[AAI] 15.0.4 release

- [resources,traversal,graphadmin,schema-service] use v30 api version
- [resources,traversal,graphadmin] make basic-auth configurable
- [resources,traversal] remove Keycloak-auth related files
- [resources,traversal] remove logToFile option since container filesystems are read-only [0]
- [graphadmin] use init container for schema-creation

[0] and sooner or later any tmp volume will fill up

Issue-ID: AAI-4124
Change-Id: Ib9b70dedd07acfb8ae24506ab044de0940c0c815
Signed-off-by: Fiete Ostkamp <Fiete.Ostkamp@telekom.de>

5 files changed, 110 insertions, 16 deletions

diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties
index 7254d6d64f..50c320ab30 100644
--- a/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties
+++ b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties
@@ -47,7 +47,6 @@ server.tomcat.max-idle-time=60000
 # If you get an application startup failure that the port is already taken
 # If thats not it, please check if the key-store file path makes sense
 server.local.startpath=/opt/app/aai-graphadmin/resources/
-server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties
 
 server.port=8449
 
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/_helpers.tpl b/kubernetes/aai/components/aai-graphadmin/templates/_helpers.tpl
new file mode 100644
index 0000000000..a6c414517b
--- /dev/null
+++ b/kubernetes/aai/components/aai-graphadmin/templates/_helpers.tpl
@@ -0,0 +1,42 @@
+{{- define "aai.waitForSchemaCreation" -}}
+- name: wait-for-schema-creation
+  image: "{{ include "repositoryGenerator.image.curl" . }}"
+  imagePullPolicy: IfNotPresent
+  command: ["/bin/sh", "-c"]
+  args:
+    - |
+      URL="{{ required "URL is required" (.Values.schemaInitCheckURL | default "http://aai-graphadmin:8449/isSchemaInitialized") }}"
+      AUTH="{{ printf "%s:%s" (index .Values.global.config.basic.auth.users 0).username (index .Values.global.config.basic.auth.users 0).password }}"
+      while true; do
+        RESPONSE=$(curl -u $AUTH -s $URL)
+        if [ "$RESPONSE" = "true" ]; then
+          echo "Request successful. Schema is initialized."
+          exit 0
+        else
+          echo "Request unsuccessful. Schema is not yet initialized. Retrying in 3 seconds..."
+          sleep 3
+        fi
+      done
+  {{ include "common.containerSecurityContext" . | indent 2 | trim }}
+{{- end -}}
+
+{{- define "aai.waitForSchemaService" -}}
+- name: wait-for-schema-service
+  image: "{{ include "repositoryGenerator.image.curl" . }}"
+  imagePullPolicy: IfNotPresent
+  command: ["/bin/sh", "-c"]
+  args:
+    - |
+      URL="{{ required "URL is required" (.Values.schemaInitCheckURL | default "http://aai-schema-service:8452/aai/schema-service/util/echo") }}"
+      AUTH="{{ printf "%s:%s" (index .Values.global.config.basic.auth.users 0).username (index .Values.global.config.basic.auth.users 0).password }}"
+      while true; do
+        if curl --fail --header 'X-FromAppId: graphadmin' --header 'X-TransactionId: someTransaction' -u $AUTH -s $URL; then
+          echo "Request successful. Schema-service is available"
+          exit 0
+        else
+          echo "Request unsuccessful. Schema-service is not available yet. Retrying in 3 seconds..."
+          sleep 3
+        fi
+      done
+  {{ include "common.containerSecurityContext" . | indent 2 | trim }}
+{{- end -}}
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
index 31566fc939..92fea15055 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
@@ -47,7 +47,64 @@ spec:
       terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }}
       {{- if .Values.global.initContainers.enabled }}
       initContainers:
-      {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.waitForWithCreateSchemaDisabled ) | indent 6 | trim }}
+        {{- if not .Values.createDbSchemaViaJob.enabled }}
+        {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.waitForCassandraService ) | indent 8 | trim }}
+        - name: {{ include "common.name" . }}-create-db-schema
+          image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+          {{ include "common.containerSecurityContext" . | nindent 10 | trim }}
+          command:
+          - sh
+          args:
+          - -c
+          - |
+            {{- if include "common.onServiceMesh" . }}
+            echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
+            sh docker-entrypoint.sh createDBSchema.sh;
+            {{ include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
+          env:
+          {{- if .Values.config.debug.enabled }}
+          - name: JVM_OPTS
+            value: {{ .Values.config.debug.args | quote }}
+          {{- end }}
+          {{- if .Values.config.env }}
+          {{- range $key,$value := .Values.config.env }}
+          - name: {{ $key | upper | quote}}
+            value: {{ $value | quote}}
+          {{- end }}
+          {{- end }}
+          - name: BOOTSTRAP_SERVERS
+            value: {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+          - name: JAAS_CONFIG
+            valueFrom:
+              secretKeyRef:
+                name: {{ include "common.release" . }}-{{ .Values.global.aaiGraphKafkaUser }}
+                key: sasl.jaas.config
+          {{- if .Values.config.debug.enabled }}
+          ports:
+          - containerPort: {{ .Values.service.debugPort }}
+            name: {{ .Values.service.debugPortName }}
+          {{- end }}
+          volumeMounts:
+          - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
+            name: config
+            subPath: janusgraph-realtime.properties
+          - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties
+            name: properties
+            subPath: aaiconfig.properties
+          - mountPath: /opt/aai/logroot/AAI-GA
+            name: logs
+          - mountPath: /opt/app/aai-graphadmin/resources/logback.xml
+            name: config
+            subPath: logback.xml
+          - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml
+            name: config
+            subPath: localhost-access-logback.xml
+          - mountPath: /opt/app/aai-graphadmin/resources/application.properties
+            name: properties
+            subPath: application.properties
+          resources: {{ include "common.resources" . | nindent 12 }}
+        {{- end }}
       {{- end }}
       {{ include "common.podSecurityContext" . | indent 6 | trim }}
       containers:
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml
index 6c57680724..fc35966f79 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml
@@ -34,6 +34,8 @@
 # then it is your job to ensure that there are no connections to the database
 */}}
 
+{{/* the new default is schema creation via graphadmin init container. This will be removed in the future. */}}
+{{- if .Values.createDbSchemaViaJob.enabled }}
 {{- if and ( not .Values.global.jobs.migration.enabled ) ( .Values.global.jobs.createSchema.enabled ) }}
 apiVersion: batch/v1
 kind: Job
@@ -51,8 +53,6 @@ spec:
       labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "job") | nindent 8 }}
       name: {{ include "common.name" . }}
     spec:
-      initContainers:
-      {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.waitForWithCreateSchemaDisabled) | indent 6 | trim }}
       {{ include "common.podSecurityContext" . | indent 6 | trim }}
       containers:
       - name: {{ include "common.name" . }}-job
@@ -129,3 +129,4 @@ spec:
       restartPolicy: Never
       {{- include "common.imagePullSecrets" . | nindent 6 }}
 {{- end }}
+{{- end }}
diff --git a/kubernetes/aai/components/aai-graphadmin/values.yaml b/kubernetes/aai/components/aai-graphadmin/values.yaml
index 4b9067d80d..ca8cc5829c 100644
--- a/kubernetes/aai/components/aai-graphadmin/values.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/values.yaml
@@ -84,11 +84,11 @@ global: # global defaults
       version:
         # Current version of the REST API
         api:
-          default: v29
+          default: v30
         # Specifies which version the depth parameter is configurable
         depth: v11
         # List of all the supported versions of the API
-        list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29
+        list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29,v30
         # Specifies from which version related link should appear
         related:
           link: v11
@@ -226,19 +226,14 @@ actuator:
   echo:
     enabled: true
 
+## Can be used to restore the old behaviour of having a separate job for schema creation
+createDbSchemaViaJob:
+  enabled: false
+
 readinessCheck:
-  waitForWithCreateSchemaEnabled:
+  waitForSchemaCreationJob:
     jobs:
       - '{{ include "common.release" . }}-aai-graphadmin-create-db-schema'
-  waitForWithCreateSchemaDisabled:
-    services:
-      - '{{ .Values.global.cassandra.serviceName }}'
-      - aai-schema-service
-  waitForCassandra:
-    containers:
-      - aai-schema-service
-    apps:
-      - cassandra
   waitForLocalCassandra:
     containers:
       - aai-schema-service