++++--------
 .../src/main/docker/docker-entrypoint.sh           | 24 ----------------------
 .../src/main/docker/resolvers.conf                 |  3 ---
 .../AAI_Developer_Environment_Setup.rst            |  4 ++--
 4 files changed, 8 insertions(+), 38 deletions(-)
 delete mode 100644 aai-common-docker/aai-haproxy-image/src/main/docker/docker-entrypoint.sh
 delete mode 100644 aai-common-docker/aai-haproxy-image/src/main/docker/resolvers.conf

diff --git a/aai-common-docker/aai-haproxy-image/src/main/docker/Dockerfile b/aai-common-docker/aai-haproxy-image/src/main/docker/Dockerfile
index 1508abca..3057d141 100644
--- a/aai-common-docker/aai-haproxy-image/src/main/docker/Dockerfile
+++ b/aai-common-docker/aai-haproxy-image/src/main/docker/Dockerfile
@@ -1,4 +1,4 @@
-FROM haproxy:2.4.13-alpine
+FROM haproxy:2.4.27-alpine
 
 # For building the image in a proxy environment if necessary
 ARG HTTP_PROXY
@@ -25,21 +25,18 @@ RUN apk add --no-cache \
 RUN mkdir -p /etc/ssl/certs/ && mkdir -p /etc/ssl/private
 
 COPY --chown=haproxy aai.pem /etc/ssl/private/aai.pem
-COPY --chown=haproxy docker-entrypoint.sh /docker-entrypoint.sh
-COPY --chown=haproxy resolvers.conf /usr/local/etc/haproxy/resolvers.conf
 COPY --chown=haproxy haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg
 
 # Changing group and group permission to allow haproxy user to execute sed comamnd ot change files
 RUN chgrp haproxy /usr/local/etc/haproxy; \
-    chgrp haproxy /docker-entrypoint.sh /usr/local/etc/haproxy/haproxy.cfg /usr/local/etc/haproxy/resolvers.conf
+    chgrp haproxy /usr/local/etc/haproxy/haproxy.cfg
 
-RUN chmod +x /docker-entrypoint.sh; \
-    chmod g+wx /usr/local/etc/haproxy; \
-    chmod g+w /docker-entrypoint.sh /usr/local/etc/haproxy/haproxy.cfg /usr/local/etc/haproxy/resolvers.conf
+RUN chmod g+wx /usr/local/etc/haproxy; \
+    chmod g+w /usr/local/etc/haproxy/haproxy.cfg
 
 # Reverting to haproxy use to not run the pod with root permissions
 USER haproxy
 
-ENTRYPOINT [ "/docker-entrypoint.sh" ]
-CMD [ "haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg", "-f", "/usr/local/etc/haproxy/resolvers.conf" ]
+ENTRYPOINT [ "haproxy" ]
+CMD [ "-W", "-db", "-f", "/usr/local/etc/haproxy/haproxy.cfg", "-f", "/usr/local/etc/haproxy/resolvers.conf" ]
 EXPOSE 8443
diff --git a/aai-common-docker/aai-haproxy-image/src/main/docker/docker-entrypoint.sh b/aai-common-docker/aai-haproxy-image/src/main/docker/docker-entrypoint.sh
deleted file mode 100644
index a8e521f1..00000000
--- a/aai-common-docker/aai-haproxy-image/src/main/docker/docker-entrypoint.sh
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/bin/sh
-set -e
-
-# first arg is `-f` or `--some-option`
-if [ "${1#-}" != "$1" ]; then
-    set -- haproxy "$@"
-fi
-
-NAMESERVER_IP=$(cat /etc/resolv.conf  | grep 'nameserver' | head -1 | awk '{ print $2; }');
-
-sed -i 's/${ONAP_NAMESERVER_CLUSTER_IP}/'${NAMESERVER_IP}'/g' /usr/local/etc/haproxy/resolvers.conf || {
-    echo "Unable to overwrite the nameserver in the haproxy configuration file";
-    exit 1;
-}
-
-if [ "$1" = 'haproxy' ]; then
-	shift # "haproxy"
-	# if the user wants "haproxy", let's add a couple useful flags
-	#   -W  -- "master-worker mode" (similar to the old "haproxy-systemd-wrapper"; allows for reload via "SIGUSR2")
-	#   -db -- disables background mode
-	set -- haproxy -W -db "$@"
-fi
-
-exec "$@"
diff --git a/aai-common-docker/aai-haproxy-image/src/main/docker/resolvers.conf b/aai-common-docker/aai-haproxy-image/src/main/docker/resolvers.conf
deleted file mode 100644
index f996fa76..00000000
--- a/aai-common-docker/aai-haproxy-image/src/main/docker/resolvers.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-resolvers kubernetes
-  nameserver dns1 ${ONAP_NAMESERVER_CLUSTER_IP}:53
-  hold valid      1s
diff --git a/docs/platform/Getting Started/AAI_Developer_Environment_Setup.rst b/docs/platform/Getting Started/AAI_Developer_Environment_Setup.rst
index 4122a9e0..43101e06 100644
--- a/docs/platform/Getting Started/AAI_Developer_Environment_Setup.rst	
+++ b/docs/platform/Getting Started/AAI_Developer_Environment_Setup.rst	
@@ -89,8 +89,8 @@ For this exercise, I set up a new instance of Ubuntu in Virtualbox and gave it 1
 
    $ sudo service haproxy restart
 
-4. Follow the initial setup instructions in `Setting Up Your Development Environment <https://wiki.onap.org/display/DW/Setting+Up+Your+Development+Environment>`__ e.g.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+4. Follow the initial setup instructions in `Setting Up Your Development Environment <https://lf-onap.atlassian.net/wiki/display/DW/Setting+Up+Your+Development+Environment>`__ e.g.
+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
  .. code-block:: bash
 
    $ sudo apt-get install git
-- 
cgit 1.2.3-korg