aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFiete Ostkamp <Fiete.Ostkamp@telekom.de>2024-09-25 08:29:14 +0200
committerFiete Ostkamp <Fiete.Ostkamp@telekom.de>2024-10-01 09:06:02 +0200
commit0cb45591810f3d121e90a55a8899244514145b10 (patch)
tree814d6e9048bc5788ad1fc0d6aaf9832e9f3448b6
parenta6889979459185d6873695ab9c4c74dbeed6daee (diff)
portal-ng chart update
- Kyverno fixes - make Keycloak settings configurable via `global` Issue-ID: PORTALNG-125 Change-Id: I827527d4fe2dcadf79ed79591c81dbe83169b2cb Signed-off-by: Fiete Ostkamp <Fiete.Ostkamp@telekom.de>
-rw-r--r--kubernetes/portal-ng/components/portal-ng-bff/Chart.yaml6
-rw-r--r--kubernetes/portal-ng/components/portal-ng-bff/templates/configmap.yaml5
-rw-r--r--kubernetes/portal-ng/components/portal-ng-bff/templates/deployment.yaml8
-rw-r--r--kubernetes/portal-ng/components/portal-ng-bff/values.yaml81
-rw-r--r--kubernetes/portal-ng/components/portal-ng-history/Chart.yaml2
-rw-r--r--kubernetes/portal-ng/components/portal-ng-history/templates/configmap.yaml7
-rw-r--r--kubernetes/portal-ng/components/portal-ng-history/templates/deployment.yaml10
-rw-r--r--kubernetes/portal-ng/components/portal-ng-history/values.yaml40
-rw-r--r--kubernetes/portal-ng/components/portal-ng-preferences/Chart.yaml4
-rw-r--r--kubernetes/portal-ng/components/portal-ng-preferences/templates/configmap.yaml7
-rw-r--r--kubernetes/portal-ng/components/portal-ng-preferences/templates/deployment.yaml10
-rw-r--r--kubernetes/portal-ng/components/portal-ng-preferences/values.yaml40
-rw-r--r--kubernetes/portal-ng/components/portal-ng-ui/Chart.yaml4
-rw-r--r--kubernetes/portal-ng/components/portal-ng-ui/resources/assets/acl.json5
-rw-r--r--kubernetes/portal-ng/components/portal-ng-ui/resources/assets/env.js4
-rw-r--r--kubernetes/portal-ng/components/portal-ng-ui/resources/default.conf7
-rw-r--r--kubernetes/portal-ng/components/portal-ng-ui/templates/configmap-assets.yaml (renamed from kubernetes/portal-ng/components/portal-ng-ui/templates/configmap-env-js.yaml)7
-rw-r--r--kubernetes/portal-ng/components/portal-ng-ui/templates/configmap-nginx-config.yaml7
-rw-r--r--kubernetes/portal-ng/components/portal-ng-ui/templates/configmap.yaml4
-rw-r--r--kubernetes/portal-ng/components/portal-ng-ui/templates/deployment.yaml29
-rw-r--r--kubernetes/portal-ng/components/portal-ng-ui/values.yaml49
21 files changed, 251 insertions, 85 deletions
diff --git a/kubernetes/portal-ng/components/portal-ng-bff/Chart.yaml b/kubernetes/portal-ng/components/portal-ng-bff/Chart.yaml
index d925060b81..ade5d1e734 100644
--- a/kubernetes/portal-ng/components/portal-ng-bff/Chart.yaml
+++ b/kubernetes/portal-ng/components/portal-ng-bff/Chart.yaml
@@ -29,7 +29,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 13.0.0
+version: 13.0.1
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
@@ -43,7 +43,3 @@ dependencies:
- name: repositoryGenerator
version: ~13.x-0
repository: '@local'
- - name: serviceAccount
- version: ~13.x-0
- repository: '@local'
-
diff --git a/kubernetes/portal-ng/components/portal-ng-bff/templates/configmap.yaml b/kubernetes/portal-ng/components/portal-ng-bff/templates/configmap.yaml
index b45ead6a52..f41d630f02 100644
--- a/kubernetes/portal-ng/components/portal-ng-bff/templates/configmap.yaml
+++ b/kubernetes/portal-ng/components/portal-ng-bff/templates/configmap.yaml
@@ -6,4 +6,7 @@ metadata:
data:
{{- range $key, $val := .Values.env }}
{{ $key }}: {{ $val | quote }}
- {{- end -}} \ No newline at end of file
+ {{- end -}}
+ {{- range $key, $val := .Values.global.env }}
+ {{ $key }}: {{ $val | quote }}
+ {{- end -}}
diff --git a/kubernetes/portal-ng/components/portal-ng-bff/templates/deployment.yaml b/kubernetes/portal-ng/components/portal-ng-bff/templates/deployment.yaml
index ef54110af4..7d521cf1cb 100644
--- a/kubernetes/portal-ng/components/portal-ng-bff/templates/deployment.yaml
+++ b/kubernetes/portal-ng/components/portal-ng-bff/templates/deployment.yaml
@@ -6,13 +6,18 @@ spec:
replicas: {{ .Values.replicaCount }}
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
template:
- metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ metadata:
+ annotations:
+ checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ {{- include "common.templateMetadata" . | indent 6 }}
spec:
{{- include "common.imagePullSecrets" . | nindent 6 }}
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
containers:
- name: {{ .Chart.Name }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image.imageName }}:{{ .Values.image.tag | default .Chart.AppVersion }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
@@ -34,3 +39,4 @@ spec:
port: {{ .Values.service.port }}
initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }}
failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
+ resources: {{ include "common.resources" . | nindent 12 }}
diff --git a/kubernetes/portal-ng/components/portal-ng-bff/values.yaml b/kubernetes/portal-ng/components/portal-ng-bff/values.yaml
index b8b7c3d061..cc39ea8b87 100644
--- a/kubernetes/portal-ng/components/portal-ng-bff/values.yaml
+++ b/kubernetes/portal-ng/components/portal-ng-bff/values.yaml
@@ -1,59 +1,104 @@
-global: {}
+global:
+ env:
+ KEYCLOAK_URL: http://keycloak-keycloakx-http.keycloak
+ KEYCLOAK_REALM: ONAP
+ COLLECTOR_HOST: jaeger-collector.istio-system
+ COLLECTOR_PORT: 9411
-# Default values for bff.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
+## Default values for portal-ng-bff.
+## This is a YAML-formatted file.
+## Declare variables to be passed into your templates.
+
+##
+## Specifies the details of the Docker image to be used for deployment.
+##
image:
+ ## The name of the Docker image.
imageName: onap/portal-ng/bff
+ ## The policy that indicates when the image should be pulled.
+ ## "Always" means the image will be pulled on every deployment.
pullPolicy: Always
- # Overrides the image tag whose default value is the chart appVersion.
+ ## Overrides the image tag. The default is the chart appVersion.
+ ## An empty value means the default tag will be used.
# tag: 0.1.0
+## Number of Pods to deploy
replicaCount: 2
-# Specifies how many old replicas will be retained in a deployment
+## Specifies how many old replicas will be retained in a deployment
revisionHistoryLimit: 2
-# Custom selector label (for bigger namespaces with other components)
+## Custom selector label (for bigger namespaces with other components)
partOf: portal
+##
+## Service
+##
service:
+ ## Use ClusterIP as the service type to expose the service on an internal IP
type: ClusterIP
port: 9080
+ ## The port on which the service is exposed
ports:
- name: http
port: 9080
+##
+## Autoscaling
+##
autoscaling:
+ ## Autoscaling is disabled. When set to true, the Horizontal Pod Autoscaler is enabled.
enabled: false
+ ## Minimum number of replicas to maintain.
minReplicas: 1
- maxReplicas: 100
+ ## Maximum number of replicas to maintain.
+ maxReplicas: 2
+ ## Target CPU utilization percentage at which the Horizontal Pod Autoscaler adds or removes replicas.
targetCPUUtilizationPercentage: 80
+resources:
+ small:
+ limits:
+ cpu: "4"
+ memory: "1Gi"
+ requests:
+ cpu: "50m"
+ memory: "256Mi"
+ large:
+ limits:
+ cpu: "2"
+ memory: "1Gi"
+ requests:
+ cpu: "100m"
+ memory: "256Mi"
+ unlimited: {}
+
+##
+## Readiness and liveness probes
+##
probes:
+ # Configuration of the readiness probe to check if the container is ready.
readiness:
+ ## Wait before performing the first probe
initialDelaySeconds: 20
+ ## Number of consecutive failures allowed before marking probe as failed.
failureThreshold: 4
+ # Configuration of the liveness probe to check if the container is alive.
liveness:
+ ## Wait before performing the first probe
initialDelaySeconds: 20
+ ## Number of consecutive failures allowed before marking probe as failed.
failureThreshold: 4
env:
- KEYCLOAK_URL: http://keycloakx-http.keycloak/auth
- KEYCLOAK_REALM: ONAP
HISTORY_URL: http://portal-ng-history:9002
PREFERENCES_URL: http://portal-ng-preferences:9001
TRACING_ENABLED: true
- COLLECTOR_HOST: jaeger-collector.istio-system
- COLLECTOR_PORT: 9411
secretEnv:
KEYCLOAK_CLIENT_ID: portal-bff
KEYCLOAK_CLIENT_SECRET: pKOuVH1bwRZoNzp5P5t4GV8CqcCJYVtr
-#Pods Service Account
-serviceAccount:
- nameOverride: portal-ng-bff
- roles:
- - read
-
+securityContext:
+ user_id: 65534
+ group_id: 65534
diff --git a/kubernetes/portal-ng/components/portal-ng-history/Chart.yaml b/kubernetes/portal-ng/components/portal-ng-history/Chart.yaml
index 4b62b5def2..9f55e31be4 100644
--- a/kubernetes/portal-ng/components/portal-ng-history/Chart.yaml
+++ b/kubernetes/portal-ng/components/portal-ng-history/Chart.yaml
@@ -29,7 +29,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 13.0.0
+version: 13.0.1
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
diff --git a/kubernetes/portal-ng/components/portal-ng-history/templates/configmap.yaml b/kubernetes/portal-ng/components/portal-ng-history/templates/configmap.yaml
index f8c23479e1..b81e796c75 100644
--- a/kubernetes/portal-ng/components/portal-ng-history/templates/configmap.yaml
+++ b/kubernetes/portal-ng/components/portal-ng-history/templates/configmap.yaml
@@ -20,5 +20,8 @@ metadata:
namespace: {{ include "common.namespace" . }}
data:
{{- range $key, $val := .Values.env }}
- {{ $key }}: {{ $val | quote }}
- {{- end -}} \ No newline at end of file
+ {{ $key }}: {{ $val | quote }}
+ {{- end -}}
+ {{- range $key, $val := .Values.global.env }}
+ {{ $key }}: {{ $val | quote }}
+ {{- end -}}
diff --git a/kubernetes/portal-ng/components/portal-ng-history/templates/deployment.yaml b/kubernetes/portal-ng/components/portal-ng-history/templates/deployment.yaml
index a2a924b488..cdf47ca81d 100644
--- a/kubernetes/portal-ng/components/portal-ng-history/templates/deployment.yaml
+++ b/kubernetes/portal-ng/components/portal-ng-history/templates/deployment.yaml
@@ -21,13 +21,18 @@ spec:
replicas: {{ .Values.replicaCount }}
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
template:
- metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ metadata:
+ annotations:
+ checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ {{- include "common.templateMetadata" . | indent 6 }}
spec:
{{- include "common.imagePullSecrets" . | nindent 6 }}
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
containers:
- name: {{ .Chart.Name }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image.imageName }}:{{ .Values.image.tag | default .Chart.AppVersion }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
@@ -45,4 +50,5 @@ spec:
path: /actuator/health/readiness
port: {{ .Values.service.port }}
initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }}
- failureThreshold: {{ .Values.probes.readiness.failureThreshold }} \ No newline at end of file
+ failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
+ resources: {{ include "common.resources" . | nindent 12 }}
diff --git a/kubernetes/portal-ng/components/portal-ng-history/values.yaml b/kubernetes/portal-ng/components/portal-ng-history/values.yaml
index dc999841ef..a12e70c575 100644
--- a/kubernetes/portal-ng/components/portal-ng-history/values.yaml
+++ b/kubernetes/portal-ng/components/portal-ng-history/values.yaml
@@ -1,4 +1,9 @@
-global: {}
+global:
+ env:
+ KEYCLOAK_URL: http://keycloak-keycloakx-http.keycloak
+ KEYCLOAK_REALM: ONAP
+ COLLECTOR_HOST: jaeger-collector.istio-system
+ COLLECTOR_PORT: 9411
image:
imageName: onap/portal-ng/history
@@ -26,6 +31,23 @@ service:
- name: http
port: 9002
+resources:
+ small:
+ limits:
+ cpu: "500m"
+ memory: "512Mi"
+ requests:
+ cpu: "100m"
+ memory: "256Mi"
+ large:
+ limits:
+ cpu: "2"
+ memory: "1Gi"
+ requests:
+ cpu: "200m"
+ memory: "256Mi"
+ unlimited: {}
+
autoscaling:
enabled: false
minReplicas: 1
@@ -34,11 +56,11 @@ autoscaling:
probes:
readiness:
- initialDelaySeconds: 20
- failureThreshold: 4
+ initialDelaySeconds: 30
+ failureThreshold: 5
liveness:
- initialDelaySeconds: 20
- failureThreshold: 4
+ initialDelaySeconds: 30
+ failureThreshold: 5
secretEnv:
MONGO_USERNAME: dbuser
@@ -46,13 +68,9 @@ secretEnv:
MONGO_DATABASE: history
env:
- KEYCLOAK_URL: http://keycloakx-http.keycloak
- KEYCLOAK_REALM: ONAP
MONGO_HOST: history-mongodb
MONGO_PORT: 27017
TRACING_ENABLED: true
- COLLECTOR_HOST: jaeger-collector.istio-system
- COLLECTOR_PORT: 9411
mongodb:
nameOverride: history-mongodb
@@ -79,3 +97,7 @@ serviceAccount:
nameOverride: portal-ng-history
roles:
- read
+
+securityContext:
+ user_id: 65534
+ group_id: 65534
diff --git a/kubernetes/portal-ng/components/portal-ng-preferences/Chart.yaml b/kubernetes/portal-ng/components/portal-ng-preferences/Chart.yaml
index 96088586fc..622ee90ac1 100644
--- a/kubernetes/portal-ng/components/portal-ng-preferences/Chart.yaml
+++ b/kubernetes/portal-ng/components/portal-ng-preferences/Chart.yaml
@@ -29,7 +29,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 13.0.0
+version: 13.0.1
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
@@ -49,5 +49,3 @@ dependencies:
- name: mongodb
version: ~14.12.x-0
repository: '@local'
-
-
diff --git a/kubernetes/portal-ng/components/portal-ng-preferences/templates/configmap.yaml b/kubernetes/portal-ng/components/portal-ng-preferences/templates/configmap.yaml
index f8c23479e1..b81e796c75 100644
--- a/kubernetes/portal-ng/components/portal-ng-preferences/templates/configmap.yaml
+++ b/kubernetes/portal-ng/components/portal-ng-preferences/templates/configmap.yaml
@@ -20,5 +20,8 @@ metadata:
namespace: {{ include "common.namespace" . }}
data:
{{- range $key, $val := .Values.env }}
- {{ $key }}: {{ $val | quote }}
- {{- end -}} \ No newline at end of file
+ {{ $key }}: {{ $val | quote }}
+ {{- end -}}
+ {{- range $key, $val := .Values.global.env }}
+ {{ $key }}: {{ $val | quote }}
+ {{- end -}}
diff --git a/kubernetes/portal-ng/components/portal-ng-preferences/templates/deployment.yaml b/kubernetes/portal-ng/components/portal-ng-preferences/templates/deployment.yaml
index a2a924b488..cdf47ca81d 100644
--- a/kubernetes/portal-ng/components/portal-ng-preferences/templates/deployment.yaml
+++ b/kubernetes/portal-ng/components/portal-ng-preferences/templates/deployment.yaml
@@ -21,13 +21,18 @@ spec:
replicas: {{ .Values.replicaCount }}
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
template:
- metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ metadata:
+ annotations:
+ checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ {{- include "common.templateMetadata" . | indent 6 }}
spec:
{{- include "common.imagePullSecrets" . | nindent 6 }}
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
containers:
- name: {{ .Chart.Name }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image.imageName }}:{{ .Values.image.tag | default .Chart.AppVersion }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
@@ -45,4 +50,5 @@ spec:
path: /actuator/health/readiness
port: {{ .Values.service.port }}
initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }}
- failureThreshold: {{ .Values.probes.readiness.failureThreshold }} \ No newline at end of file
+ failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
+ resources: {{ include "common.resources" . | nindent 12 }}
diff --git a/kubernetes/portal-ng/components/portal-ng-preferences/values.yaml b/kubernetes/portal-ng/components/portal-ng-preferences/values.yaml
index 2f6d1bae78..fd2180b36f 100644
--- a/kubernetes/portal-ng/components/portal-ng-preferences/values.yaml
+++ b/kubernetes/portal-ng/components/portal-ng-preferences/values.yaml
@@ -1,4 +1,9 @@
-global: {}
+global:
+ env:
+ KEYCLOAK_URL: http://keycloak-keycloakx-http.keycloak
+ KEYCLOAK_REALM: ONAP
+ COLLECTOR_HOST: jaeger-collector.istio-system
+ COLLECTOR_PORT: 9411
# Default values for preferences.
# This is a YAML-formatted file.
@@ -27,6 +32,23 @@ service:
- name: http
port: 9001
+resources:
+ small:
+ limits:
+ cpu: "500m"
+ memory: "512Mi"
+ requests:
+ cpu: "100m"
+ memory: "256Mi"
+ large:
+ limits:
+ cpu: "2"
+ memory: "1Gi"
+ requests:
+ cpu: "200m"
+ memory: "256Mi"
+ unlimited: {}
+
autoscaling:
enabled: false
minReplicas: 1
@@ -35,11 +57,11 @@ autoscaling:
probes:
readiness:
- initialDelaySeconds: 20
- failureThreshold: 4
+ initialDelaySeconds: 30
+ failureThreshold: 5
liveness:
- initialDelaySeconds: 20
- failureThreshold: 4
+ initialDelaySeconds: 30
+ failureThreshold: 5
secretEnv:
MONGO_USERNAME: dbuser
@@ -47,13 +69,9 @@ secretEnv:
MONGO_DATABASE: Preferences
env:
- KEYCLOAK_URL: http://keycloakx-http.keycloak
- KEYCLOAK_REALM: ONAP
MONGO_HOST: preferences-mongodb
MONGO_PORT: 27017
TRACING_ENABLED: true
- COLLECTOR_HOST: jaeger-collector.istio-system
- COLLECTOR_PORT: 9411
mongodb:
nameOverride: preferences-mongodb
@@ -80,3 +98,7 @@ serviceAccount:
nameOverride: portal-ng-preferences
roles:
- read
+
+securityContext:
+ user_id: 65534
+ group_id: 65534
diff --git a/kubernetes/portal-ng/components/portal-ng-ui/Chart.yaml b/kubernetes/portal-ng/components/portal-ng-ui/Chart.yaml
index 09178d9694..496d7b12de 100644
--- a/kubernetes/portal-ng/components/portal-ng-ui/Chart.yaml
+++ b/kubernetes/portal-ng/components/portal-ng-ui/Chart.yaml
@@ -29,12 +29,12 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 13.0.0
+version: 13.0.1
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 0.1.0
+appVersion: 0.1.2
dependencies:
- name: common
diff --git a/kubernetes/portal-ng/components/portal-ng-ui/resources/assets/acl.json b/kubernetes/portal-ng/components/portal-ng-ui/resources/assets/acl.json
new file mode 100644
index 0000000000..a8a505b291
--- /dev/null
+++ b/kubernetes/portal-ng/components/portal-ng-ui/resources/assets/acl.json
@@ -0,0 +1,5 @@
+{
+ "portal_admin": {{ .Values.acl.portal_admin | toPrettyJson }},
+ "portal_operator": {{ .Values.acl.portal_operator | toPrettyJson }},
+ "portal_designer": {{ .Values.acl.portal_designer | toPrettyJson }}
+}
diff --git a/kubernetes/portal-ng/components/portal-ng-ui/resources/assets/env.js b/kubernetes/portal-ng/components/portal-ng-ui/resources/assets/env.js
index 2e21ca50d0..81a71c39d7 100644
--- a/kubernetes/portal-ng/components/portal-ng-ui/resources/assets/env.js
+++ b/kubernetes/portal-ng/components/portal-ng-ui/resources/assets/env.js
@@ -4,8 +4,8 @@
// Environment variables
window["env"]["customStyleEnabled"] = "{{ .Values.env.CUSTOM_STYLE_ENABLED }}";
- window["env"]["keycloak"]["hostname"] = "{{ .Values.env.KEYCLOAK_HOSTNAME }}";
- window["env"]["keycloak"]["realm"] = "{{ .Values.env.KEYCLOAK_REALM }}";
+ window["env"]["keycloak"]["hostname"] = "{{ .Values.env.KEYCLOAK_EXTERNAL_URL }}";
+ window["env"]["keycloak"]["realm"] = "{{ .Values.env.KEYCLOAK_REALM | default .Values.global.env.KEYCLOAK_REALM }}";
window['env']['keycloak']['clientId'] = '{{ .Values.env.KEYCLOAK_CLIENT_ID }}';
window["env"]["loggingEnabled"]= '{{ .Values.env.LOGGING_ENABLED }}';
})(this);
diff --git a/kubernetes/portal-ng/components/portal-ng-ui/resources/default.conf b/kubernetes/portal-ng/components/portal-ng-ui/resources/default.conf
index d448e278d5..0c64588840 100644
--- a/kubernetes/portal-ng/components/portal-ng-ui/resources/default.conf
+++ b/kubernetes/portal-ng/components/portal-ng-ui/resources/default.conf
@@ -1,6 +1,7 @@
-resolver {{ .Values.env.CLUSTER_NAMESERVER_IP }};
+resolver {{ .Values.env.NAME_SERVER }};
server {
listen {{ .Values.env.NGINX_PORT }};
+ listen [::]:{{.Values.env.NGINX_PORT}}; # listen on ipv6
location / {
root /usr/share/nginx/html;
index index.html;
@@ -21,7 +22,7 @@ server {
proxy_http_version 1.1;
}
location /auth/ {
- set $upstream {{ .Values.env.KEYCLOAK_INTERNAL_URL }};
+ set $upstream {{ .Values.env.KEYCLOAK_URL | default .Values.global.env.KEYCLOAK_URL }}.svc.cluster.local;
rewrite /auth/(.*) /$1 break;
add_header Access-Control-Allow-Origin *;
proxy_pass $upstream/$1$is_args$args;
@@ -45,4 +46,4 @@ gzip_min_length 1100;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
-gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; \ No newline at end of file
+gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
diff --git a/kubernetes/portal-ng/components/portal-ng-ui/templates/configmap-env-js.yaml b/kubernetes/portal-ng/components/portal-ng-ui/templates/configmap-assets.yaml
index e2244bd768..0db7d5637c 100644
--- a/kubernetes/portal-ng/components/portal-ng-ui/templates/configmap-env-js.yaml
+++ b/kubernetes/portal-ng/components/portal-ng-ui/templates/configmap-assets.yaml
@@ -16,11 +16,12 @@
apiVersion: v1
kind: ConfigMap
metadata:
- name: {{ include "common.fullname" . }}-env-js
+ name: {{ include "common.fullname" . }}-assets
labels:
app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/assets/env.js").AsConfig . | nindent 2 }}
+ env_js: {{ tpl (.Files.Get "resources/assets/env.js") . | quote }}
+ acl_json: {{ tpl (.Files.Get "resources/assets/acl.json") . | quote }}
+ version_json: {{ tpl (.Files.Get "resources/assets/version.json") . | quote }}
diff --git a/kubernetes/portal-ng/components/portal-ng-ui/templates/configmap-nginx-config.yaml b/kubernetes/portal-ng/components/portal-ng-ui/templates/configmap-nginx-config.yaml
index f8e560b908..81a5407209 100644
--- a/kubernetes/portal-ng/components/portal-ng-ui/templates/configmap-nginx-config.yaml
+++ b/kubernetes/portal-ng/components/portal-ng-ui/templates/configmap-nginx-config.yaml
@@ -1,5 +1,5 @@
{{/*
-# Copyright © 2024 Deutsche Telekom
+# Copyright © 2022 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -13,14 +13,15 @@
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
+---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-nginx-config
+ namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/default.conf").AsConfig . | nindent 2 }}
+{{ tpl (.Files.Glob "resources/default.conf").AsConfig . | indent 2 }}
diff --git a/kubernetes/portal-ng/components/portal-ng-ui/templates/configmap.yaml b/kubernetes/portal-ng/components/portal-ng-ui/templates/configmap.yaml
index 4895edd85b..337cbc455e 100644
--- a/kubernetes/portal-ng/components/portal-ng-ui/templates/configmap.yaml
+++ b/kubernetes/portal-ng/components/portal-ng-ui/templates/configmap.yaml
@@ -21,10 +21,12 @@ metadata:
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
{{- range $key, $val := .Values.env }}
{{ $key }}: {{ $val | quote }}
{{- end -}}
+ {{- range $key, $val := .Values.global.env }}
+ {{ $key }}: {{ $val | quote }}
+ {{- end -}}
diff --git a/kubernetes/portal-ng/components/portal-ng-ui/templates/deployment.yaml b/kubernetes/portal-ng/components/portal-ng-ui/templates/deployment.yaml
index a06f87b5ba..e9562bc302 100644
--- a/kubernetes/portal-ng/components/portal-ng-ui/templates/deployment.yaml
+++ b/kubernetes/portal-ng/components/portal-ng-ui/templates/deployment.yaml
@@ -22,13 +22,18 @@ spec:
replicas: {{ .Values.replicaCount }}
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
template:
- metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ metadata:
+ annotations:
+ checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ {{- include "common.templateMetadata" . | indent 6 }}
spec:
{{- include "common.imagePullSecrets" . | nindent 6 }}
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
containers:
- name: {{ .Chart.Name }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image.imageName }}:{{ .Values.image.tag | default .Chart.AppVersion }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
@@ -57,11 +62,15 @@ spec:
mountPath: /etc/nginx/conf.d/default.conf
subPath: default.conf
readOnly: true
- - name: env-js
+ - name: assets
mountPath: /usr/share/nginx/html/assets/env.js
subPath: env.js
readOnly: true
- - name: version-json
+ - name: assets
+ mountPath: /usr/share/nginx/html/assets/acl.json
+ subPath: acl.json
+ readOnly: true
+ - name: assets
mountPath: /usr/share/nginx/html/assets/version.json
subPath: version.json
readOnly: true
@@ -95,12 +104,16 @@ spec:
- name: nginx-config
configMap:
name: {{ include "common.fullname" . }}-nginx-config
- - name: env-js
- configMap:
- name: {{ include "common.fullname" . }}-env-js
- - name: version-json
+ - name: assets
configMap:
- name: {{ include "common.fullname" . }}-version-json
+ name: {{ include "common.fullname" . }}-assets
+ items:
+ - key: env_js
+ path: env.js
+ - key: acl_json
+ path: acl.json
+ - key: version_json
+ path: version.json
- name: tmp-volume
emptyDir:
sizeLimit: 64Mi
diff --git a/kubernetes/portal-ng/components/portal-ng-ui/values.yaml b/kubernetes/portal-ng/components/portal-ng-ui/values.yaml
index 7e154afae2..fa019b8a5b 100644
--- a/kubernetes/portal-ng/components/portal-ng-ui/values.yaml
+++ b/kubernetes/portal-ng/components/portal-ng-ui/values.yaml
@@ -13,6 +13,9 @@
# limitations under the License.
global:
+ env:
+ KEYCLOAK_URL: http://keycloak-keycloakx-http.keycloak
+ KEYCLOAK_REALM: ONAP
ingress:
virtualhost:
# Default Ingress base URL
@@ -49,7 +52,7 @@ service:
internalPort: 8080
ports:
- name: http
- port: 80
+ port: 8080
port_protocol: http
ingress:
@@ -57,11 +60,26 @@ ingress:
service:
- baseaddr: "portal-ng-ui"
name: "portal-ng-ui"
- port: 80
+ port: 8080
config:
ssl: "redirect"
-resources: {}
+resources:
+ small:
+ limits:
+ cpu: "2"
+ memory: "1Gi"
+ requests:
+ cpu: "50m"
+ memory: "128Mi"
+ large:
+ limits:
+ cpu: "4"
+ memory: "2Gi"
+ requests:
+ cpu: "100m"
+ memory: "256Mi"
+ unlimited: {}
autoscaling:
enabled: false
@@ -84,12 +102,10 @@ tolerations: []
affinity: {}
env:
+ NAME_SERVER: coredns.kube-system
+ KEYCLOAK_EXTERNAL_URL: https://keycloak-ui.simpledemo.onap.org
BFF_URL: http://portal-ng-bff.onap.svc.cluster.local:9080
NGINX_PORT: 8080
- KEYCLOAK_REALM: ONAP
- KEYCLOAK_INTERNAL_URL: http://keycloakx-http.keycloak.svc.cluster.local
- KEYCLOAK_HOSTNAME: https://keycloak-ui.simpledemo.onap.org
- CLUSTER_NAMESERVER_IP: 1.2.3.4
#Pods Service Account
serviceAccount:
@@ -109,4 +125,21 @@ tiles:
HOLMES_URL: "holmes-rule-mgmt-ui"
AAI_URL: "aai-sparkybe-api"
SDNCDG_URL: "sdnc-dgbuilder-ui"
- SDNCODL_URL: "sdnc-web-ui" \ No newline at end of file
+ SDNCODL_URL: "sdnc-web-ui"
+
+acl:
+ portal_admin:
+ - users.administration.list
+ - users.administration.detail
+ - users.administration.create
+ - users.administration.edit
+ - users.administration.delete
+ - dashboard.tile.USER_LAST_ACTION_TILE
+ portal_operator:
+ - dashboard.tile.USER_LAST_ACTION_TILE
+ portal_designer:
+ - dashboard.tile.USER_LAST_ACTION_TILE
+
+securityContext:
+ user_id: 101
+ group_id: 101