diff options
author | Andreas Geissler <andreas-geissler@telekom.de> | 2022-04-29 13:33:02 +0200 |
---|---|---|
committer | Andreas Geissler <andreas-geissler@telekom.de> | 2022-05-19 17:28:20 +0200 |
commit | 17be962a2bd43768a41705f0d009166e2894d82d (patch) | |
tree | e828b54a3daa6286b6884ff974d19fb3e208f552 | |
parent | 618cfffd44e5a9d187e6a89586b00fb0737f81a7 (diff) |
[SO] Service mesh compatibility
Patch on SO charts dedicated to allign the service port names
according to Istio naming schema.
Change the mariadb job to wait for the sidecar and kill it afterwards.
Remove CertInitializer TLS job, if AAF is not enabled
Added all missing changed from https://gerrit.onap.org/r/c/oom/+/124231
Issue-ID: OOM-2824
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Change-Id: I5b333ab19673ad248fd2e3bd138a99fe15025f5e
43 files changed, 132 insertions, 46 deletions
diff --git a/kubernetes/so/Chart.yaml b/kubernetes/so/Chart.yaml index d7466476de..0c47c3b955 100755 --- a/kubernetes/so/Chart.yaml +++ b/kubernetes/so/Chart.yaml @@ -28,6 +28,7 @@ dependencies: - name: certInitializer version: ~10.x-0 repository: '@local' + condition: global.aafEnabled - name: readinessCheck version: ~10.x-0 repository: '@local' diff --git a/kubernetes/so/components/so-admin-cockpit/templates/deployment.yaml b/kubernetes/so/components/so-admin-cockpit/templates/deployment.yaml index 4b46721c2a..808c439181 100644 --- a/kubernetes/so/components/so-admin-cockpit/templates/deployment.yaml +++ b/kubernetes/so/components/so-admin-cockpit/templates/deployment.yaml @@ -116,7 +116,7 @@ spec: ports: - containerPort: {{ index .Values.containerPort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} protocol: TCP serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "so.certificate.volumes" . | nindent 6 }} diff --git a/kubernetes/so/components/so-admin-cockpit/templates/service.yaml b/kubernetes/so/components/so-admin-cockpit/templates/service.yaml index c4439784ca..b23e5ab99e 100644 --- a/kubernetes/so/components/so-admin-cockpit/templates/service.yaml +++ b/kubernetes/so/components/so-admin-cockpit/templates/service.yaml @@ -39,14 +39,12 @@ spec: {{if and (eq .Values.service.type "NodePort") (.Values.global.aafEnabled) -}} - port: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} {{- else -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} {{- end}} selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} - - diff --git a/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml b/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml index 360936d2ba..9feab4ddce 100755 --- a/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml @@ -17,7 +17,11 @@ aai: auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}} dme2: timeout: '30000' + {{ if (include "common.needTLS" .) }} endpoint: https://aai.{{ include "common.namespace" . }}:8443 + {{ else }} + endpoint: http://aai.{{ include "common.namespace" . }}:8080 + {{ end }} workflowAaiDistributionDelay: PT30S pnfEntryNotificationTimeout: P14D cds: @@ -158,7 +162,11 @@ mso: oof: auth: {{ .Values.mso.oof.auth }} callbackEndpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage + {{ if (include "common.needTLS" .) }} endpoint: https://oof-osdf.{{ include "common.namespace" . }}:8698 + {{ else }} + endpoint: http://oof-osdf.{{ include "common.namespace" . }}:8698 + {{ end }} timeout: PT30M workflow: CreateGenericVNFV1: diff --git a/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml b/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml index 57a2b2c689..2b8b827f91 100755 --- a/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml +++ b/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml @@ -87,7 +87,7 @@ spec: {{ include "so.helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} protocol: TCP # Filebeat sidecar container {{ include "common.log.sidecar" . | nindent 6 }} diff --git a/kubernetes/so/components/so-bpmn-infra/templates/service.yaml b/kubernetes/so/components/so-bpmn-infra/templates/service.yaml index 6eb6f27e26..5b8dee0774 100755 --- a/kubernetes/so/components/so-bpmn-infra/templates/service.yaml +++ b/kubernetes/so/components/so-bpmn-infra/templates/service.yaml @@ -29,11 +29,11 @@ spec: {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} {{- else -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/so/components/so-bpmn-infra/values.yaml b/kubernetes/so/components/so-bpmn-infra/values.yaml index d5ff829cc7..af185aeb4e 100755 --- a/kubernetes/so/components/so-bpmn-infra/values.yaml +++ b/kubernetes/so/components/so-bpmn-infra/values.yaml @@ -123,7 +123,7 @@ service: type: ClusterIP internalPort: *containerPort externalPort: 8081 - portName: so-bpmn-port + portName: http updateStrategy: type: RollingUpdate maxUnavailable: 1 diff --git a/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml b/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml index 30e55511cc..fa9d3a6a4b 100755 --- a/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml @@ -85,7 +85,7 @@ spec: {{ include "so.helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} protocol: TCP serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "so.certificate.volumes" . | nindent 6 }} diff --git a/kubernetes/so/components/so-catalog-db-adapter/templates/service.yaml b/kubernetes/so/components/so-catalog-db-adapter/templates/service.yaml index 6eb6f27e26..5b8dee0774 100755 --- a/kubernetes/so/components/so-catalog-db-adapter/templates/service.yaml +++ b/kubernetes/so/components/so-catalog-db-adapter/templates/service.yaml @@ -29,11 +29,11 @@ spec: {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} {{- else -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/so/components/so-catalog-db-adapter/values.yaml b/kubernetes/so/components/so-catalog-db-adapter/values.yaml index a5961ee7dd..b4360942d2 100755 --- a/kubernetes/so/components/so-catalog-db-adapter/values.yaml +++ b/kubernetes/so/components/so-catalog-db-adapter/values.yaml @@ -87,7 +87,7 @@ service: type: ClusterIP internalPort: *containerPort externalPort: *containerPort - portName: so-catdb-port + portName: http updateStrategy: type: RollingUpdate maxUnavailable: 1 diff --git a/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml index c99465b690..0c2f679082 100755 --- a/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml @@ -16,7 +16,11 @@ aai: auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.server.aai.auth ) }} + {{ if (include "common.needTLS" .) }} endpoint: https://aai.{{ include "common.namespace" . }}:8443 + {{ else }} + endpoint: http://aai.{{ include "common.namespace" . }}:8080 + {{ end }} enabled: {{ .Values.global.aai.enabled }} logging: path: logs @@ -50,4 +54,3 @@ management: prometheus: enabled: true # Whether exporting of metrics to Prometheus is enabled. step: 1m # Step size (i.e. reporting frequency) to use. - diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml index 5fc28e2cc2..7c1cb1b3c4 100644 --- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml @@ -17,7 +17,11 @@ aai: auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}} version: v19 + {{ if (include "common.needTLS" .) }} endpoint: https://aai.{{ include "common.namespace" . }}:8443 + {{ else }} + endpoint: http://aai.{{ include "common.namespace" . }}:8080 + {{ end }} spring: datasource: hikari: @@ -54,7 +58,11 @@ so: etsi-catalog-manager: base: {{- if .Values.global.msbEnabled }} + {{ if (include "common.needTLS" .) }} endpoint: https://msb-iag:443/api + {{ else }} + endpoint: http://msb-iag:443/api + {{ end }} http: client: ssl: diff --git a/kubernetes/so/components/so-etsi-sol003-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-etsi-sol003-adapter/resources/config/overrides/override.yaml index e6a1d7c06e..33b38add57 100755 --- a/kubernetes/so/components/so-etsi-sol003-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-etsi-sol003-adapter/resources/config/overrides/override.yaml @@ -16,7 +16,11 @@ aai: auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}} version: v15 + {{ if (include "common.needTLS" .) }} endpoint: https://aai.{{ include "common.namespace" . }}:8443 + {{ else }} + endpoint: http://aai.{{ include "common.namespace" . }}:8080 + {{ end }} spring: security: usercredentials: @@ -42,7 +46,11 @@ sdc: username: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.username "value2" .Values.sdc.username )}} password: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.password "value2" .Values.sdc.password )}} key: {{ .Values.sdc.key }} + {{ if (include "common.needTLS" .) }} endpoint: https://sdc-be.{{ include "common.namespace" . }}:8443 + {{ else }} + endpoint: http://sdc-be.{{ include "common.namespace" . }}:8080 + {{ end }} vnfmadapter: endpoint: http://so-etsi-sol003-adapter.{{ include "common.namespace" . }}:9092 etsi-catalog-manager: diff --git a/kubernetes/so/components/so-etsi-sol003-adapter/templates/deployment.yaml b/kubernetes/so/components/so-etsi-sol003-adapter/templates/deployment.yaml index 3272bfd299..7751bf4631 100755 --- a/kubernetes/so/components/so-etsi-sol003-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-etsi-sol003-adapter/templates/deployment.yaml @@ -76,7 +76,7 @@ spec: failureThreshold: {{ .Values.livenessProbe.failureThreshold}} ports: - containerPort: {{ .Values.containerPort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} protocol: TCP serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "so.certificate.volumes" . | nindent 6 }} diff --git a/kubernetes/so/components/so-etsi-sol003-adapter/templates/service.yaml b/kubernetes/so/components/so-etsi-sol003-adapter/templates/service.yaml index 5772a89a97..96a2acd3a6 100755 --- a/kubernetes/so/components/so-etsi-sol003-adapter/templates/service.yaml +++ b/kubernetes/so/components/so-etsi-sol003-adapter/templates/service.yaml @@ -40,11 +40,11 @@ spec: {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} {{- else -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/so/components/so-etsi-sol005-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-etsi-sol005-adapter/resources/config/overrides/override.yaml index dd46da0989..e1e2fc23c6 100755 --- a/kubernetes/so/components/so-etsi-sol005-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-etsi-sol005-adapter/resources/config/overrides/override.yaml @@ -45,7 +45,11 @@ mso: msb-port: 80 adapters: requestDb: + {{ if (include "common.needTLS" .) }} endpoint: https://so-request-db-adapter.{{ include "common.namespace" . }}:8083 + {{ else }} + endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083 + {{ end }} auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} #Actuator management: diff --git a/kubernetes/so/components/so-etsi-sol005-adapter/templates/deployment.yaml b/kubernetes/so/components/so-etsi-sol005-adapter/templates/deployment.yaml index 4f8f4d9f26..1abf21816b 100755 --- a/kubernetes/so/components/so-etsi-sol005-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-etsi-sol005-adapter/templates/deployment.yaml @@ -94,7 +94,7 @@ spec: failureThreshold: {{ .Values.livenessProbe.failureThreshold}} ports: - containerPort: {{ .Values.containerPort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} protocol: TCP serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "so.certificate.volumes" . | nindent 6 }} diff --git a/kubernetes/so/components/so-etsi-sol005-adapter/templates/service.yaml b/kubernetes/so/components/so-etsi-sol005-adapter/templates/service.yaml index 2ecc66f233..5b8dee0774 100755 --- a/kubernetes/so/components/so-etsi-sol005-adapter/templates/service.yaml +++ b/kubernetes/so/components/so-etsi-sol005-adapter/templates/service.yaml @@ -29,12 +29,12 @@ spec: {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} {{- else -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} {{- end}} selector: app: {{ include "common.name" . }} - release: {{ include "common.release" . }}
\ No newline at end of file + release: {{ include "common.release" . }} diff --git a/kubernetes/so/components/so-mariadb/templates/job.yaml b/kubernetes/so/components/so-mariadb/templates/job.yaml index 2a84fac247..d9c6009c8a 100644 --- a/kubernetes/so/components/so-mariadb/templates/job.yaml +++ b/kubernetes/so/components/so-mariadb/templates/job.yaml @@ -53,13 +53,17 @@ spec: command: - /bin/bash - -c - - mysqldump -vv --user=${DB_USER} --password=${DB_PASS} --host=${DB_HOST} --port=${DB_PORT} --databases --single-transaction --quick --lock-tables=false catalogdb requestdb nfvo > /var/data/mariadb/backup-`date +%s`.sql + - | + {{- if include "common.onServiceMesh" . }} + echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }} + mysqldump -vv --user=${DB_USER} --password=${DB_PASS} --host=${DB_HOST} --port=${DB_PORT} --databases --single-transaction --quick --lock-tables=false catalogdb requestdb nfvo > /var/data/mariadb/backup-`date +%s`.sql volumeMounts: - mountPath: /etc/localtime name: localtime readOnly: true - name: backup-storage mountPath: /var/data/mariadb + {{ include "common.waitForJobContainer" . | indent 6 | trim }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime @@ -105,6 +109,8 @@ spec: - /bin/bash - -c - > + {{- if include "common.onServiceMesh" . }} + echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }} mysql() { /usr/bin/mysql -h ${DB_HOST} -P ${DB_PORT} "$@"; }; export -f mysql; mysql --user=root --password=${MYSQL_ROOT_PASSWORD} requestdb -e exit > /dev/null 2>&1 {{ if not .Values.global.migration.enabled }} && echo "Database already initialized!!!" && exit 0 {{ end }}; @@ -157,6 +163,7 @@ spec: {{- end }} resources: {{ include "common.resources" . | indent 12 }} + {{ include "common.waitForJobContainer" . | indent 6 | trim }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} diff --git a/kubernetes/so/components/so-mariadb/values.yaml b/kubernetes/so/components/so-mariadb/values.yaml index 58e34b78d6..13dd0868e8 100755 --- a/kubernetes/so/components/so-mariadb/values.yaml +++ b/kubernetes/so/components/so-mariadb/values.yaml @@ -21,7 +21,7 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 repository: nexus3.onap.org:10001 - readinessImage: onap/oom/readiness:3.0.1 + readinessImage: onap/oom/readiness:4.1.0 ubuntuInitRepository: docker.io mariadbGalera: nameOverride: &mariadbName mariadb-galera @@ -187,3 +187,7 @@ serviceAccount: nameOverride: so-mariadb roles: - read + +wait_for_job_container: + containers: + - '{{ include "common.name" . }}-config' diff --git a/kubernetes/so/components/so-nssmf-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-nssmf-adapter/resources/config/overrides/override.yaml index 75db547f38..1d8a97c028 100755 --- a/kubernetes/so/components/so-nssmf-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-nssmf-adapter/resources/config/overrides/override.yaml @@ -15,7 +15,11 @@ */}} aai: auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}} + {{ if (include "common.needTLS" .) }} endpoint: https://aai.{{ include "common.namespace" . }}:8443 + {{ else }} + endpoint: http://aai.{{ include "common.namespace" . }}:8080 + {{ end }} logging: path: logs spring: @@ -51,7 +55,11 @@ mso: msb-port: 80 adapters: requestDb: + {{ if (include "common.needTLS" .) }} endpoint: https://so-request-db-adapter.{{ include "common.namespace" . }}:8083 + {{ else }} + endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083 + {{ end }} auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} #Actuator management: diff --git a/kubernetes/so/components/so-nssmf-adapter/values.yaml b/kubernetes/so/components/so-nssmf-adapter/values.yaml index 2489ddd75e..29f9f4e24d 100755 --- a/kubernetes/so/components/so-nssmf-adapter/values.yaml +++ b/kubernetes/so/components/so-nssmf-adapter/values.yaml @@ -107,7 +107,7 @@ app: nssmf-adapter service: type: ClusterIP ports: - - name: api + - name: http port: *containerPort updateStrategy: type: RollingUpdate diff --git a/kubernetes/so/components/so-oof-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-oof-adapter/resources/config/overrides/override.yaml index 5013c34f79..8db5d26788 100755 --- a/kubernetes/so/components/so-oof-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-oof-adapter/resources/config/overrides/override.yaml @@ -42,7 +42,11 @@ mso: endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage oof: auth: ${OOF_LOGIN}:${OOF_PASSWORD} + {{ if (include "common.needTLS" .) }} endpoint: https://oof-osdf.{{ include "common.namespace" . }}:8698 + {{ else }} + endpoint: http://oof-osdf.{{ include "common.namespace" . }}:8698 + {{ end }} #Actuator management: endpoints: diff --git a/kubernetes/so/components/so-oof-adapter/values.yaml b/kubernetes/so/components/so-oof-adapter/values.yaml index 863e0e9428..530c35afdd 100755 --- a/kubernetes/so/components/so-oof-adapter/values.yaml +++ b/kubernetes/so/components/so-oof-adapter/values.yaml @@ -89,7 +89,7 @@ app: so-oof-adapter service: type: ClusterIP ports: - - name: api + - name: http port: *containerPort updateStrategy: type: RollingUpdate diff --git a/kubernetes/so/components/so-openstack-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-openstack-adapter/resources/config/overrides/override.yaml index e332f98302..487e93132d 100755 --- a/kubernetes/so/components/so-openstack-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-openstack-adapter/resources/config/overrides/override.yaml @@ -15,7 +15,11 @@ */}} aai: auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}} + {{ if (include "common.needTLS" .) }} endpoint: https://aai.{{ include "common.namespace" . }}:8443 + {{ else }} + endpoint: http://aai.{{ include "common.namespace" . }}:8080 + {{ end }} server: port: {{ index .Values.containerPort }} spring: diff --git a/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml b/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml index f370fbd315..55493f7c42 100755 --- a/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml @@ -87,7 +87,7 @@ spec: {{ include "so.helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} protocol: TCP # Filebeat sidecar container {{ include "common.log.sidecar" . | nindent 6 }} diff --git a/kubernetes/so/components/so-openstack-adapter/templates/service.yaml b/kubernetes/so/components/so-openstack-adapter/templates/service.yaml index 6eb6f27e26..5b8dee0774 100755 --- a/kubernetes/so/components/so-openstack-adapter/templates/service.yaml +++ b/kubernetes/so/components/so-openstack-adapter/templates/service.yaml @@ -29,11 +29,11 @@ spec: {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} {{- else -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/so/components/so-openstack-adapter/values.yaml b/kubernetes/so/components/so-openstack-adapter/values.yaml index 057f8a0a85..28338cfa11 100755 --- a/kubernetes/so/components/so-openstack-adapter/values.yaml +++ b/kubernetes/so/components/so-openstack-adapter/values.yaml @@ -95,7 +95,7 @@ service: type: ClusterIP internalPort: *containerPort externalPort: *containerPort - portName: so-optack-port + portName: http updateStrategy: type: RollingUpdate maxUnavailable: 1 diff --git a/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml b/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml index 30e55511cc..fa9d3a6a4b 100755 --- a/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml @@ -85,7 +85,7 @@ spec: {{ include "so.helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} protocol: TCP serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "so.certificate.volumes" . | nindent 6 }} diff --git a/kubernetes/so/components/so-request-db-adapter/templates/service.yaml b/kubernetes/so/components/so-request-db-adapter/templates/service.yaml index 6eb6f27e26..5b8dee0774 100755 --- a/kubernetes/so/components/so-request-db-adapter/templates/service.yaml +++ b/kubernetes/so/components/so-request-db-adapter/templates/service.yaml @@ -29,11 +29,11 @@ spec: {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} {{- else -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/so/components/so-request-db-adapter/values.yaml b/kubernetes/so/components/so-request-db-adapter/values.yaml index e932a0b643..6bcd388b25 100755 --- a/kubernetes/so/components/so-request-db-adapter/values.yaml +++ b/kubernetes/so/components/so-request-db-adapter/values.yaml @@ -83,7 +83,7 @@ service: type: ClusterIP internalPort: *containerPort externalPort: *containerPort - portName: so-reqdb-port + portName: http updateStrategy: type: RollingUpdate maxUnavailable: 1 diff --git a/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml b/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml index b20e33a140..ffa66e9d78 100755 --- a/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml @@ -63,19 +63,28 @@ mso: endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083 auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}} aai: + {{ if (include "common.needTLS" .) }} endpoint: https://aai.{{ include "common.namespace" . }}:8443 + {{ else }} + endpoint: http://aai.{{ include "common.namespace" . }}:8080 + {{ end }} asdc-connections: asdc-controller1: user: mso consumerGroup: SO-OpenSource-Env11 consumerId: SO-COpenSource-Env11 environmentName: AUTO + {{ if (include "common.needTLS" .) }} asdcAddress: sdc-be.{{ include "common.namespace" . }}:8443 + {{ else }} + asdcAddress: sdc-be.{{ include "common.namespace" . }}:8080 + {{ end }} password: {{ index .Values "mso" "asdc-connections" "asdc-controller1" "password" }} pollingInterval: 60 pollingTimeout: 60 relevantArtifactTypes: HEAT,HEAT_ENV,HEAT_VOL useHttpsWithDmaap: false + useHttpsWithSdc: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} activateServerTLSAuth: false keyStorePassword: keyStorePath: diff --git a/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml b/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml index f370fbd315..55493f7c42 100755 --- a/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml +++ b/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml @@ -87,7 +87,7 @@ spec: {{ include "so.helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} protocol: TCP # Filebeat sidecar container {{ include "common.log.sidecar" . | nindent 6 }} diff --git a/kubernetes/so/components/so-sdc-controller/templates/service.yaml b/kubernetes/so/components/so-sdc-controller/templates/service.yaml index 6eb6f27e26..5b8dee0774 100755 --- a/kubernetes/so/components/so-sdc-controller/templates/service.yaml +++ b/kubernetes/so/components/so-sdc-controller/templates/service.yaml @@ -29,11 +29,11 @@ spec: {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} {{- else -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/so/components/so-sdc-controller/values.yaml b/kubernetes/so/components/so-sdc-controller/values.yaml index 58e93f53af..c0e3f5088f 100755 --- a/kubernetes/so/components/so-sdc-controller/values.yaml +++ b/kubernetes/so/components/so-sdc-controller/values.yaml @@ -91,7 +91,7 @@ service: type: ClusterIP internalPort: *containerPort externalPort: *containerPort - portName: so-sdc-port + portName: http updateStrategy: type: RollingUpdate maxUnavailable: 1 diff --git a/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml b/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml index 01e0ab7077..b95e0b58a3 100755 --- a/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml @@ -91,7 +91,7 @@ spec: {{ include "so.helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} protocol: TCP # Filebeat sidecar container {{ include "common.log.sidecar" . | nindent 6 }} diff --git a/kubernetes/so/components/so-sdnc-adapter/templates/service.yaml b/kubernetes/so/components/so-sdnc-adapter/templates/service.yaml index 6eb6f27e26..5b8dee0774 100755 --- a/kubernetes/so/components/so-sdnc-adapter/templates/service.yaml +++ b/kubernetes/so/components/so-sdnc-adapter/templates/service.yaml @@ -29,11 +29,11 @@ spec: {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} {{- else -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/so/components/so-sdnc-adapter/values.yaml b/kubernetes/so/components/so-sdnc-adapter/values.yaml index cb9d02ae05..54fa88c7c0 100755 --- a/kubernetes/so/components/so-sdnc-adapter/values.yaml +++ b/kubernetes/so/components/so-sdnc-adapter/values.yaml @@ -110,7 +110,7 @@ service: type: ClusterIP internalPort: *containerPort externalPort: *containerPort - portName: so-sdnc-port + portName: http updateStrategy: type: RollingUpdate maxUnavailable: 1 diff --git a/kubernetes/so/components/so-ve-vnfm-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/resources/config/overrides/override.yaml index f46219c6c9..8471540011 100755 --- a/kubernetes/so/components/so-ve-vnfm-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-ve-vnfm-adapter/resources/config/overrides/override.yaml @@ -18,10 +18,18 @@ server: port: {{ include "common.getPort" (dict "global" . "name" "http") }} vevnfmadapter: + {{ if (include "common.needTLS" .) }} endpoint: https://msb-iag:30283/api/{{ include "common.servicename" . }}/v1 + {{ else }} + endpoint: http://msb-iag:30283/api/{{ include "common.servicename" . }}/v1 + {{ end }} aai: + {{ if (include "common.needTLS" .) }} endpoint: https://aai.{{ include "common.namespace" . }}:8443 + {{ else }} + endpoint: http://aai.{{ include "common.namespace" . }}:8080 + {{ end }} dmaap: endpoint: http://message-router.{{ include "common.namespace" . }}:3904 diff --git a/kubernetes/so/resources/config/overrides/override.yaml b/kubernetes/so/resources/config/overrides/override.yaml index efb3fab558..6933607827 100755 --- a/kubernetes/so/resources/config/overrides/override.yaml +++ b/kubernetes/so/resources/config/overrides/override.yaml @@ -1,5 +1,9 @@ aai: + {{ if (include "common.needTLS" .) }} endpoint: https://aai.{{ include "common.namespace" . }}:8443 + {{ else }} + endpoint: http://aai.{{ include "common.namespace" . }}:8080 + {{ end }} auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}} server: port: {{ index .Values.containerPort }} @@ -45,13 +49,21 @@ mso: activate: instanceid: test userid: cs0008 - endpoint: http://sdc-be.{{ include "common.namespace" . }}:8443 + {{ if (include "common.needTLS" .) }} + endpoint: https://sdc-be.{{ include "common.namespace" . }}:8443 + {{ else }} + endpoint: http://sdc-be.{{ include "common.namespace" . }}:8080 + {{ end }} tenant: isolation: retry: count: 3 aai: + {{ if (include "common.needTLS" .) }} endpoint: https://aai.{{ include "common.namespace" . }}:8443 + {{ else }} + endpoint: http://aai.{{ include "common.namespace" . }}:8080 + {{ end }} auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}} extApi: diff --git a/kubernetes/so/templates/deployment.yaml b/kubernetes/so/templates/deployment.yaml index 47701d89b9..99a5eff0e7 100755 --- a/kubernetes/so/templates/deployment.yaml +++ b/kubernetes/so/templates/deployment.yaml @@ -87,7 +87,7 @@ spec: {{ include "so.helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} protocol: TCP # Filebeat sidecar container {{ include "common.log.sidecar" . | nindent 6 }} diff --git a/kubernetes/so/templates/service.yaml b/kubernetes/so/templates/service.yaml index 2849edecc7..5a83d566ac 100755 --- a/kubernetes/so/templates/service.yaml +++ b/kubernetes/so/templates/service.yaml @@ -392,11 +392,11 @@ spec: {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} {{- else -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index 1f454f63df..553de8c2d9 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -213,7 +213,7 @@ service: nodePort: 77 internalPort: *containerPort externalPort: *containerPort - portName: so-apih-port + portName: http updateStrategy: type: RollingUpdate maxUnavailable: 1 |