diff options
| author |   osk11461 <ondrej1.frindrich@orange.com> | 2021-06-18 00:51:17 +0200 |
|---|---|---|
| committer | osk11461 <ondrej1.frindrich@orange.com> | 2021-09-13 14:39:31 +0200 |
| commit | 27fd7d8750ceeb798052eb8af36264c79b6536fb (patch) | |
| tree | 13d2896ff9c8e6dd4c1139500cf4909e8efd0fc7 /kubernetes/aai/components | |
| parent | f0e88b345f6c6dd6d5733d74016fc44027ac407f (diff) | |
[AAI] Service Mesh compatibility
This patch makes AAI to work on service mesh by removing https calls
from everywhere.
It allows also to use AAI on an environment without need of TLS.
Issue-ID: OOM-2670
Signed-off-by: Ondrej Frindrich <ondrej1.frindrich@orange.com>
Change-Id: I19adabc7b33c1ada243ec16f77dbf8fde19b1386
Diffstat (limited to 'kubernetes/aai/components')
33 files changed, 195 insertions, 73 deletions
diff --git a/kubernetes/aai/components/aai-babel/resources/config/application.properties b/kubernetes/aai/components/aai-babel/resources/config/application.properties new file mode 100644 index 0000000000..21ed6cd9ee --- /dev/null +++ b/kubernetes/aai/components/aai-babel/resources/config/application.properties @@ -0,0 +1,14 @@ +server.port=9516 +{{ if ( include "common.needTLS" .) }} +server.ssl.key-store=${CONFIG_HOME}/auth/tomcat_keystore +server.ssl.client-auth=need +{{ else }} +security.require-ssl=false +server.ssl.enabled=false +{{ end }} + +server.servlet.context-path=/services/babel-service + +logging.config=${CONFIG_HOME}/logback.xml + +tosca.mappings.config=${CONFIG_HOME}/tosca-mappings.json diff --git a/kubernetes/aai/components/aai-babel/templates/service.yaml b/kubernetes/aai/components/aai-babel/templates/service.yaml index db54ce14f2..87a29db457 100644 --- a/kubernetes/aai/components/aai-babel/templates/service.yaml +++ b/kubernetes/aai/components/aai-babel/templates/service.yaml @@ -32,11 +32,11 @@ spec: {{- if eq .Values.service.type "NodePort" }} - port: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} {{- else }} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} {{- end }} selector: diff --git a/kubernetes/aai/components/aai-babel/values.yaml b/kubernetes/aai/components/aai-babel/values.yaml index 7560efde26..a7f707deed 100644 --- a/kubernetes/aai/components/aai-babel/values.yaml +++ b/kubernetes/aai/components/aai-babel/values.yaml @@ -55,7 +55,7 @@ readiness: service: type: NodePort - portName: babel + portName: http externalPort: 9516 internalPort: 9516 nodePort: 79 diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties index e62ba07bfd..512e906b00 100644 --- a/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties +++ b/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties @@ -24,20 +24,28 @@ aai.config.checktime=1000 # this could come from siteconfig.pl? aai.config.nodename=AutomaticallyOverwritten +{{ if ( include "common.needTLS" .) }} aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/ aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/ aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/ +{{ else }} +aai.server.url.base=http://aai.{{ include "common.namespace" . }}/aai/ +aai.server.url=http://aai.{{ include "common.namespace" . }}/aai/{{ .Values.global.config.schema.version.api.default }}/ +aai.global.callback.url=http://aai.{{ include "common.namespace" . }}/aai/ +{{ end }} -{{ if .Values.global.config.basic.auth.enabled }} +{{ if or (.Values.global.config.basic.auth.enabled) ( include "common.onServiceMesh" .) }} aai.tools.enableBasicAuth=true aai.tools.username={{ .Values.global.config.basic.auth.username }} aai.tools.password={{ .Values.global.config.basic.auth.passwd }} {{ end }} +{{ if ( include "common.needTLS" .) }} aai.truststore.filename={{ .Values.global.config.truststore.filename }} aai.truststore.passwd.x={{ .Values.global.config.truststore.passwd }} aai.keystore.filename={{ .Values.global.config.keystore.filename }} aai.keystore.passwd.x={{ .Values.global.config.keystore.passwd }} +{{ end }} aai.notification.current.version={{ .Values.global.config.schema.version.api.default }} aai.notificationEvent.default.status=UNPROCESSED diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties index 8cefebc825..367e9038cd 100644 --- a/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties +++ b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties @@ -33,7 +33,7 @@ server.servlet.context-path=/ spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration -spring.profiles.active={{ .Values.config.profiles.active }} +spring.profiles.active={{ .Values.config.profiles.active }}{{ (eq "true" (include "common.needTLS" .)) | ternary ",one-way-ssl" "" }} spring.jersey.application-path=${schema.uri.base.path} #The max number of active threads in this pool server.tomcat.max-threads=200 @@ -48,6 +48,7 @@ server.local.startpath=aai-graphadmin/src/main/resources/ server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties server.port=8449 +{{ if ( include "common.needTLS" .) }} server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 server.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }} server.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) @@ -55,11 +56,15 @@ server.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.conf server.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) server.ssl.client-auth=want server.ssl.key-store-type=JKS +{{ else }} +security.require-ssl=false +server.ssl.enabled=false +{{ end }} # JMS bind address host port jms.bind.address=tcp://localhost:61649 -dmaap.ribbon.listOfServers=message-router.{{.Release.Namespace}}:3905 -dmaap.ribbon.transportType=https +dmaap.ribbon.listOfServers=message-router.{{.Release.Namespace}}:{{ (eq "true" (include "common.needTLS" .)) | ternary 3905 3904 }} +dmaap.ribbon.transportType={{ include "common.scheme" . }} # Schema related attributes for the oxm and edges # Any additional schema related attributes should start with prefix schema @@ -91,23 +96,28 @@ schema.version.edge.label.start={{ .Values.global.config.schema.version.edge.lab schema.version.api.default={{ .Values.global.config.schema.version.api.default }} schema.translator.list={{ .Values.global.config.schema.translator.list }} -schema.service.base.url=https://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/ +schema.service.base.url={{ include "common.scheme" . }}://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/ schema.service.nodes.endpoint=nodes?version= schema.service.edges.endpoint=edgerules?version= schema.service.versions.endpoint=versions -schema.service.client={{ .Values.global.config.schema.service.client }} +schema.service.client={{ (eq "true" (include "common.needTLS" .)) | ternary .Values.global.config.schema.service.client "no-auth" }} +{{ if ( include "common.needTLS" .) }} schema.service.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }} schema.service.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }} schema.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) schema.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) +{{ end }} aperture.rdbmsname=aai_relational -aperture.service.client={{ .Values.global.config.schema.service.client }} +aperture.service.client={{ (eq "true" (include "common.needTLS" .)) | ternary .Values.global.config.schema.service.client "no-auth" }} + aperture.service.base.url=http://localhost:8457/aai/aperture +{{ if ( include "common.needTLS" .) }} aperture.service.ssl.key-store=${server.local.startpath}etc/auth/{{ .Values.global.config.keystore.filename }} aperture.service.ssl.trust-store=${server.local.startpath}etc/auth/{{ .Values.global.config.truststore.filename }} aperture.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) aperture.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) +{{ end }} aperture.service.timeout-in-milliseconds=300000 diff --git a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml index 5e6f2bc33d..8ed7ce83bc 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml @@ -187,4 +187,4 @@ spec: {{ end }} restartPolicy: {{ .Values.restartPolicy }} imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" + - name: {{ include "common.namespace" . }}-docker-registry-key diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml index 154ad30c1a..0cdce11395 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml @@ -80,8 +80,10 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /bin/bash - - docker-entrypoint.sh - - dataSnapshot.sh + - -c + - | + bash docker-entrypoint.sh dataSnapshot.sh ; + {{- include "common.serviceMesh.killSidecar" . | indent 11 | trim }} env: - name: LOCAL_USER_ID value: {{ .Values.global.config.userId | quote }} diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml index 79144680b4..7c078e9236 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml @@ -80,8 +80,10 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /bin/bash - - docker-entrypoint.sh - - createDBSchema.sh + - -c + - | + bash docker-entrypoint.sh createDBSchema.sh ; + {{- include "common.serviceMesh.killSidecar" . | indent 11 | trim }} env: - name: LOCAL_USER_ID value: {{ .Values.global.config.userId | quote }} @@ -149,5 +151,5 @@ spec: {{ end }} restartPolicy: Never imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" + - name: {{ include "common.namespace" . }}-docker-registry-key {{ end }} diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml index 4b100dd97b..9b4be4e4c7 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml @@ -130,7 +130,9 @@ spec: command: - /bin/bash - -c - - bash docker-entrypoint.sh run_Migrations.sh -e UpdateAaiUriIndexMigration --commit --skipPreMigrationSnapShot --runDisabled RebuildAllEdges + - | + bash docker-entrypoint.sh run_Migrations.sh -e UpdateAaiUriIndexMigration --commit --skipPreMigrationSnapShot --runDisabled RebuildAllEdges ; + {{- include "common.serviceMesh.killSidecar" . | indent 11 | trim }} env: - name: LOCAL_USER_ID value: {{ .Values.global.config.userId | quote }} @@ -248,8 +250,10 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /bin/bash - - docker-entrypoint.sh - - dataSnapshot.sh + - -c + - | + bash docker-entrypoint.sh dataSnapshot.sh ; + {{- include "common.serviceMesh.killSidecar" . | indent 11 | trim }} env: - name: LOCAL_USER_ID value: {{ .Values.global.config.userId | quote }} diff --git a/kubernetes/aai/components/aai-graphadmin/templates/service.yaml b/kubernetes/aai/components/aai-graphadmin/templates/service.yaml index 2f7aaa960d..85165e2dc4 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/service.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/service.yaml @@ -35,17 +35,16 @@ spec: {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} - port: {{ .Values.service.internalPort2 }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} name: {{ .Values.service.portName2 }} {{- else -}} - port: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} - port: {{ .Values.service.internalPort2 }} name: {{ .Values.service.portName2 }} {{- end}} selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} - clusterIP: None diff --git a/kubernetes/aai/components/aai-graphadmin/values.yaml b/kubernetes/aai/components/aai-graphadmin/values.yaml index 63c668fb9e..ad6ef3c984 100644 --- a/kubernetes/aai/components/aai-graphadmin/values.yaml +++ b/kubernetes/aai/components/aai-graphadmin/values.yaml @@ -61,6 +61,7 @@ global: # global defaults # Schema specific properties that include supported versions of api schema: # Specifies if the connection should be one way ssl, two way ssl or no auth + # will be set to no-auth if tls is disabled service: client: one-way-ssl # Specifies which translator to use if it has schema-service, then it will @@ -131,7 +132,9 @@ config: # Specify the profiles for the graphadmin microservice profiles: - active: "dmaap,one-way-ssl" + # one way ssl profile will be set unless tlsEnabled is set to false or serviceMesh is enabled and + # serviceMesh.tls is set to tru + active: dmaap #,one-way-ssl" # Specifies the timeout limit for the REST API requests timeout: @@ -200,9 +203,9 @@ readiness: service: type: ClusterIP # REST API port for the graphadmin microservice - portName: aai-graphadmin-8449 + portName: http internalPort: 8449 - portName2: aai-graphadmin-5005 + portName2: tcp-5005 internalPort2: 5005 ingress: diff --git a/kubernetes/aai/components/aai-modelloader/resources/config/model-loader.properties b/kubernetes/aai/components/aai-modelloader/resources/config/model-loader.properties index 772fa0da1b..41b855490a 100644 --- a/kubernetes/aai/components/aai-modelloader/resources/config/model-loader.properties +++ b/kubernetes/aai/components/aai-modelloader/resources/config/model-loader.properties @@ -16,13 +16,19 @@ # Model Loader Distribution Client Configuration */}} ml.distribution.ACTIVE_SERVER_TLS_AUTH=false +{{ if ( include "common.needTLS" .) }} ml.distribution.ASDC_ADDRESS=sdc-be.{{.Release.Namespace}}:8443 -ml.distribution.CONSUMER_GROUP=aai-ml-group -ml.distribution.CONSUMER_ID=aai-ml -ml.distribution.ENVIRONMENT_NAME=AUTO +ml.distribution.ASDC_USE_HTTPS=true ml.distribution.KEYSTORE_PASSWORD= ml.distribution.KEYSTORE_FILE=asdc-client.jks ml.distribution.PASSWORD=OBF:1ks51l8d1o3i1pcc1r2r1e211r391kls1pyj1z7u1njf1lx51go21hnj1y0k1mli1sop1k8o1j651vu91mxw1vun1mze1vv11j8x1k5i1sp11mjc1y161hlr1gm41m111nkj1z781pw31kku1r4p1e391r571pbm1o741l4x1ksp +{{ else }} +ml.distribution.ASDC_ADDRESS=sdc-be.{{.Release.Namespace}}:8080 +ml.distribution.ASDC_USE_HTTPS=false +{{ end }} +ml.distribution.CONSUMER_GROUP=aai-ml-group +ml.distribution.CONSUMER_ID=aai-ml +ml.distribution.ENVIRONMENT_NAME=AUTO ml.distribution.POLLING_INTERVAL=30 ml.distribution.POLLING_TIMEOUT=20 ml.distribution.USER=aai @@ -30,19 +36,26 @@ ml.distribution.ARTIFACT_TYPES=MODEL_QUERY_SPEC,TOSCA_CSAR ml.distribution.MSG_BUS_ADDRESSES=message-router.{{.Release.Namespace}} # Model Loader AAI REST Client Configuration +{{ if ( include "common.needTLS" .) }} ml.aai.BASE_URL=https://aai.{{.Release.Namespace}}:8443 +ml.aai.KEYSTORE_FILE=aai-os-cert.p12 +ml.aai.KEYSTORE_PASSWORD=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o +{{ else }} +ml.aai.BASE_URL=http://aai.{{.Release.Namespace}}:8080 +{{ end }} ml.aai.MODEL_URL=/aai/v*/service-design-and-creation/models/model/ ml.aai.NAMED_QUERY_URL=/aai/v*/service-design-and-creation/named-queries/named-query/ ml.aai.VNF_IMAGE_URL=/aai/v*/service-design-and-creation/vnf-images -ml.aai.KEYSTORE_FILE=aai-os-cert.p12 -ml.aai.KEYSTORE_PASSWORD=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o + ml.aai.AUTH_USER=ModelLoader ml.aai.AUTH_PASSWORD=OBF:1qvu1v2h1sov1sar1wfw1j7j1wg21saj1sov1v1x1qxw # Model Loader Babel REST Client Configuration\r -ml.babel.BASE_URL=https://aai-babel.{{.Release.Namespace}}:9516 +ml.babel.BASE_URL={{ include "common.scheme" . }}://aai-babel.{{.Release.Namespace}}:9516 ml.babel.GENERATE_ARTIFACTS_URL=/services/babel-service/v1/app/generateArtifacts +{{ if ( include "common.needTLS" .) }} ml.babel.KEYSTORE_FILE=babel-client-cert.p12 ml.babel.KEYSTORE_PASSWORD=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 ml.babel.TRUSTSTORE_FILE=tomcat_keystore ml.babel.TRUSTSTORE_PASSWORD=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 +{{ end }} diff --git a/kubernetes/aai/components/aai-modelloader/values.yaml b/kubernetes/aai/components/aai-modelloader/values.yaml index b235ba171c..38eab954a9 100644 --- a/kubernetes/aai/components/aai-modelloader/values.yaml +++ b/kubernetes/aai/components/aai-modelloader/values.yaml @@ -50,11 +50,11 @@ readiness: service: type: NodePort - portName: aai-modelloader + portName: http externalPort: 8080 internalPort: 8080 nodePort: 10 - portName2: aai-modelloader-ssl + portName2: https externalPort2: 8443 internalPort2: 8443 nodePort2: 29 diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties b/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties index 0d51326f3b..2e6fd25c2b 100644 --- a/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties +++ b/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties @@ -38,9 +38,15 @@ aai.config.checktime=1000 # this could come from siteconfig.pl? aai.config.nodename=AutomaticallyOverwritten +{{ if ( include "common.needTLS" .) }} aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/ aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/ aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/ +{{ else }} +aai.server.url.base=http://aai.{{ include "common.namespace" . }}/aai/ +aai.server.url=http://aai.{{ include "common.namespace" . }}/aai/{{ .Values.global.config.schema.version.api.default }}/ +aai.global.callback.url=http://aai.{{ include "common.namespace" . }}/aai/ +{{ end }} {{ if .Values.global.config.basic.auth.enabled }} aai.tools.enableBasicAuth=true @@ -48,10 +54,12 @@ aai.tools.username={{ .Values.global.config.basic.auth.username }} aai.tools.password={{ .Values.global.config.basic.auth.passwd }} {{ end }} +{{ if ( include "common.needTLS" .) }} aai.truststore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks aai.truststore.passwd.x=${TRUSTSTORE_PASSWORD} aai.keystore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 aai.keystore.passwd.x=${KEYSTORE_PASSWORD} +{{ end }} aai.notification.current.version={{ .Values.global.config.schema.version.api.default }} aai.notificationEvent.default.status=UNPROCESSED diff --git a/kubernetes/aai/components/aai-resources/resources/config/application.properties b/kubernetes/aai/components/aai-resources/resources/config/application.properties index 70ebd3ac54..2891e0385f 100644 --- a/kubernetes/aai/components/aai-resources/resources/config/application.properties +++ b/kubernetes/aai/components/aai-resources/resources/config/application.properties @@ -28,8 +28,7 @@ spring.main.allow-bean-definition-overriding=true server.servlet.context-path=/ spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,org.keycloak.adapters.springboot.KeycloakAutoConfiguration,org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration - -spring.profiles.active={{ .Values.global.config.profiles.active }} +spring.profiles.active={{ .Values.global.config.profiles.active }}{{ .Values.global.aafEnabled | ternary ",aaf-auth" "" }} spring.jersey.application-path=${schema.uri.base.path} #The max number of active threads in this pool server.tomcat.max-threads=200 @@ -44,6 +43,7 @@ server.local.startpath=aai-resources/src/main/resources/ server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties server.port=8447 +{{ if ( include "common.needTLS" .) }} server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 server.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 server.ssl.key-store-password=${KEYSTORE_PASSWORD} @@ -51,11 +51,15 @@ server.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certIn server.ssl.trust-store-password=${TRUSTSTORE_PASSWORD} server.ssl.client-auth=want server.ssl.key-store-type=JKS +{{ else }} +security.require-ssl=false +server.ssl.enabled=false +{{ end }} # JMS bind address host port jms.bind.address=tcp://localhost:61647 -dmaap.ribbon.listOfServers=message-router.{{.Release.Namespace}}:3905 -dmaap.ribbon.transportType=https +dmaap.ribbon.listOfServers=message-router.{{.Release.Namespace}}:{{ (eq "true" (include "common.needTLS" .)) | ternary 3905 3904 }} +dmaap.ribbon.transportType={{ include "common.scheme" . }} # Schema related attributes for the oxm and edges # Any additional schema related attributes should start with prefix schema @@ -87,13 +91,15 @@ schema.version.edge.label.start={{ .Values.global.config.schema.version.edge.lab schema.version.api.default={{ .Values.global.config.schema.version.api.default }} schema.translator.list={{ .Values.global.config.schema.translator.list }} -schema.service.base.url=https://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/ +schema.service.base.url={{ include "common.scheme" . }}://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/ schema.service.nodes.endpoint=nodes?version= schema.service.edges.endpoint=edgerules?version= schema.service.versions.endpoint=versions -schema.service.client={{ .Values.global.config.schema.service.client }} +schema.service.client={{ (eq "true" ( include "common.needTLS" .)) | ternary .Values.global.config.schema.service.client "no-auth" }} +{{ if ( include "common.needTLS" .) }} schema.service.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 schema.service.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks schema.service.ssl.key-store-password=${KEYSTORE_PASSWORD} schema.service.ssl.trust-store-password=${TRUSTSTORE_PASSWORD} +{{ end }} diff --git a/kubernetes/aai/components/aai-resources/templates/service.yaml b/kubernetes/aai/components/aai-resources/templates/service.yaml index e4f84a963d..46118461d1 100644 --- a/kubernetes/aai/components/aai-resources/templates/service.yaml +++ b/kubernetes/aai/components/aai-resources/templates/service.yaml @@ -30,13 +30,13 @@ spec: {{ if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} - port: {{ .Values.service.internalPort2 }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} name: {{ .Values.service.portName2 }} {{- else -}} - port: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} - port: {{ .Values.service.internalPort2 }} name: {{ .Values.service.portName2 }} {{- end }} diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml index f30b067b2e..776f8be4b4 100644 --- a/kubernetes/aai/components/aai-resources/values.yaml +++ b/kubernetes/aai/components/aai-resources/values.yaml @@ -33,6 +33,8 @@ global: # global defaults migration: enabled: false + aafEnabled: false + config: # Specifies that the cluster connected to a dynamic # cluster being spinned up by kubernetes deployment @@ -49,7 +51,8 @@ global: # global defaults # Active spring profiles for the resources microservice profiles: - active: production,dmaap,aaf-auth #,keycloak + # aaf-auth profile will be automatically set if aaf enabled is set to true + active: production,dmaap #,aaf-auth # Notification event specific properties notification: @@ -216,9 +219,9 @@ readiness: service: type: ClusterIP - portName: aai-resources-8447 + portName: http internalPort: 8447 - portName2: aai-resources-5005 + portName2: tcp-5005 internalPort2: 5005 ingress: diff --git a/kubernetes/aai/components/aai-schema-service/config/aaiconfig.properties b/kubernetes/aai/components/aai-schema-service/config/aaiconfig.properties index b107cd4f3a..b0ed0e89a0 100644 --- a/kubernetes/aai/components/aai-schema-service/config/aaiconfig.properties +++ b/kubernetes/aai/components/aai-schema-service/config/aaiconfig.properties @@ -19,20 +19,28 @@ # ============LICENSE_END========================================================= */}} +{{ if ( include "common.needTLS" .) }} aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/ aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/ aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/ +{{ else }} +aai.server.url.base=http://aai.{{ include "common.namespace" . }}/aai/ +aai.server.url=http://aai.{{ include "common.namespace" . }}/aai/{{ .Values.global.config.schema.version.api.default }}/ +aai.global.callback.url=http://aai.{{ include "common.namespace" . }}/aai/ +{{ end }} -{{ if .Values.global.config.basic.auth.enabled }} +{{ if or (.Values.global.config.basic.auth.enabled) ( include "common.onServiceMesh" .) }} aai.tools.enableBasicAuth=true aai.tools.username={{ .Values.global.config.basic.auth.username }} aai.tools.password={{ .Values.global.config.basic.auth.passwd }} {{ end }} +{{ if ( include "common.needTLS" .) }} aai.truststore.filename={{ .Values.global.config.truststore.filename }} aai.truststore.passwd.x={{ .Values.global.config.truststore.passwd }} aai.keystore.filename={{ .Values.global.config.keystore.filename }} aai.keystore.passwd.x={{ .Values.global.config.keystore.passwd }} +{{ end }} aai.default.api.version={{ .Values.global.config.schema.version.api.default }} diff --git a/kubernetes/aai/components/aai-schema-service/config/application.properties b/kubernetes/aai/components/aai-schema-service/config/application.properties index 499fa96cd5..ad700dce6e 100644 --- a/kubernetes/aai/components/aai-schema-service/config/application.properties +++ b/kubernetes/aai/components/aai-schema-service/config/application.properties @@ -37,6 +37,7 @@ server.local.startpath=aai-schema-service/src/main/resources/ server.basic.auth.location=${server.local.startpath}/etc/auth/realm.properties server.port=8452 +{{ if ( include "common.needTLS" .) }} server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 server.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }} server.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) @@ -44,6 +45,10 @@ server.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.conf server.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) server.ssl.client-auth=want server.ssl.key-store-type=JKS +{{ else }} +security.require-ssl=false +server.ssl.enabled=false +{{ end }} schema.configuration.location=N/A schema.source.name={{ .Values.global.config.schema.source.name }} diff --git a/kubernetes/aai/components/aai-schema-service/templates/service.yaml b/kubernetes/aai/components/aai-schema-service/templates/service.yaml index 66dfd493dd..b54b6be644 100644 --- a/kubernetes/aai/components/aai-schema-service/templates/service.yaml +++ b/kubernetes/aai/components/aai-schema-service/templates/service.yaml @@ -30,17 +30,16 @@ spec: {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} - port: {{ .Values.service.internalPort2 }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} name: {{ .Values.service.portName2 }} {{- else -}} - port: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} - port: {{ .Values.service.internalPort2 }} name: {{ .Values.service.portName2 }} - {{- end}} + {{- end }} selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} - clusterIP: None diff --git a/kubernetes/aai/components/aai-schema-service/values.yaml b/kubernetes/aai/components/aai-schema-service/values.yaml index 50bd6c38b8..13d257a5c1 100644 --- a/kubernetes/aai/components/aai-schema-service/values.yaml +++ b/kubernetes/aai/components/aai-schema-service/values.yaml @@ -99,9 +99,9 @@ readiness: service: type: ClusterIP - portName: aai-schema-service-8452 + portName: http internalPort: 8452 - portName2: aai-schema-service-5005 + portName2: tcp-5005 internalPort2: 5005 ingress: diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties index fe8bd16fa1..ee1341751f 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties @@ -18,12 +18,15 @@ oxm.schemaNodeDir=/opt/app/sparky/onap/oxm #schemaServiceTranslator is used to define whether to retreive the oxm from schema service microservice or read from the disk, possible values are schema-service/config oxm.schemaServiceTranslatorList=config # The end point for onap is https://<hostname>:<port>/onap/schema-service/v1/ +{{ if ( include "common.needTLS" .) }} oxm.schemaServiceBaseUrl=https://<schema-service/config>/aai/schema-service/v1/ oxm.schemaServiceKeystore=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 oxm.schemaServiceTruststore=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks oxm.schemaServiceKeystorePassword=${KEYSTORE_PASSWORD} oxm.schemaServiceTruststorePassword=${TRUSTSTORE_PASSWORD} - +{{ else }} +oxm.schemaServiceBaseUrl=http://<schema-service/config>/aai/schema-service/v1/ +{{ end }} # Schema Service need this variable for the time being diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties index 3c6bd4e1ad..8bd4494a2b 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties @@ -15,6 +15,7 @@ */}} resources.hostname=aai +{{ if ( include "common.needTLS" .) }} resources.port=8443 resources.authType=SSL_BASIC resources.basicAuthUserName=aai@aai.onap.org @@ -23,3 +24,7 @@ resources.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certIni resources.trust-store-password=${TRUSTSTORE_PASSWORD} resources.client-cert={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 resources.client-cert-password=${KEYSTORE_PASSWORD} +{{ else }} +resources.port=8080 +resources.authType=HTTP_NOAUTH +{{ end }} diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties index 2e2351ad95..422e7ce150 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties @@ -13,8 +13,13 @@ # limitations under the License. server.port=8000 +{{ if ( include "common.needTLS" .) }} server.ssl.key-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 server.ssl.key-store-password=${KEYSTORE_PASSWORD} server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 server.ssl.trust-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks server.ssl.trust-store-password=${TRUSTSTORE_PASSWORD} +{{ else }} +security.require-ssl=false +server.ssl.enabled=false +{{ end }} diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties index 120f8ac114..90cb00069e 100644 --- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties @@ -22,14 +22,16 @@ spring.mvc.favicon.enabled=false # and in the values.yaml change the internalPort to 9517 # -spring.profiles.active=camel,ssl,fe-prod,oxm-schema-prod,oxm-default,resources,aai-proxy +spring.profiles.active=camel,fe-prod,oxm-schema-prod,oxm-default,resources,aai-proxy,{{ ( eq "true" ( include "common.needTLS" .)) | ternary "ssl" "http" }} portal.cadiFileLocation={{.Values.config.cadiFileLocation}} searchservice.hostname={{.Values.global.searchData.serviceName}} searchservice.port=9509 +{{ if ( include "common.needTLS" .) }} searchservice.client-cert={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 searchservice.client-cert-password=${KEYSTORE_PASSWORD} searchservice.truststore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks searchservice.truststore-password=${TRUSTSTORE_PASSWORD} +{{ end }} schema.ingest.file=${CONFIG_HOME}/schemaIngest.properties diff --git a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml index 45ff270047..3768e629e7 100644 --- a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml @@ -39,6 +39,7 @@ spec: name: {{ include "common.name" . }} spec: initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} + {{- if ( include "common.needTLS" .) }} - command: - sh args: @@ -66,6 +67,7 @@ spec: image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config + {{- end }} - command: - /app/ready.py args: diff --git a/kubernetes/aai/components/aai-sparky-be/templates/service.yaml b/kubernetes/aai/components/aai-sparky-be/templates/service.yaml index 4633472a3b..457b3576a0 100644 --- a/kubernetes/aai/components/aai-sparky-be/templates/service.yaml +++ b/kubernetes/aai/components/aai-sparky-be/templates/service.yaml @@ -30,11 +30,11 @@ spec: {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} {{- else -}} - port: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} + name: {{ .Values.service.portName }}{{ ternary "s" "" (eq "true" (include "common.needTLS" .)) }} + {{- end }} selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml index 98dca5d11d..a27fc44388 100644 --- a/kubernetes/aai/components/aai-sparky-be/values.yaml +++ b/kubernetes/aai/components/aai-sparky-be/values.yaml @@ -113,7 +113,7 @@ readiness: service: type: NodePort - portName: aai-sparky-be + portName: http internalPort: 8000 nodePort: 20 diff --git a/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties b/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties index 843a90bbcd..b8a2b5fe03 100644 --- a/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties +++ b/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties @@ -28,20 +28,28 @@ aai.config.checktime=1000 # this could come from siteconfig.pl? aai.config.nodename=AutomaticallyOverwritten +{{ if ( include "common.needTLS" .) }} aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/ aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/ aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/ +{{else}} +aai.server.url.base=http://aai.{{ include "common.namespace" . }}/aai/ +aai.server.url=http://aai.{{ include "common.namespace" . }}/aai/{{ .Values.global.config.schema.version.api.default }}/ +aai.global.callback.url=http://aai.{{ include "common.namespace" . }}/aai/ +{{ end }} -{{ if .Values.global.config.basic.auth.enabled }} +{{ if or (.Values.global.config.basic.auth.enabled) ( include "common.onServiceMesh" .) }} aai.tools.enableBasicAuth=true aai.tools.username={{ .Values.global.config.basic.auth.username }} aai.tools.password={{ .Values.global.config.basic.auth.passwd }} {{ end }} +{{ if ( include "common.needTLS" .) }} aai.truststore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks aai.truststore.passwd.x=${TRUSTSTORE_PASSWORD} aai.keystore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 aai.keystore.passwd.x=${KEYSTORE_PASSWORD} +{{ end }} aai.notification.current.version={{ .Values.global.config.schema.version.api.default }} aai.notificationEvent.default.status=UNPROCESSED diff --git a/kubernetes/aai/components/aai-traversal/resources/config/application.properties b/kubernetes/aai/components/aai-traversal/resources/config/application.properties index a5e92c5a61..54bb1c4afd 100644 --- a/kubernetes/aai/components/aai-traversal/resources/config/application.properties +++ b/kubernetes/aai/components/aai-traversal/resources/config/application.properties @@ -29,7 +29,7 @@ server.servlet.context-path=/ spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration -spring.profiles.active={{ .Values.global.config.profiles.active }} +spring.profiles.active={{ .Values.global.config.profiles.active }}{{ (eq "true" (include "common.needTLS" .)) | ternary ",one-way-ssl" "" }} spring.jersey.application-path=${schema.uri.base.path} #The max number of active threads in this pool server.tomcat.max-threads=200 @@ -44,6 +44,7 @@ server.local.startpath=aai-traversal/src/main/resources/ server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties server.port=8446 +{{ if ( include "common.needTLS" .) }} server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 server.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 server.ssl.key-store-password=${KEYSTORE_PASSWORD} @@ -51,11 +52,15 @@ server.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certIn server.ssl.trust-store-password=${TRUSTSTORE_PASSWORD} server.ssl.client-auth=want server.ssl.key-store-type=JKS +{{ else }} +security.require-ssl=false +server.ssl.enabled=false +{{ end }} # JMS bind address host port jms.bind.address=tcp://localhost:61647 -dmaap.ribbon.listOfServers=message-router.{{ include "common.namespace" . }}:3905 -dmaap.ribbon.transportType=https +dmaap.ribbon.listOfServers=message-router.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary 3905 3904 }} +dmaap.ribbon.transportType={{ include "common.scheme" . }} # Schema related attributes for the oxm and edges # Any additional schema related attributes should start with prefix schema @@ -89,14 +94,16 @@ schema.version.edge.label.start={{ .Values.global.config.schema.version.edge.lab schema.version.api.default={{ .Values.global.config.schema.version.api.default }} schema.translator.list={{ .Values.global.config.schema.translator.list }} -schema.service.base.url=https://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/ +schema.service.base.url={{ include "common.scheme" . }}://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/ schema.service.nodes.endpoint=nodes?version= schema.service.edges.endpoint=edgerules?version= schema.service.versions.endpoint=versions schema.service.custom.queries.endpoint=stored-queries -schema.service.client={{ .Values.global.config.schema.service.client }} +schema.service.client={{ (eq "true" (include "common.needTLS" .)) | ternary .Values.global.config.schema.service.client "no-auth" }} +{{ if ( include "common.needTLS" .) }} schema.service.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 schema.service.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks schema.service.ssl.key-store-password=${KEYSTORE_PASSWORD} schema.service.ssl.trust-store-password=${TRUSTSTORE_PASSWORD} +{{ end }} diff --git a/kubernetes/aai/components/aai-traversal/templates/job.yaml b/kubernetes/aai/components/aai-traversal/templates/job.yaml index 2eac7fe722..42f0f47bb0 100644 --- a/kubernetes/aai/components/aai-traversal/templates/job.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/job.yaml @@ -69,10 +69,16 @@ spec: - bash - "-c" - | - set -x - if [ ! -d /opt/aai/logroot/AAI-GQ/misc ]; then mkdir -p /opt/aai/logroot/AAI-GQ/misc; fi - until nc -w10 -z -v aai.{{.Release.Namespace}} 8443; do echo "Retrying to reach aai on port 8443"; done; - bash -x /opt/app/aai-traversal/docker-entrypoint.sh install/updateQueryData.sh + set -x + if [ ! -d /opt/aai/logroot/AAI-GQ/misc ]; then mkdir -p /opt/aai/logroot/AAI-GQ/misc; fi + {{- if (include "common.needTLS" .) }} + until nc -w10 -z -v aai.{{.Release.Namespace}} 8443; do echo "Retrying to reach aai on port 8443"; done; + bash -x /opt/app/aai-traversal/docker-entrypoint.sh install/updateQueryData.sh + {{- else }} + until nc -w10 -z -v aai.{{.Release.Namespace}} 80; do echo "Retrying to reach aai on port 80"; done; + bash -x /opt/app/aai-traversal/docker-entrypoint.sh install/updateQueryData.sh ; + {{- include "common.serviceMesh.killSidecar" . | indent 11 | trim }} + {{- end }} env: - name: LOCAL_USER_ID value: {{ .Values.global.config.userId | quote }} diff --git a/kubernetes/aai/components/aai-traversal/templates/service.yaml b/kubernetes/aai/components/aai-traversal/templates/service.yaml index fad857bb41..b54b6be644 100644 --- a/kubernetes/aai/components/aai-traversal/templates/service.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/service.yaml @@ -30,16 +30,16 @@ spec: {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} - port: {{ .Values.service.internalPort2 }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} name: {{ .Values.service.portName2 }} {{- else -}} - port: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} - port: {{ .Values.service.internalPort2 }} name: {{ .Values.service.portName2 }} - {{- end}} + {{- end }} selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml index ad4279a543..c1746be9ed 100644 --- a/kubernetes/aai/components/aai-traversal/values.yaml +++ b/kubernetes/aai/components/aai-traversal/values.yaml @@ -59,7 +59,7 @@ global: # global defaults # Active spring profiles for the resources microservice profiles: - active: production,dmaap,aaf-auth #,keycloak + active: production,dmaap #,aaf-auth ,keycloak # Notification event specific properties notification: @@ -241,9 +241,9 @@ readiness: service: type: ClusterIP - portName: aai-traversal-8446 + portName: http internalPort: 8446 - portName2: aai-traversal-5005 + portName2: tcp-5005 internalPort2: 5005 ingress: |