diff options
author | Fiete Ostkamp <Fiete.Ostkamp@telekom.de> | 2024-09-25 08:29:14 +0200 |
---|---|---|
committer | Fiete Ostkamp <Fiete.Ostkamp@telekom.de> | 2024-10-01 09:06:02 +0200 |
commit | 0cb45591810f3d121e90a55a8899244514145b10 (patch) | |
tree | 814d6e9048bc5788ad1fc0d6aaf9832e9f3448b6 | |
parent | a6889979459185d6873695ab9c4c74dbeed6daee (diff) |
portal-ng chart update
- Kyverno fixes
- make Keycloak settings configurable via `global`
Issue-ID: PORTALNG-125
Change-Id: I827527d4fe2dcadf79ed79591c81dbe83169b2cb
Signed-off-by: Fiete Ostkamp <Fiete.Ostkamp@telekom.de>
21 files changed, 251 insertions, 85 deletions
diff --git a/kubernetes/portal-ng/components/portal-ng-bff/Chart.yaml b/kubernetes/portal-ng/components/portal-ng-bff/Chart.yaml index d925060b81..ade5d1e734 100644 --- a/kubernetes/portal-ng/components/portal-ng-bff/Chart.yaml +++ b/kubernetes/portal-ng/components/portal-ng-bff/Chart.yaml @@ -29,7 +29,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 13.0.0 +version: 13.0.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -43,7 +43,3 @@ dependencies: - name: repositoryGenerator version: ~13.x-0 repository: '@local' - - name: serviceAccount - version: ~13.x-0 - repository: '@local' - diff --git a/kubernetes/portal-ng/components/portal-ng-bff/templates/configmap.yaml b/kubernetes/portal-ng/components/portal-ng-bff/templates/configmap.yaml index b45ead6a52..f41d630f02 100644 --- a/kubernetes/portal-ng/components/portal-ng-bff/templates/configmap.yaml +++ b/kubernetes/portal-ng/components/portal-ng-bff/templates/configmap.yaml @@ -6,4 +6,7 @@ metadata: data: {{- range $key, $val := .Values.env }} {{ $key }}: {{ $val | quote }} - {{- end -}}
\ No newline at end of file + {{- end -}} + {{- range $key, $val := .Values.global.env }} + {{ $key }}: {{ $val | quote }} + {{- end -}} diff --git a/kubernetes/portal-ng/components/portal-ng-bff/templates/deployment.yaml b/kubernetes/portal-ng/components/portal-ng-bff/templates/deployment.yaml index ef54110af4..7d521cf1cb 100644 --- a/kubernetes/portal-ng/components/portal-ng-bff/templates/deployment.yaml +++ b/kubernetes/portal-ng/components/portal-ng-bff/templates/deployment.yaml @@ -6,13 +6,18 @@ spec: replicas: {{ .Values.replicaCount }} revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- include "common.templateMetadata" . | indent 6 }} spec: {{- include "common.imagePullSecrets" . | nindent 6 }} + {{ include "common.podSecurityContext" . | indent 6 | trim }} containers: - name: {{ .Chart.Name }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image.imageName }}:{{ .Values.image.tag | default .Chart.AppVersion }} imagePullPolicy: {{ .Values.image.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap @@ -34,3 +39,4 @@ spec: port: {{ .Values.service.port }} initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }} failureThreshold: {{ .Values.probes.liveness.failureThreshold }} + resources: {{ include "common.resources" . | nindent 12 }} diff --git a/kubernetes/portal-ng/components/portal-ng-bff/values.yaml b/kubernetes/portal-ng/components/portal-ng-bff/values.yaml index b8b7c3d061..cc39ea8b87 100644 --- a/kubernetes/portal-ng/components/portal-ng-bff/values.yaml +++ b/kubernetes/portal-ng/components/portal-ng-bff/values.yaml @@ -1,59 +1,104 @@ -global: {} +global: + env: + KEYCLOAK_URL: http://keycloak-keycloakx-http.keycloak + KEYCLOAK_REALM: ONAP + COLLECTOR_HOST: jaeger-collector.istio-system + COLLECTOR_PORT: 9411 -# Default values for bff. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. +## Default values for portal-ng-bff. +## This is a YAML-formatted file. +## Declare variables to be passed into your templates. + +## +## Specifies the details of the Docker image to be used for deployment. +## image: + ## The name of the Docker image. imageName: onap/portal-ng/bff + ## The policy that indicates when the image should be pulled. + ## "Always" means the image will be pulled on every deployment. pullPolicy: Always - # Overrides the image tag whose default value is the chart appVersion. + ## Overrides the image tag. The default is the chart appVersion. + ## An empty value means the default tag will be used. # tag: 0.1.0 +## Number of Pods to deploy replicaCount: 2 -# Specifies how many old replicas will be retained in a deployment +## Specifies how many old replicas will be retained in a deployment revisionHistoryLimit: 2 -# Custom selector label (for bigger namespaces with other components) +## Custom selector label (for bigger namespaces with other components) partOf: portal +## +## Service +## service: + ## Use ClusterIP as the service type to expose the service on an internal IP type: ClusterIP port: 9080 + ## The port on which the service is exposed ports: - name: http port: 9080 +## +## Autoscaling +## autoscaling: + ## Autoscaling is disabled. When set to true, the Horizontal Pod Autoscaler is enabled. enabled: false + ## Minimum number of replicas to maintain. minReplicas: 1 - maxReplicas: 100 + ## Maximum number of replicas to maintain. + maxReplicas: 2 + ## Target CPU utilization percentage at which the Horizontal Pod Autoscaler adds or removes replicas. targetCPUUtilizationPercentage: 80 +resources: + small: + limits: + cpu: "4" + memory: "1Gi" + requests: + cpu: "50m" + memory: "256Mi" + large: + limits: + cpu: "2" + memory: "1Gi" + requests: + cpu: "100m" + memory: "256Mi" + unlimited: {} + +## +## Readiness and liveness probes +## probes: + # Configuration of the readiness probe to check if the container is ready. readiness: + ## Wait before performing the first probe initialDelaySeconds: 20 + ## Number of consecutive failures allowed before marking probe as failed. failureThreshold: 4 + # Configuration of the liveness probe to check if the container is alive. liveness: + ## Wait before performing the first probe initialDelaySeconds: 20 + ## Number of consecutive failures allowed before marking probe as failed. failureThreshold: 4 env: - KEYCLOAK_URL: http://keycloakx-http.keycloak/auth - KEYCLOAK_REALM: ONAP HISTORY_URL: http://portal-ng-history:9002 PREFERENCES_URL: http://portal-ng-preferences:9001 TRACING_ENABLED: true - COLLECTOR_HOST: jaeger-collector.istio-system - COLLECTOR_PORT: 9411 secretEnv: KEYCLOAK_CLIENT_ID: portal-bff KEYCLOAK_CLIENT_SECRET: pKOuVH1bwRZoNzp5P5t4GV8CqcCJYVtr -#Pods Service Account -serviceAccount: - nameOverride: portal-ng-bff - roles: - - read - +securityContext: + user_id: 65534 + group_id: 65534 diff --git a/kubernetes/portal-ng/components/portal-ng-history/Chart.yaml b/kubernetes/portal-ng/components/portal-ng-history/Chart.yaml index 4b62b5def2..9f55e31be4 100644 --- a/kubernetes/portal-ng/components/portal-ng-history/Chart.yaml +++ b/kubernetes/portal-ng/components/portal-ng-history/Chart.yaml @@ -29,7 +29,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 13.0.0 +version: 13.0.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/kubernetes/portal-ng/components/portal-ng-history/templates/configmap.yaml b/kubernetes/portal-ng/components/portal-ng-history/templates/configmap.yaml index f8c23479e1..b81e796c75 100644 --- a/kubernetes/portal-ng/components/portal-ng-history/templates/configmap.yaml +++ b/kubernetes/portal-ng/components/portal-ng-history/templates/configmap.yaml @@ -20,5 +20,8 @@ metadata: namespace: {{ include "common.namespace" . }} data: {{- range $key, $val := .Values.env }} - {{ $key }}: {{ $val | quote }} - {{- end -}}
\ No newline at end of file + {{ $key }}: {{ $val | quote }} + {{- end -}} + {{- range $key, $val := .Values.global.env }} + {{ $key }}: {{ $val | quote }} + {{- end -}} diff --git a/kubernetes/portal-ng/components/portal-ng-history/templates/deployment.yaml b/kubernetes/portal-ng/components/portal-ng-history/templates/deployment.yaml index a2a924b488..cdf47ca81d 100644 --- a/kubernetes/portal-ng/components/portal-ng-history/templates/deployment.yaml +++ b/kubernetes/portal-ng/components/portal-ng-history/templates/deployment.yaml @@ -21,13 +21,18 @@ spec: replicas: {{ .Values.replicaCount }} revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- include "common.templateMetadata" . | indent 6 }} spec: {{- include "common.imagePullSecrets" . | nindent 6 }} + {{ include "common.podSecurityContext" . | indent 6 | trim }} containers: - name: {{ .Chart.Name }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image.imageName }}:{{ .Values.image.tag | default .Chart.AppVersion }} imagePullPolicy: {{ .Values.image.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap @@ -45,4 +50,5 @@ spec: path: /actuator/health/readiness port: {{ .Values.service.port }} initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }} - failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
\ No newline at end of file + failureThreshold: {{ .Values.probes.readiness.failureThreshold }} + resources: {{ include "common.resources" . | nindent 12 }} diff --git a/kubernetes/portal-ng/components/portal-ng-history/values.yaml b/kubernetes/portal-ng/components/portal-ng-history/values.yaml index dc999841ef..a12e70c575 100644 --- a/kubernetes/portal-ng/components/portal-ng-history/values.yaml +++ b/kubernetes/portal-ng/components/portal-ng-history/values.yaml @@ -1,4 +1,9 @@ -global: {} +global: + env: + KEYCLOAK_URL: http://keycloak-keycloakx-http.keycloak + KEYCLOAK_REALM: ONAP + COLLECTOR_HOST: jaeger-collector.istio-system + COLLECTOR_PORT: 9411 image: imageName: onap/portal-ng/history @@ -26,6 +31,23 @@ service: - name: http port: 9002 +resources: + small: + limits: + cpu: "500m" + memory: "512Mi" + requests: + cpu: "100m" + memory: "256Mi" + large: + limits: + cpu: "2" + memory: "1Gi" + requests: + cpu: "200m" + memory: "256Mi" + unlimited: {} + autoscaling: enabled: false minReplicas: 1 @@ -34,11 +56,11 @@ autoscaling: probes: readiness: - initialDelaySeconds: 20 - failureThreshold: 4 + initialDelaySeconds: 30 + failureThreshold: 5 liveness: - initialDelaySeconds: 20 - failureThreshold: 4 + initialDelaySeconds: 30 + failureThreshold: 5 secretEnv: MONGO_USERNAME: dbuser @@ -46,13 +68,9 @@ secretEnv: MONGO_DATABASE: history env: - KEYCLOAK_URL: http://keycloakx-http.keycloak - KEYCLOAK_REALM: ONAP MONGO_HOST: history-mongodb MONGO_PORT: 27017 TRACING_ENABLED: true - COLLECTOR_HOST: jaeger-collector.istio-system - COLLECTOR_PORT: 9411 mongodb: nameOverride: history-mongodb @@ -79,3 +97,7 @@ serviceAccount: nameOverride: portal-ng-history roles: - read + +securityContext: + user_id: 65534 + group_id: 65534 diff --git a/kubernetes/portal-ng/components/portal-ng-preferences/Chart.yaml b/kubernetes/portal-ng/components/portal-ng-preferences/Chart.yaml index 96088586fc..622ee90ac1 100644 --- a/kubernetes/portal-ng/components/portal-ng-preferences/Chart.yaml +++ b/kubernetes/portal-ng/components/portal-ng-preferences/Chart.yaml @@ -29,7 +29,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 13.0.0 +version: 13.0.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -49,5 +49,3 @@ dependencies: - name: mongodb version: ~14.12.x-0 repository: '@local' - - diff --git a/kubernetes/portal-ng/components/portal-ng-preferences/templates/configmap.yaml b/kubernetes/portal-ng/components/portal-ng-preferences/templates/configmap.yaml index f8c23479e1..b81e796c75 100644 --- a/kubernetes/portal-ng/components/portal-ng-preferences/templates/configmap.yaml +++ b/kubernetes/portal-ng/components/portal-ng-preferences/templates/configmap.yaml @@ -20,5 +20,8 @@ metadata: namespace: {{ include "common.namespace" . }} data: {{- range $key, $val := .Values.env }} - {{ $key }}: {{ $val | quote }} - {{- end -}}
\ No newline at end of file + {{ $key }}: {{ $val | quote }} + {{- end -}} + {{- range $key, $val := .Values.global.env }} + {{ $key }}: {{ $val | quote }} + {{- end -}} diff --git a/kubernetes/portal-ng/components/portal-ng-preferences/templates/deployment.yaml b/kubernetes/portal-ng/components/portal-ng-preferences/templates/deployment.yaml index a2a924b488..cdf47ca81d 100644 --- a/kubernetes/portal-ng/components/portal-ng-preferences/templates/deployment.yaml +++ b/kubernetes/portal-ng/components/portal-ng-preferences/templates/deployment.yaml @@ -21,13 +21,18 @@ spec: replicas: {{ .Values.replicaCount }} revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- include "common.templateMetadata" . | indent 6 }} spec: {{- include "common.imagePullSecrets" . | nindent 6 }} + {{ include "common.podSecurityContext" . | indent 6 | trim }} containers: - name: {{ .Chart.Name }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image.imageName }}:{{ .Values.image.tag | default .Chart.AppVersion }} imagePullPolicy: {{ .Values.image.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap @@ -45,4 +50,5 @@ spec: path: /actuator/health/readiness port: {{ .Values.service.port }} initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }} - failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
\ No newline at end of file + failureThreshold: {{ .Values.probes.readiness.failureThreshold }} + resources: {{ include "common.resources" . | nindent 12 }} diff --git a/kubernetes/portal-ng/components/portal-ng-preferences/values.yaml b/kubernetes/portal-ng/components/portal-ng-preferences/values.yaml index 2f6d1bae78..fd2180b36f 100644 --- a/kubernetes/portal-ng/components/portal-ng-preferences/values.yaml +++ b/kubernetes/portal-ng/components/portal-ng-preferences/values.yaml @@ -1,4 +1,9 @@ -global: {} +global: + env: + KEYCLOAK_URL: http://keycloak-keycloakx-http.keycloak + KEYCLOAK_REALM: ONAP + COLLECTOR_HOST: jaeger-collector.istio-system + COLLECTOR_PORT: 9411 # Default values for preferences. # This is a YAML-formatted file. @@ -27,6 +32,23 @@ service: - name: http port: 9001 +resources: + small: + limits: + cpu: "500m" + memory: "512Mi" + requests: + cpu: "100m" + memory: "256Mi" + large: + limits: + cpu: "2" + memory: "1Gi" + requests: + cpu: "200m" + memory: "256Mi" + unlimited: {} + autoscaling: enabled: false minReplicas: 1 @@ -35,11 +57,11 @@ autoscaling: probes: readiness: - initialDelaySeconds: 20 - failureThreshold: 4 + initialDelaySeconds: 30 + failureThreshold: 5 liveness: - initialDelaySeconds: 20 - failureThreshold: 4 + initialDelaySeconds: 30 + failureThreshold: 5 secretEnv: MONGO_USERNAME: dbuser @@ -47,13 +69,9 @@ secretEnv: MONGO_DATABASE: Preferences env: - KEYCLOAK_URL: http://keycloakx-http.keycloak - KEYCLOAK_REALM: ONAP MONGO_HOST: preferences-mongodb MONGO_PORT: 27017 TRACING_ENABLED: true - COLLECTOR_HOST: jaeger-collector.istio-system - COLLECTOR_PORT: 9411 mongodb: nameOverride: preferences-mongodb @@ -80,3 +98,7 @@ serviceAccount: nameOverride: portal-ng-preferences roles: - read + +securityContext: + user_id: 65534 + group_id: 65534 diff --git a/kubernetes/portal-ng/components/portal-ng-ui/Chart.yaml b/kubernetes/portal-ng/components/portal-ng-ui/Chart.yaml index 09178d9694..496d7b12de 100644 --- a/kubernetes/portal-ng/components/portal-ng-ui/Chart.yaml +++ b/kubernetes/portal-ng/components/portal-ng-ui/Chart.yaml @@ -29,12 +29,12 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 13.0.0 +version: 13.0.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: 0.1.0 +appVersion: 0.1.2 dependencies: - name: common diff --git a/kubernetes/portal-ng/components/portal-ng-ui/resources/assets/acl.json b/kubernetes/portal-ng/components/portal-ng-ui/resources/assets/acl.json new file mode 100644 index 0000000000..a8a505b291 --- /dev/null +++ b/kubernetes/portal-ng/components/portal-ng-ui/resources/assets/acl.json @@ -0,0 +1,5 @@ +{ + "portal_admin": {{ .Values.acl.portal_admin | toPrettyJson }}, + "portal_operator": {{ .Values.acl.portal_operator | toPrettyJson }}, + "portal_designer": {{ .Values.acl.portal_designer | toPrettyJson }} +} diff --git a/kubernetes/portal-ng/components/portal-ng-ui/resources/assets/env.js b/kubernetes/portal-ng/components/portal-ng-ui/resources/assets/env.js index 2e21ca50d0..81a71c39d7 100644 --- a/kubernetes/portal-ng/components/portal-ng-ui/resources/assets/env.js +++ b/kubernetes/portal-ng/components/portal-ng-ui/resources/assets/env.js @@ -4,8 +4,8 @@ // Environment variables window["env"]["customStyleEnabled"] = "{{ .Values.env.CUSTOM_STYLE_ENABLED }}"; - window["env"]["keycloak"]["hostname"] = "{{ .Values.env.KEYCLOAK_HOSTNAME }}"; - window["env"]["keycloak"]["realm"] = "{{ .Values.env.KEYCLOAK_REALM }}"; + window["env"]["keycloak"]["hostname"] = "{{ .Values.env.KEYCLOAK_EXTERNAL_URL }}"; + window["env"]["keycloak"]["realm"] = "{{ .Values.env.KEYCLOAK_REALM | default .Values.global.env.KEYCLOAK_REALM }}"; window['env']['keycloak']['clientId'] = '{{ .Values.env.KEYCLOAK_CLIENT_ID }}'; window["env"]["loggingEnabled"]= '{{ .Values.env.LOGGING_ENABLED }}'; })(this); diff --git a/kubernetes/portal-ng/components/portal-ng-ui/resources/default.conf b/kubernetes/portal-ng/components/portal-ng-ui/resources/default.conf index d448e278d5..0c64588840 100644 --- a/kubernetes/portal-ng/components/portal-ng-ui/resources/default.conf +++ b/kubernetes/portal-ng/components/portal-ng-ui/resources/default.conf @@ -1,6 +1,7 @@ -resolver {{ .Values.env.CLUSTER_NAMESERVER_IP }}; +resolver {{ .Values.env.NAME_SERVER }}; server { listen {{ .Values.env.NGINX_PORT }}; + listen [::]:{{.Values.env.NGINX_PORT}}; # listen on ipv6 location / { root /usr/share/nginx/html; index index.html; @@ -21,7 +22,7 @@ server { proxy_http_version 1.1; } location /auth/ { - set $upstream {{ .Values.env.KEYCLOAK_INTERNAL_URL }}; + set $upstream {{ .Values.env.KEYCLOAK_URL | default .Values.global.env.KEYCLOAK_URL }}.svc.cluster.local; rewrite /auth/(.*) /$1 break; add_header Access-Control-Allow-Origin *; proxy_pass $upstream/$1$is_args$args; @@ -45,4 +46,4 @@ gzip_min_length 1100; gzip_comp_level 6; gzip_buffers 16 8k; gzip_http_version 1.1; -gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
\ No newline at end of file +gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; diff --git a/kubernetes/portal-ng/components/portal-ng-ui/templates/configmap-env-js.yaml b/kubernetes/portal-ng/components/portal-ng-ui/templates/configmap-assets.yaml index e2244bd768..0db7d5637c 100644 --- a/kubernetes/portal-ng/components/portal-ng-ui/templates/configmap-env-js.yaml +++ b/kubernetes/portal-ng/components/portal-ng-ui/templates/configmap-assets.yaml @@ -16,11 +16,12 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }}-env-js + name: {{ include "common.fullname" . }}-assets labels: app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ tpl (.Files.Glob "resources/assets/env.js").AsConfig . | nindent 2 }} + env_js: {{ tpl (.Files.Get "resources/assets/env.js") . | quote }} + acl_json: {{ tpl (.Files.Get "resources/assets/acl.json") . | quote }} + version_json: {{ tpl (.Files.Get "resources/assets/version.json") . | quote }} diff --git a/kubernetes/portal-ng/components/portal-ng-ui/templates/configmap-nginx-config.yaml b/kubernetes/portal-ng/components/portal-ng-ui/templates/configmap-nginx-config.yaml index f8e560b908..81a5407209 100644 --- a/kubernetes/portal-ng/components/portal-ng-ui/templates/configmap-nginx-config.yaml +++ b/kubernetes/portal-ng/components/portal-ng-ui/templates/configmap-nginx-config.yaml @@ -1,5 +1,5 @@ {{/* -# Copyright © 2024 Deutsche Telekom +# Copyright © 2022 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,14 +13,15 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} +--- apiVersion: v1 kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-nginx-config + namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ tpl (.Files.Glob "resources/default.conf").AsConfig . | nindent 2 }} +{{ tpl (.Files.Glob "resources/default.conf").AsConfig . | indent 2 }} diff --git a/kubernetes/portal-ng/components/portal-ng-ui/templates/configmap.yaml b/kubernetes/portal-ng/components/portal-ng-ui/templates/configmap.yaml index 4895edd85b..337cbc455e 100644 --- a/kubernetes/portal-ng/components/portal-ng-ui/templates/configmap.yaml +++ b/kubernetes/portal-ng/components/portal-ng-ui/templates/configmap.yaml @@ -21,10 +21,12 @@ metadata: namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: {{- range $key, $val := .Values.env }} {{ $key }}: {{ $val | quote }} {{- end -}} + {{- range $key, $val := .Values.global.env }} + {{ $key }}: {{ $val | quote }} + {{- end -}} diff --git a/kubernetes/portal-ng/components/portal-ng-ui/templates/deployment.yaml b/kubernetes/portal-ng/components/portal-ng-ui/templates/deployment.yaml index a06f87b5ba..e9562bc302 100644 --- a/kubernetes/portal-ng/components/portal-ng-ui/templates/deployment.yaml +++ b/kubernetes/portal-ng/components/portal-ng-ui/templates/deployment.yaml @@ -22,13 +22,18 @@ spec: replicas: {{ .Values.replicaCount }} revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- include "common.templateMetadata" . | indent 6 }} spec: {{- include "common.imagePullSecrets" . | nindent 6 }} + {{ include "common.podSecurityContext" . | indent 6 | trim }} containers: - name: {{ .Chart.Name }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image.imageName }}:{{ .Values.image.tag | default .Chart.AppVersion }} imagePullPolicy: {{ .Values.image.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap @@ -57,11 +62,15 @@ spec: mountPath: /etc/nginx/conf.d/default.conf subPath: default.conf readOnly: true - - name: env-js + - name: assets mountPath: /usr/share/nginx/html/assets/env.js subPath: env.js readOnly: true - - name: version-json + - name: assets + mountPath: /usr/share/nginx/html/assets/acl.json + subPath: acl.json + readOnly: true + - name: assets mountPath: /usr/share/nginx/html/assets/version.json subPath: version.json readOnly: true @@ -95,12 +104,16 @@ spec: - name: nginx-config configMap: name: {{ include "common.fullname" . }}-nginx-config - - name: env-js - configMap: - name: {{ include "common.fullname" . }}-env-js - - name: version-json + - name: assets configMap: - name: {{ include "common.fullname" . }}-version-json + name: {{ include "common.fullname" . }}-assets + items: + - key: env_js + path: env.js + - key: acl_json + path: acl.json + - key: version_json + path: version.json - name: tmp-volume emptyDir: sizeLimit: 64Mi diff --git a/kubernetes/portal-ng/components/portal-ng-ui/values.yaml b/kubernetes/portal-ng/components/portal-ng-ui/values.yaml index 7e154afae2..fa019b8a5b 100644 --- a/kubernetes/portal-ng/components/portal-ng-ui/values.yaml +++ b/kubernetes/portal-ng/components/portal-ng-ui/values.yaml @@ -13,6 +13,9 @@ # limitations under the License. global: + env: + KEYCLOAK_URL: http://keycloak-keycloakx-http.keycloak + KEYCLOAK_REALM: ONAP ingress: virtualhost: # Default Ingress base URL @@ -49,7 +52,7 @@ service: internalPort: 8080 ports: - name: http - port: 80 + port: 8080 port_protocol: http ingress: @@ -57,11 +60,26 @@ ingress: service: - baseaddr: "portal-ng-ui" name: "portal-ng-ui" - port: 80 + port: 8080 config: ssl: "redirect" -resources: {} +resources: + small: + limits: + cpu: "2" + memory: "1Gi" + requests: + cpu: "50m" + memory: "128Mi" + large: + limits: + cpu: "4" + memory: "2Gi" + requests: + cpu: "100m" + memory: "256Mi" + unlimited: {} autoscaling: enabled: false @@ -84,12 +102,10 @@ tolerations: [] affinity: {} env: + NAME_SERVER: coredns.kube-system + KEYCLOAK_EXTERNAL_URL: https://keycloak-ui.simpledemo.onap.org BFF_URL: http://portal-ng-bff.onap.svc.cluster.local:9080 NGINX_PORT: 8080 - KEYCLOAK_REALM: ONAP - KEYCLOAK_INTERNAL_URL: http://keycloakx-http.keycloak.svc.cluster.local - KEYCLOAK_HOSTNAME: https://keycloak-ui.simpledemo.onap.org - CLUSTER_NAMESERVER_IP: 1.2.3.4 #Pods Service Account serviceAccount: @@ -109,4 +125,21 @@ tiles: HOLMES_URL: "holmes-rule-mgmt-ui" AAI_URL: "aai-sparkybe-api" SDNCDG_URL: "sdnc-dgbuilder-ui" - SDNCODL_URL: "sdnc-web-ui"
\ No newline at end of file + SDNCODL_URL: "sdnc-web-ui" + +acl: + portal_admin: + - users.administration.list + - users.administration.detail + - users.administration.create + - users.administration.edit + - users.administration.delete + - dashboard.tile.USER_LAST_ACTION_TILE + portal_operator: + - dashboard.tile.USER_LAST_ACTION_TILE + portal_designer: + - dashboard.tile.USER_LAST_ACTION_TILE + +securityContext: + user_id: 101 + group_id: 101 |