diff options
author | osk11461 <ondrej1.frindrich@orange.com> | 2021-06-18 00:51:17 +0200 |
---|---|---|
committer | osk11461 <ondrej1.frindrich@orange.com> | 2021-09-13 14:39:31 +0200 |
commit | 27fd7d8750ceeb798052eb8af36264c79b6536fb (patch) | |
tree | 13d2896ff9c8e6dd4c1139500cf4909e8efd0fc7 /kubernetes/aai/components/aai-sparky-be | |
parent | f0e88b345f6c6dd6d5733d74016fc44027ac407f (diff) |
[AAI] Service Mesh compatibility
This patch makes AAI to work on service mesh by removing https calls
from everywhere.
It allows also to use AAI on an environment without need of TLS.
Issue-ID: OOM-2670
Signed-off-by: Ondrej Frindrich <ondrej1.frindrich@orange.com>
Change-Id: I19adabc7b33c1ada243ec16f77dbf8fde19b1386
Diffstat (limited to 'kubernetes/aai/components/aai-sparky-be')
7 files changed, 23 insertions, 6 deletions
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties index fe8bd16fa1..ee1341751f 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties @@ -18,12 +18,15 @@ oxm.schemaNodeDir=/opt/app/sparky/onap/oxm #schemaServiceTranslator is used to define whether to retreive the oxm from schema service microservice or read from the disk, possible values are schema-service/config oxm.schemaServiceTranslatorList=config # The end point for onap is https://<hostname>:<port>/onap/schema-service/v1/ +{{ if ( include "common.needTLS" .) }} oxm.schemaServiceBaseUrl=https://<schema-service/config>/aai/schema-service/v1/ oxm.schemaServiceKeystore=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 oxm.schemaServiceTruststore=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks oxm.schemaServiceKeystorePassword=${KEYSTORE_PASSWORD} oxm.schemaServiceTruststorePassword=${TRUSTSTORE_PASSWORD} - +{{ else }} +oxm.schemaServiceBaseUrl=http://<schema-service/config>/aai/schema-service/v1/ +{{ end }} # Schema Service need this variable for the time being diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties index 3c6bd4e1ad..8bd4494a2b 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties @@ -15,6 +15,7 @@ */}} resources.hostname=aai +{{ if ( include "common.needTLS" .) }} resources.port=8443 resources.authType=SSL_BASIC resources.basicAuthUserName=aai@aai.onap.org @@ -23,3 +24,7 @@ resources.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certIni resources.trust-store-password=${TRUSTSTORE_PASSWORD} resources.client-cert={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 resources.client-cert-password=${KEYSTORE_PASSWORD} +{{ else }} +resources.port=8080 +resources.authType=HTTP_NOAUTH +{{ end }} diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties index 2e2351ad95..422e7ce150 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties @@ -13,8 +13,13 @@ # limitations under the License. server.port=8000 +{{ if ( include "common.needTLS" .) }} server.ssl.key-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 server.ssl.key-store-password=${KEYSTORE_PASSWORD} server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 server.ssl.trust-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks server.ssl.trust-store-password=${TRUSTSTORE_PASSWORD} +{{ else }} +security.require-ssl=false +server.ssl.enabled=false +{{ end }} diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties index 120f8ac114..90cb00069e 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties @@ -22,14 +22,16 @@ spring.mvc.favicon.enabled=false # and in the values.yaml change the internalPort to 9517 # -spring.profiles.active=camel,ssl,fe-prod,oxm-schema-prod,oxm-default,resources,aai-proxy +spring.profiles.active=camel,fe-prod,oxm-schema-prod,oxm-default,resources,aai-proxy,{{ ( eq "true" ( include "common.needTLS" .)) | ternary "ssl" "http" }} portal.cadiFileLocation={{.Values.config.cadiFileLocation}} searchservice.hostname={{.Values.global.searchData.serviceName}} searchservice.port=9509 +{{ if ( include "common.needTLS" .) }} searchservice.client-cert={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 searchservice.client-cert-password=${KEYSTORE_PASSWORD} searchservice.truststore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks searchservice.truststore-password=${TRUSTSTORE_PASSWORD} +{{ end }} schema.ingest.file=${CONFIG_HOME}/schemaIngest.properties diff --git a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml index 45ff270047..3768e629e7 100644 --- a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml @@ -39,6 +39,7 @@ spec: name: {{ include "common.name" . }} spec: initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} + {{- if ( include "common.needTLS" .) }} - command: - sh args: @@ -66,6 +67,7 @@ spec: image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config + {{- end }} - command: - /app/ready.py args: diff --git a/kubernetes/aai/components/aai-sparky-be/templates/service.yaml b/kubernetes/aai/components/aai-sparky-be/templates/service.yaml index 4633472a3b..457b3576a0 100644 --- a/kubernetes/aai/components/aai-sparky-be/templates/service.yaml +++ b/kubernetes/aai/components/aai-sparky-be/templates/service.yaml @@ -30,11 +30,11 @@ spec: {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} {{- else -}} - port: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} + name: {{ .Values.service.portName }}{{ ternary "s" "" (eq "true" (include "common.needTLS" .)) }} + {{- end }} selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml index 98dca5d11d..a27fc44388 100644 --- a/kubernetes/aai/components/aai-sparky-be/values.yaml +++ b/kubernetes/aai/components/aai-sparky-be/values.yaml @@ -113,7 +113,7 @@ readiness: service: type: NodePort - portName: aai-sparky-be + portName: http internalPort: 8000 nodePort: 20 |