aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/aai
diff options
context:
space:
mode:
authorAndreas Seelinger <andreas.seelinger@accenture.com>2024-11-07 10:20:07 +0100
committerAndreas Seelinger <andreas.seelinger@accenture.com>2024-12-09 12:53:21 +0100
commit23428032527583798d5e42aa96555728cc71a06d (patch)
tree82bdc7d9ff753088772a839cfffb6d09592362dd /kubernetes/aai
parent64e996851eb741093e18b8c9948f23dd91b26d96 (diff)
[AAI] Fix Kyverno Policy violations
- Refactored code for readiness check and use library readinessCheck - Fixed securityContext settings - Limit emptyVolume size and make it configurable - Important: Need to use aai-haproxy docker image version >= 1.15.2 - Refactore meta labels and use common.labels instead Issue-ID: AAI-4044 Change-Id: I346316e64cb67222836951cf12b3772bbf509c6a Signed-off-by: Andreas Seelinger <andreas.seelinger@accenture.com>
Diffstat (limited to 'kubernetes/aai')
-rw-r--r--kubernetes/aai/Chart.yaml5
-rw-r--r--kubernetes/aai/components/aai-babel/Chart.yaml2
-rw-r--r--kubernetes/aai/components/aai-babel/templates/configmap.yaml6
-rw-r--r--kubernetes/aai/components/aai-babel/templates/deployment.yaml15
-rw-r--r--kubernetes/aai/components/aai-babel/templates/secrets.yaml6
-rw-r--r--kubernetes/aai/components/aai-babel/values.yaml12
-rw-r--r--kubernetes/aai/components/aai-graphadmin/Chart.yaml2
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/aai-graph-kafka-user.yml2
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/configmap.yaml18
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml38
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml33
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml10
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml46
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/pv.yaml8
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/pvc.yaml6
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/service.yaml11
-rw-r--r--kubernetes/aai/components/aai-graphadmin/values.yaml37
-rw-r--r--kubernetes/aai/components/aai-modelloader/Chart.yaml2
-rw-r--r--kubernetes/aai/components/aai-modelloader/templates/configmap.yaml12
-rw-r--r--kubernetes/aai/components/aai-modelloader/templates/deployment.yaml41
-rw-r--r--kubernetes/aai/components/aai-modelloader/templates/podmonitor.yaml3
-rw-r--r--kubernetes/aai/components/aai-modelloader/values.yaml21
-rw-r--r--kubernetes/aai/components/aai-resources/Chart.yaml5
-rw-r--r--kubernetes/aai/components/aai-resources/templates/aai-kafka-user.yml2
-rw-r--r--kubernetes/aai/components/aai-resources/templates/autoscaling.yaml6
-rw-r--r--kubernetes/aai/components/aai-resources/templates/configmap.yaml6
-rw-r--r--kubernetes/aai/components/aai-resources/templates/deployment.yaml79
-rw-r--r--kubernetes/aai/components/aai-resources/templates/service.yaml11
-rw-r--r--kubernetes/aai/components/aai-resources/values.yaml31
-rw-r--r--kubernetes/aai/components/aai-schema-service/Chart.yaml2
-rw-r--r--kubernetes/aai/components/aai-schema-service/templates/configmap.yaml30
-rw-r--r--kubernetes/aai/components/aai-schema-service/templates/deployment.yaml55
-rw-r--r--kubernetes/aai/components/aai-schema-service/templates/service.yaml11
-rw-r--r--kubernetes/aai/components/aai-schema-service/values.yaml7
-rw-r--r--kubernetes/aai/components/aai-sparky-be/Chart.yaml5
-rw-r--r--kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml9
-rw-r--r--kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml30
-rw-r--r--kubernetes/aai/components/aai-sparky-be/values.yaml20
-rw-r--r--kubernetes/aai/components/aai-traversal/Chart.yaml5
-rw-r--r--kubernetes/aai/components/aai-traversal/templates/aai-trav-kafka-user.yml2
-rw-r--r--kubernetes/aai/components/aai-traversal/templates/autoscaling.yaml9
-rw-r--r--kubernetes/aai/components/aai-traversal/templates/configmap.yaml9
-rw-r--r--kubernetes/aai/components/aai-traversal/templates/deployment.yaml78
-rw-r--r--kubernetes/aai/components/aai-traversal/templates/job.yaml50
-rw-r--r--kubernetes/aai/components/aai-traversal/templates/service.yaml11
-rw-r--r--kubernetes/aai/components/aai-traversal/values.yaml35
-rw-r--r--kubernetes/aai/resources/config/haproxy/resolvers.conf3
-rw-r--r--kubernetes/aai/templates/authorizationpolicy.yaml1
-rw-r--r--kubernetes/aai/templates/configmap.yaml10
-rw-r--r--kubernetes/aai/templates/deployment.yaml94
-rw-r--r--kubernetes/aai/templates/secret.yaml7
-rw-r--r--kubernetes/aai/templates/service.yaml30
-rw-r--r--kubernetes/aai/values.yaml36
53 files changed, 413 insertions, 612 deletions
diff --git a/kubernetes/aai/Chart.yaml b/kubernetes/aai/Chart.yaml
index 351f01a5e0..77078332c9 100644
--- a/kubernetes/aai/Chart.yaml
+++ b/kubernetes/aai/Chart.yaml
@@ -18,7 +18,7 @@
apiVersion: v2
description: ONAP Active and Available Inventory
name: aai
-version: 15.0.0
+version: 15.0.1
dependencies:
- name: common
@@ -34,6 +34,9 @@ dependencies:
- name: repositoryGenerator
version: ~13.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~13.x-0
+ repository: '@local'
- name: aai-babel
version: ~15.x-0
repository: 'file://components/aai-babel'
diff --git a/kubernetes/aai/components/aai-babel/Chart.yaml b/kubernetes/aai/components/aai-babel/Chart.yaml
index d5783066ad..2d0a78bde4 100644
--- a/kubernetes/aai/components/aai-babel/Chart.yaml
+++ b/kubernetes/aai/components/aai-babel/Chart.yaml
@@ -18,7 +18,7 @@
apiVersion: v2
description: Babel microservice
name: aai-babel
-version: 15.0.0
+version: 15.0.1
dependencies:
- name: common
diff --git a/kubernetes/aai/components/aai-babel/templates/configmap.yaml b/kubernetes/aai/components/aai-babel/templates/configmap.yaml
index baee38c0e2..39d494acc2 100644
--- a/kubernetes/aai/components/aai-babel/templates/configmap.yaml
+++ b/kubernetes/aai/components/aai-babel/templates/configmap.yaml
@@ -21,10 +21,6 @@ kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+ labels: {{- include "common.labels" . | nindent 4 }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/aai/components/aai-babel/templates/deployment.yaml b/kubernetes/aai/components/aai-babel/templates/deployment.yaml
index f3fc04c00c..782ed1226c 100644
--- a/kubernetes/aai/components/aai-babel/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-babel/templates/deployment.yaml
@@ -38,10 +38,12 @@ spec:
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
ports:
{{- if .Values.debug.enabled }}
- containerPort: {{ .Values.debug.port }}
@@ -99,6 +101,10 @@ spec:
- mountPath: /opt/app/babel/config/logback.xml
name: config
subPath: logback.xml
+ - mountPath: /opt/app/babel/logs
+ name: babel-logs
+ - mountPath: /tmp
+ name: tmp
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
@@ -120,7 +126,14 @@ spec:
secret:
secretName: {{ include "common.fullname" . }}-babel-secrets
- name: logs
- emptyDir: {}
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.artifactDataSizeLimit }}
+ - name: tmp
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.tmpSizeLimit }}
+ - name: babel-logs
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.babelLogsSizeLimit }}
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 8 }}
{{- include "common.imagePullSecrets" . | nindent 6 }}
diff --git a/kubernetes/aai/components/aai-babel/templates/secrets.yaml b/kubernetes/aai/components/aai-babel/templates/secrets.yaml
index 9d7d2c5a80..3f2b97c210 100644
--- a/kubernetes/aai/components/aai-babel/templates/secrets.yaml
+++ b/kubernetes/aai/components/aai-babel/templates/secrets.yaml
@@ -21,11 +21,7 @@ kind: Secret
metadata:
name: {{ include "common.fullname" . }}-babel-secrets
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+ labels: {{- include "common.labels" . | nindent 4 }}
type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/auth/*").AsSecrets . | indent 2 }}
diff --git a/kubernetes/aai/components/aai-babel/values.yaml b/kubernetes/aai/components/aai-babel/values.yaml
index c07b1245d0..2a57bb23cc 100644
--- a/kubernetes/aai/components/aai-babel/values.yaml
+++ b/kubernetes/aai/components/aai-babel/values.yaml
@@ -144,3 +144,15 @@ log:
level:
root: INFO
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
+
+volumes:
+ artifactDataSizeLimit: 50Mi
+ babelLogsSizeLimit: 100Mi
+ tmpSizeLimit: 100Mi
+
+securityContext:
+ user_id: 1000
+ group_id: 101
+
+podAnnotations:
+ checksum/config: '{{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}'
diff --git a/kubernetes/aai/components/aai-graphadmin/Chart.yaml b/kubernetes/aai/components/aai-graphadmin/Chart.yaml
index 1264d7398f..13315415f2 100644
--- a/kubernetes/aai/components/aai-graphadmin/Chart.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/Chart.yaml
@@ -22,7 +22,7 @@
apiVersion: v2
description: ONAP AAI GraphAdmin
name: aai-graphadmin
-version: 15.0.0
+version: 15.0.1
dependencies:
- name: common
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/aai-graph-kafka-user.yml b/kubernetes/aai/components/aai-graphadmin/templates/aai-graph-kafka-user.yml
index 4e9bf7f7ff..04692fefcc 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/aai-graph-kafka-user.yml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/aai-graph-kafka-user.yml
@@ -17,7 +17,7 @@ apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaUser
metadata:
name: {{ include "common.release" . }}-{{ .Values.global.aaiGraphKafkaUser }}
- labels:
+ labels: {{- include "common.labels" . | nindent 4 }}
strimzi.io/cluster: {{ include "common.release" . }}-strimzi
spec:
authentication:
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/configmap.yaml b/kubernetes/aai/components/aai-graphadmin/templates/configmap.yaml
index ddf752b480..1a32d7b516 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/configmap.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/configmap.yaml
@@ -25,11 +25,7 @@ kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+ labels: {{- include "common.labels" . | nindent 4 }}
{{- if .Values.global.jobs.migration.enabled }}
annotations:
"helm.sh/hook": pre-upgrade,pre-install
@@ -47,11 +43,7 @@ kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-properties
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+ labels: {{- include "common.labels" . | nindent 4 }}
{{- if .Values.global.jobs.migration.enabled }}
annotations:
"helm.sh/hook": pre-upgrade,pre-install
@@ -68,11 +60,7 @@ kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-migration
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+ labels: {{- include "common.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": pre-upgrade,pre-install
"helm.sh/hook-weight": "0"
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
index 6ac078b756..991727d7c6 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
@@ -23,20 +23,7 @@
*/}}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- app.kubernetes.io/name: {{ include "common.name" . }}
- {{- if .Chart.AppVersion }}
- version: "{{ .Chart.AppVersion | replace "+" "_" }}"
- {{- else }}
- version: "{{ .Chart.Version | replace "+" "_" }}"
- {{- end }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
{{- if .Values.config.debug.enabled }}
replicas: 1
@@ -54,19 +41,7 @@ spec:
matchLabels:
app: {{ include "common.name" . }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- app.kubernetes.io/name: {{ include "common.name" . }}
- {{- if .Chart.AppVersion }}
- version: "{{ .Chart.AppVersion | replace "+" "_" }}"
- {{- else }}
- version: "{{ .Chart.Version | replace "+" "_" }}"
- {{- end }}
- name: {{ include "common.name" . }}
- annotations:
- checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
hostname: aai-graphadmin
terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }}
@@ -207,11 +182,14 @@ spec:
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: tmp-volume
- emptyDir: {}
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.tmpSizeLimit }}
- name: logs
- emptyDir: {}
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.logSizeLimit }}
- name: script-logs
- emptyDir: {}
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.scriptlogSizeLimit }}
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: config
configMap:
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml
index 3f0c4e11e5..1cc431c94f 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml
@@ -41,11 +41,7 @@ kind: Job
metadata:
name: {{ include "common.fullname" . }}-db-backup
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}-job
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "job") | nindent 4 }}
annotations:
"helm.sh/hook": pre-upgrade,pre-install
"helm.sh/hook-weight": "2"
@@ -54,38 +50,19 @@ spec:
backoffLimit: 20
template:
metadata:
- labels:
- app: {{ include "common.name" . }}-job
- release: {{ include "common.release" . }}
+ labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "job") | nindent 8 }}
name: {{ include "common.name" . }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
{{- if eq .Values.global.jobs.migration.remoteCassandra.enabled false }}
- - command:
- - /bin/bash
- - -c
- - /app/ready.py --service-name {{ .Values.global.cassandra.serviceName }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-db-backup-readiness
- resources:
- limits:
- cpu: "100m"
- memory: "500Mi"
- requests:
- cpu: "3m"
- memory: "20Mi"
+ {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.waitForCassandraService ) | indent 6 | trim}}
{{- end }}
containers:
- name: {{ include "common.name" . }}-db-backup-job
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
command:
- sh
args:
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml
index 5d7e9b6cce..19e62ae7c4 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml
@@ -40,18 +40,12 @@ kind: Job
metadata:
name: {{ include "common.fullname" . }}-create-db-schema
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}-job
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+ labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "job") | nindent 4 }}
spec:
backoffLimit: 20
template:
metadata:
- labels:
- app: {{ include "common.name" . }}-job
- release: {{ include "common.release" . }}
+ labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "job") | nindent 8 }}
name: {{ include "common.name" . }}
spec:
initContainers:
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml
index 4ec2306eca..f6f2f8b1a7 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml
@@ -41,11 +41,7 @@ kind: Job
metadata:
name: {{ include "common.fullname" . }}-migration
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}-job
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+ labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "job") | nindent 4 }}
annotations:
"helm.sh/hook": post-upgrade,post-rollback,post-install
"helm.sh/hook-weight": "1"
@@ -54,35 +50,12 @@ spec:
backoffLimit: 20
template:
metadata:
- labels:
- app: {{ include "common.name" . }}-job
- release: {{ include "common.release" . }}
+ labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "job") | nindent 8 }}
name: {{ include "common.name" . }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- - command:
- - /app/ready.py
- args:
- - --service-name
- - {{ .Values.global.cassandra.serviceName }}
- - --service-name
- - aai-schema-service
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- resources:
- limits:
- cpu: "100m"
- memory: "500Mi"
- requests:
- cpu: "3m"
- memory: "20Mi"
+ {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.waitForWithSchemaService) | indent 6 | trim }}
- command:
- sh
args:
@@ -125,6 +98,7 @@ spec:
echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
sh docker-entrypoint.sh run_Migrations.sh -e UpdateAaiUriIndexMigration --commit --skipPreMigrationSnapShot --runDisabled RebuildAllEdges ;
{{ include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
volumeMounts:
- mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
name: config
@@ -172,11 +146,7 @@ kind: Job
metadata:
name: {{ include "common.fullname" . }}-db-backup-job
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}-db-backup-job
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "db-backup-job") | nindent 4 }}
annotations:
"helm.sh/hook": pre-upgrade,pre-install
"helm.sh/hook-weight": "2"
@@ -185,9 +155,7 @@ spec:
backoffLimit: 20
template:
metadata:
- labels:
- app: {{ include "common.name" . }}-db-backup-job
- release: {{ include "common.release" . }}
+ labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "db-backup-job") | nindent 8 }}
name: {{ include "common.name" . }}
spec:
initContainers:
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/pv.yaml b/kubernetes/aai/components/aai-graphadmin/templates/pv.yaml
index 563b920c04..cd72d7f219 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/pv.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/pv.yaml
@@ -16,16 +16,13 @@
{{- if .Values.global.jobs.migration.enabled -}}
{{- if eq "True" (include "common.needPV" .) -}}
+{{- if not .Values.persistence.storageClass -}}
kind: PersistentVolume
apiVersion: v1
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
+ labels: {{- include "common.labels" . | nindent 4 }}
name: {{ include "common.fullname" . }}
annotations:
"helm.sh/hook": pre-upgrade,pre-install
@@ -42,3 +39,4 @@ spec:
path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath1 }}
{{- end -}}
{{- end -}}
+{{- end -}}
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/pvc.yaml b/kubernetes/aai/components/aai-graphadmin/templates/pvc.yaml
index bf8900686d..19c1016ca4 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/pvc.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/pvc.yaml
@@ -20,11 +20,7 @@ apiVersion: v1
metadata:
name: {{ include "common.fullname" . }}-migration
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
+ labels: {{- include "common.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": pre-upgrade,pre-install
"helm.sh/hook-weight": "-1"
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/service.yaml b/kubernetes/aai/components/aai-graphadmin/templates/service.yaml
index 16924e9d5c..b7c09cfd0e 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/service.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/service.yaml
@@ -25,12 +25,7 @@ kind: Service
metadata:
name: {{ include "common.servicename" . }}
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- app.kubernetes.io/name: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+ labels: {{- include "common.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
@@ -58,6 +53,4 @@ spec:
name: {{ .Values.service.actuatorPortName }}
targetPort: {{ .Values.service.appPort }}
{{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ selector: {{- include "common.matchLabels" . | nindent 4 }}
diff --git a/kubernetes/aai/components/aai-graphadmin/values.yaml b/kubernetes/aai/components/aai-graphadmin/values.yaml
index fab3423c42..a2727757cf 100644
--- a/kubernetes/aai/components/aai-graphadmin/values.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/values.yaml
@@ -103,7 +103,7 @@ global: # global defaults
clients: SDNC,-1|MSO,-1|SO,-1|robot-ete,-1
# application image
-image: onap/aai-graphadmin:1.15.1
+image: onap/aai-graphadmin:1.15.2
pullPolicy: Always
restartPolicy: Always
flavor: small
@@ -229,6 +229,23 @@ readinessCheck:
services:
- '{{ .Values.global.cassandra.serviceName }}'
- aai-schema-service
+ waitForCassandra:
+ containers:
+ - aai-schema-service
+ apps:
+ - cassandra
+ waitForLocalCassandra:
+ containers:
+ - aai-schema-service
+ apps:
+ - aai-cassandra
+ waitForCassandraService:
+ services:
+ - '{{ .Values.global.cassandra.serviceName }}'
+ waitForWithSchemaService:
+ services:
+ - '{{ .Values.global.cassandra.serviceName }}'
+ - aai-schema-service
service:
type: ClusterIP
@@ -291,8 +308,8 @@ resources:
cpu: "1"
memory: "4Gi"
requests:
- cpu: "0.5"
- memory: "1.6Gi"
+ cpu: "500m"
+ memory: "1600Mi"
large:
limits:
cpu: "2"
@@ -319,9 +336,9 @@ metrics:
selector:
app: '{{ include "common.name" . }}'
- chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
- release: '{{ include "common.release" . }}'
- heritage: '{{ .Release.Service }}'
+ helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+ app.kubernetes.io/instance: '{{ include "common.release" . }}'
+ app.kubernetes.io/managed-by: '{{ .Release.Service }}'
relabelings: []
@@ -369,3 +386,11 @@ kafkaUser:
- name: AAI-EVENT
type: topic
operations: [Read, Write]
+
+volumes:
+ logSizeLimit: 64Mi
+ scriptlogSizeLimit: 300Mi
+ tmpSizeLimit: 500Mi
+
+podAnnotations:
+ checksum/config: '{{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}'
diff --git a/kubernetes/aai/components/aai-modelloader/Chart.yaml b/kubernetes/aai/components/aai-modelloader/Chart.yaml
index 23ce50a6c2..2f561334f5 100644
--- a/kubernetes/aai/components/aai-modelloader/Chart.yaml
+++ b/kubernetes/aai/components/aai-modelloader/Chart.yaml
@@ -17,7 +17,7 @@
apiVersion: v2
description: ONAP AAI modelloader
name: aai-modelloader
-version: 15.0.0
+version: 15.0.1
dependencies:
- name: common
diff --git a/kubernetes/aai/components/aai-modelloader/templates/configmap.yaml b/kubernetes/aai/components/aai-modelloader/templates/configmap.yaml
index d3fd509dcd..c2984626b6 100644
--- a/kubernetes/aai/components/aai-modelloader/templates/configmap.yaml
+++ b/kubernetes/aai/components/aai-modelloader/templates/configmap.yaml
@@ -19,11 +19,7 @@ kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-prop
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+ labels: {{- include "common.labels" . | nindent 4 }}
data:
{{ tpl (.Files.Glob "resources/config/model-loader.properties").AsConfig . | indent 2 }}
{{ tpl (.Files.Glob "resources/application.properties").AsConfig . | indent 2 }}
@@ -33,10 +29,6 @@ kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-log
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+ labels: {{- include "common.labels" . | nindent 4 }}
data:
{{ tpl (.Files.Glob "resources/config/log/logback.xml").AsConfig . | indent 2 }}
diff --git a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml
index 486ffbaa49..f3753d0040 100644
--- a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml
@@ -19,20 +19,7 @@
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- app.kubernetes.io/name: {{ include "common.name" . }}
- {{- if .Chart.AppVersion }}
- version: "{{ .Chart.AppVersion | replace "+" "_" }}"
- {{- else }}
- version: "{{ .Chart.Version | replace "+" "_" }}"
- {{- end }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
{{- if .Values.debug.enabled }}
replicas: 1
@@ -51,17 +38,7 @@ spec:
matchLabels:
app: {{ include "common.name" . }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- app.kubernetes.io/name: {{ include "common.name" . }}
- {{- if .Chart.AppVersion }}
- version: "{{ .Chart.AppVersion | replace "+" "_" }}"
- {{- else }}
- version: "{{ .Chart.Version | replace "+" "_" }}"
- {{- end }}
- name: {{ include "common.name" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
{{- if .Values.nodeSelector }}
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
@@ -69,10 +46,12 @@ spec:
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
env:
- name: CONFIG_HOME
value: /opt/app/model-loader/config/
@@ -90,8 +69,8 @@ spec:
value: {{ .Values.debug.args | quote }}
{{- end }}
ports:
- - containerPort: 9500
- name: http
+ - containerPort: {{ .Values.service.appPort }}
+ name: {{ .Values.service.appPortName }}
{{- if .Values.debug.enabled }}
- containerPort: {{ .Values.debug.port }}
name: {{ .Values.debug.portName }}
@@ -109,6 +88,8 @@ spec:
name: prop-config
- mountPath: {{ .Values.log.path }}
name: logs
+ - mountPath: /tmp
+ name: tmp
- mountPath: /opt/app/model-loader/logback.xml
name: log-config
subPath: logback.xml
@@ -121,7 +102,11 @@ spec:
configMap:
name: {{ include "common.fullname" . }}-prop
- name: logs
- emptyDir: {}
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.logSizeLimit }}
+ - name: tmp
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.tmpSizeLimit }}
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: log-config
configMap:
diff --git a/kubernetes/aai/components/aai-modelloader/templates/podmonitor.yaml b/kubernetes/aai/components/aai-modelloader/templates/podmonitor.yaml
index 1eb564ed72..961a850ee9 100644
--- a/kubernetes/aai/components/aai-modelloader/templates/podmonitor.yaml
+++ b/kubernetes/aai/components/aai-modelloader/templates/podmonitor.yaml
@@ -19,8 +19,7 @@ apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: {{ include "common.fullname" . }}
- labels:
- {{- include "common.labels" . | nindent 4 }}
+ labels: {{- include "common.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
diff --git a/kubernetes/aai/components/aai-modelloader/values.yaml b/kubernetes/aai/components/aai-modelloader/values.yaml
index d76b1d33a3..6c8cdb7d31 100644
--- a/kubernetes/aai/components/aai-modelloader/values.yaml
+++ b/kubernetes/aai/components/aai-modelloader/values.yaml
@@ -74,17 +74,22 @@ nodeSelector: {}
affinity: {}
+service:
+ # REST API port for the graphadmin microservice
+ appPortName: http
+ appPort: 9500
+
# probe configuration parameters
liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
enabled: true
+ path: /healthz
+ periodSeconds: 10
+ initialDelaySeconds: 10
readiness:
- initialDelaySeconds: 10
+ path: /healthz
periodSeconds: 10
+ initialDelaySeconds: 10
resources:
small:
@@ -92,7 +97,7 @@ resources:
cpu: "1"
memory: "4Gi"
requests:
- cpu: "0.5"
+ cpu: "500m"
memory: "1Gi"
large:
limits:
@@ -135,3 +140,7 @@ log:
level:
root: INFO
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
+
+volumes:
+ logSizeLimit: 64Mi
+ tmpSizeLimit: 100Mi
diff --git a/kubernetes/aai/components/aai-resources/Chart.yaml b/kubernetes/aai/components/aai-resources/Chart.yaml
index 7d7075e3a5..c83a28671c 100644
--- a/kubernetes/aai/components/aai-resources/Chart.yaml
+++ b/kubernetes/aai/components/aai-resources/Chart.yaml
@@ -18,7 +18,7 @@
apiVersion: v2
description: ONAP AAI resources
name: aai-resources
-version: 15.0.0
+version: 15.0.1
dependencies:
- name: common
@@ -30,3 +30,6 @@ dependencies:
- name: serviceAccount
version: ~13.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~13.x-0
+ repository: '@local' \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-resources/templates/aai-kafka-user.yml b/kubernetes/aai/components/aai-resources/templates/aai-kafka-user.yml
index 6b703e7cdd..f6063a024d 100644
--- a/kubernetes/aai/components/aai-resources/templates/aai-kafka-user.yml
+++ b/kubernetes/aai/components/aai-resources/templates/aai-kafka-user.yml
@@ -17,7 +17,7 @@ apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaUser
metadata:
name: {{ include "common.release" . }}-{{ .Values.global.aaiKafkaUser }}
- labels:
+ labels: {{- include "common.labels" . | nindent 4 }}
strimzi.io/cluster: {{ include "common.release" . }}-strimzi
spec:
authentication:
diff --git a/kubernetes/aai/components/aai-resources/templates/autoscaling.yaml b/kubernetes/aai/components/aai-resources/templates/autoscaling.yaml
index ed1f8e3ea8..29b191b68d 100644
--- a/kubernetes/aai/components/aai-resources/templates/autoscaling.yaml
+++ b/kubernetes/aai/components/aai-resources/templates/autoscaling.yaml
@@ -4,11 +4,7 @@ kind: HorizontalPodAutoscaler
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+ labels: {{- include "common.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
diff --git a/kubernetes/aai/components/aai-resources/templates/configmap.yaml b/kubernetes/aai/components/aai-resources/templates/configmap.yaml
index c3c2262ab9..8e13c8c90d 100644
--- a/kubernetes/aai/components/aai-resources/templates/configmap.yaml
+++ b/kubernetes/aai/components/aai-resources/templates/configmap.yaml
@@ -20,11 +20,7 @@ kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+ labels: {{- include "common.labels" . | nindent 4 }}
data:
{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
{{ tpl (.Files.Glob "resources/config/localhost-access-logback.xml").AsConfig . | indent 2 }}
diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml
index 4c6c12b1f4..cb434ed2cd 100644
--- a/kubernetes/aai/components/aai-resources/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml
@@ -20,20 +20,7 @@
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- app.kubernetes.io/name: {{ include "common.name" . }}
- {{- if .Chart.AppVersion }}
- version: "{{ .Chart.AppVersion | replace "+" "_" }}"
- {{- else }}
- version: "{{ .Chart.Version | replace "+" "_" }}"
- {{- end }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
{{- if or .Values.config.debug.enabled .Values.config.profiling.enabled }}
replicas: 1
@@ -53,19 +40,7 @@ spec:
matchLabels:
app: {{ include "common.name" . }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- app.kubernetes.io/name: {{ include "common.name" . }}
- {{- if .Chart.AppVersion }}
- version: "{{ .Chart.AppVersion | replace "+" "_" }}"
- {{- else }}
- version: "{{ .Chart.Version | replace "+" "_" }}"
- {{- end }}
- name: {{ include "common.name" . }}
- annotations:
- checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
{{- if .Values.global.msbEnabled }}
{{ $values := .Values }}
msb.onap.org/service-info: '[
@@ -99,44 +74,20 @@ spec:
spec:
hostname: aai-resources
terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }}
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /app/ready.py
- args:
- {{- if .Values.global.jobs.migration.enabled }}
- - --job-name
- - {{ include "common.release" . }}-aai-graphadmin-migration
- {{- else }}
- {{- if .Values.global.jobs.createSchema.enabled }}
- - --job-name
- - {{ include "common.release" . }}-aai-graphadmin-create-db-schema
- {{- else }}
- - --service-name
- - {{ .Values.global.cassandra.serviceName }}
- - --service-name
- - aai-schema-service
- {{- end }}
- {{- end }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- resources:
- limits:
- cpu: "100m"
- memory: "500Mi"
- requests:
- cpu: "3m"
- memory: "20Mi"
+ {{- if .Values.global.jobs.migration.enabled }}
+ {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_migration) | nindent 8 }}
+ {{- else if .Values.global.jobs.createSchema.enabled }}
+ {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_createSchema) | nindent 8 }}
+ {{- else }}
+ {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_cassandra) | nindent 8 }}
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
env:
{{- if .Values.config.env }}
{{- range $key,$value := .Values.config.env }}
@@ -189,6 +140,8 @@ spec:
- mountPath: /opt/app/aai-resources/resources/application-keycloak.properties
name: {{ include "common.fullname" . }}-config
subPath: application-keycloak.properties
+ - mountPath: /tmp
+ name: tmp
ports:
- containerPort: {{ .Values.service.resourcesPort }}
name: {{ .Values.service.resourcesPortName }}
@@ -252,7 +205,11 @@ spec:
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: logs
- emptyDir: {}
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.logSizeLimit }}
+ - name: tmp
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.tmpSizeLimit }}
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: {{ include "common.fullname" . }}-config
configMap:
diff --git a/kubernetes/aai/components/aai-resources/templates/service.yaml b/kubernetes/aai/components/aai-resources/templates/service.yaml
index 308dc052c8..605679ee52 100644
--- a/kubernetes/aai/components/aai-resources/templates/service.yaml
+++ b/kubernetes/aai/components/aai-resources/templates/service.yaml
@@ -19,12 +19,7 @@ kind: Service
metadata:
name: {{ include "common.servicename" . }}
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- app.kubernetes.io/name: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+ labels: {{- include "common.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
@@ -54,8 +49,6 @@ spec:
name: {{ .Values.service.metricsPortName }}
targetPort: {{ .Values.service.metricsPortName }}
{{- end }}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ selector: {{- include "common.matchLabels" . | nindent 4 }}
clusterIP: None
sessionAffinity: {{ .Values.service.sessionAffinity }}
diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml
index 890276239d..7cba7a425e 100644
--- a/kubernetes/aai/components/aai-resources/values.yaml
+++ b/kubernetes/aai/components/aai-resources/values.yaml
@@ -134,7 +134,7 @@ aai_enpoints:
url: external-system
# application image
-image: onap/aai-resources:1.15.1
+image: onap/aai-resources:1.15.2
pullPolicy: Always
restartPolicy: Always
flavor: small
@@ -354,9 +354,9 @@ metrics:
##
selector:
app: '{{ include "common.name" . }}'
- chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
- release: '{{ include "common.release" . }}'
- heritage: '{{ .Release.Service }}'
+ helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+ app.kubernetes.io/instance: '{{ include "common.release" . }}'
+ app.kubernetes.io/managed-by: '{{ .Release.Service }}'
## RelabelConfigs to apply to samples before scraping
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
@@ -421,3 +421,26 @@ kafkaUser:
- name: AAI-EVENT
type: topic
operations: [Read, Write]
+
+volumes:
+ logSizeLimit: 50Mi
+ tmpSizeLimit: 100Mi
+
+securityContext:
+ user_id: 1000
+ group_id: 1000
+
+readinessCheck:
+ wait_for_migration:
+ jobs:
+ - '{{ include "common.release" . }}-aai-graphadmin-migration'
+ wait_for_createSchema:
+ jobs:
+ - '{{ include "common.release" . }}-aai-graphadmin-create-db-schema'
+ wait_for_cassandra:
+ services:
+ - '{{ .Values.global.cassandra.serviceName }}'
+ - aai-schema-service
+
+podAnnotations:
+ checksum/config: '{{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}'
diff --git a/kubernetes/aai/components/aai-schema-service/Chart.yaml b/kubernetes/aai/components/aai-schema-service/Chart.yaml
index 512090d00a..b10eaa2e43 100644
--- a/kubernetes/aai/components/aai-schema-service/Chart.yaml
+++ b/kubernetes/aai/components/aai-schema-service/Chart.yaml
@@ -18,7 +18,7 @@
apiVersion: v2
description: ONAP AAI Schema Service
name: aai-schema-service
-version: 15.0.0
+version: 15.0.1
dependencies:
- name: common
diff --git a/kubernetes/aai/components/aai-schema-service/templates/configmap.yaml b/kubernetes/aai/components/aai-schema-service/templates/configmap.yaml
index 957387158a..0490f4325a 100644
--- a/kubernetes/aai/components/aai-schema-service/templates/configmap.yaml
+++ b/kubernetes/aai/components/aai-schema-service/templates/configmap.yaml
@@ -19,11 +19,7 @@ kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-log
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+ labels: {{- include "common.labels" . | nindent 4 }}
data:
{{ tpl (.Files.Glob "config/logback.xml").AsConfig . | indent 2 }}
---
@@ -32,11 +28,7 @@ kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-localhost-access-log
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+ labels: {{- include "common.labels" . | nindent 4 }}
data:
{{ tpl (.Files.Glob "config/localhost-access-logback.xml").AsConfig . | indent 2 }}
---
@@ -45,11 +37,7 @@ kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-aaiconfig
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+ labels: {{- include "common.labels" . | nindent 4 }}
data:
{{ tpl (.Files.Glob "config/aaiconfig.properties").AsConfig . | indent 2 }}
---
@@ -58,11 +46,7 @@ kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-springapp
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+ labels: {{- include "common.labels" . | nindent 4 }}
data:
{{ tpl (.Files.Glob "config/application.properties").AsConfig . | indent 2 }}
---
@@ -71,10 +55,6 @@ kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-realm
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+ labels: {{- include "common.labels" . | nindent 4 }}
data:
{{ tpl (.Files.Glob "config/realm.properties").AsConfig . | indent 2 }}
diff --git a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml
index 725467019f..9fadcd7077 100644
--- a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml
@@ -19,20 +19,7 @@
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- app.kubernetes.io/name: {{ include "common.name" . }}
- {{- if .Chart.AppVersion }}
- version: "{{ .Chart.AppVersion | replace "+" "_" }}"
- {{- else }}
- version: "{{ .Chart.Version | replace "+" "_" }}"
- {{- end }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" (dict "dot" . "suffix" "" "labels" .Values.labels "annotations" .Values.annotations ) | nindent 2 }}
spec:
{{- if .Values.debug.enabled }}
replicas: 1
@@ -51,24 +38,30 @@ spec:
matchLabels:
app: {{ include "common.name" . }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- app.kubernetes.io/name: {{ include "common.name" . }}
- {{- if .Chart.AppVersion }}
- version: "{{ .Chart.AppVersion | replace "+" "_" }}"
- {{- else }}
- version: "{{ .Chart.Version | replace "+" "_" }}"
- {{- end }}
- name: {{ include "common.name" . }}
- annotations:
- checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
+ initContainers:
+ - command: ["cp", "-R", "/opt/app/aai-schema-service/.", "/opt/app/aai-schema-service_rw/"]
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: copy-base-folder
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+ resources:
+ limits:
+ cpu: 100m
+ memory: 200Mi
+ requests:
+ cpu: 3m
+ memory: 20Mi
+ volumeMounts:
+ - mountPath: /opt/app/aai-schema-service_rw
+ name: aai-schema-service
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
env:
{{- if .Values.profiling.enabled }}
- name: PRE_JVM_ARGS
@@ -79,6 +72,8 @@ spec:
value: {{ .Values.debug.args | quote }}
{{- end }}
volumeMounts:
+ - mountPath: /opt/app/aai-schema-service
+ name: aai-schema-service
- mountPath: /opt/app/aai-schema-service/resources/etc/appprops/aaiconfig.properties
name: aaiconfig-conf
subPath: aaiconfig.properties
@@ -138,8 +133,12 @@ spec:
- name: aai-common-aai-auth-mount
secret:
secretName: aai-common-aai-auth
+ - name: aai-schema-service
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.aaiSizeLimit }}
- name: logs
- emptyDir: {}
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.logSizeLimit }}
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: log-conf
configMap:
diff --git a/kubernetes/aai/components/aai-schema-service/templates/service.yaml b/kubernetes/aai/components/aai-schema-service/templates/service.yaml
index 412b62c6fe..de0270f592 100644
--- a/kubernetes/aai/components/aai-schema-service/templates/service.yaml
+++ b/kubernetes/aai/components/aai-schema-service/templates/service.yaml
@@ -19,12 +19,7 @@ kind: Service
metadata:
name: {{ include "common.servicename" . }}
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- app.kubernetes.io/name: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+ labels: {{- include "common.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
@@ -45,6 +40,4 @@ spec:
name: {{ .Values.service.debugPortName }}
targetPort: {{ .Values.service.debugPortName }}
{{- end }}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ selector: {{- include "common.matchLabels" . | nindent 4 }}
diff --git a/kubernetes/aai/components/aai-schema-service/values.yaml b/kubernetes/aai/components/aai-schema-service/values.yaml
index 0ffeb55dd5..3763db940e 100644
--- a/kubernetes/aai/components/aai-schema-service/values.yaml
+++ b/kubernetes/aai/components/aai-schema-service/values.yaml
@@ -178,3 +178,10 @@ log:
level:
root: INFO
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
+
+volumes:
+ logSizeLimit: 50Mi
+ aaiSizeLimit: 150Mi
+
+podAnnotations:
+ checksum/config: '{{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}'
diff --git a/kubernetes/aai/components/aai-sparky-be/Chart.yaml b/kubernetes/aai/components/aai-sparky-be/Chart.yaml
index 9c9185baf3..074e266228 100644
--- a/kubernetes/aai/components/aai-sparky-be/Chart.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/Chart.yaml
@@ -17,7 +17,7 @@
apiVersion: v2
description: ONAP AAI sparky-be
name: aai-sparky-be
-version: 15.0.0
+version: 15.0.1
dependencies:
- name: common
@@ -29,3 +29,6 @@ dependencies:
- name: serviceAccount
version: ~13.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~13.x-0
+ repository: '@local' \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml b/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml
index 7c958fa410..407850eb7f 100644
--- a/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml
@@ -17,13 +17,6 @@
---
apiVersion: v1
kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
data:
{{ tpl (.Files.Glob "resources/config/application/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
index 28fe1d5c99..ede5b60676 100644
--- a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
@@ -38,32 +38,14 @@ spec:
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- - command:
- - /app/ready.py
- args:
- - --service-name
- - aai
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- resources:
- limits:
- cpu: "100m"
- memory: "500Mi"
- requests:
- cpu: "3m"
- memory: "20Mi"
+ {{ include "common.readinessCheck.waitFor" . | nindent 8 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
command:
- sh
args:
@@ -158,9 +140,11 @@ spec:
configMap:
name: {{ include "common.fullname" . }}
- name: logs
- emptyDir: {}
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.logSizeLimit }}
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: modeldir
- emptyDir: {}
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.modeldirSizeLimit }}
restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }}
{{- include "common.imagePullSecrets" . | nindent 6 }}
diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml
index c4b90d30ca..9cbe9e5fd2 100644
--- a/kubernetes/aai/components/aai-sparky-be/values.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/values.yaml
@@ -128,23 +128,24 @@ serviceMesh:
podAnnotations:
sidecar.istio.io/rewriteAppHTTPProbers: "false"
+ checksum/config: '{{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}'
# Configure resource requests and limits
# ref: http://kubernetes.io/docs/user-guide/compute-resources/
resources:
small:
limits:
- cpu: "0.5"
+ cpu: "500m"
memory: "4Gi"
requests:
- cpu: "0.25"
+ cpu: "250m"
memory: "1Gi"
large:
limits:
cpu: "1"
memory: "8Gi"
requests:
- cpu: "0.5"
+ cpu: "500m"
memory: "2Gi"
unlimited: {}
@@ -158,3 +159,16 @@ serviceAccount:
log:
path: /var/log/onap
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
+
+volumes:
+ logSizeLimit: 64Mi
+ modeldirSizeLimit: 64Mi
+
+securityContext:
+ user_id: 1000
+ group_id: 1000
+
+readinessCheck:
+ wait_for:
+ services:
+ - aai
diff --git a/kubernetes/aai/components/aai-traversal/Chart.yaml b/kubernetes/aai/components/aai-traversal/Chart.yaml
index e9545b703f..f4e458f0fb 100644
--- a/kubernetes/aai/components/aai-traversal/Chart.yaml
+++ b/kubernetes/aai/components/aai-traversal/Chart.yaml
@@ -17,7 +17,7 @@
apiVersion: v2
description: ONAP AAI traversal
name: aai-traversal
-version: 15.0.0
+version: 15.0.1
dependencies:
- name: common
@@ -29,3 +29,6 @@ dependencies:
- name: serviceAccount
version: ~13.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~13.x-0
+ repository: '@local'
diff --git a/kubernetes/aai/components/aai-traversal/templates/aai-trav-kafka-user.yml b/kubernetes/aai/components/aai-traversal/templates/aai-trav-kafka-user.yml
index 7c6a252315..966e5663f2 100644
--- a/kubernetes/aai/components/aai-traversal/templates/aai-trav-kafka-user.yml
+++ b/kubernetes/aai/components/aai-traversal/templates/aai-trav-kafka-user.yml
@@ -17,7 +17,7 @@ apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaUser
metadata:
name: {{ include "common.release" . }}-{{ .Values.global.aaiTravKafkaUser }}
- labels:
+ labels: {{- include "common.labels" . | nindent 4 }}
strimzi.io/cluster: {{ include "common.release" . }}-strimzi
spec:
authentication:
diff --git a/kubernetes/aai/components/aai-traversal/templates/autoscaling.yaml b/kubernetes/aai/components/aai-traversal/templates/autoscaling.yaml
index 76d2611f16..a14a9b5bda 100644
--- a/kubernetes/aai/components/aai-traversal/templates/autoscaling.yaml
+++ b/kubernetes/aai/components/aai-traversal/templates/autoscaling.yaml
@@ -1,14 +1,7 @@
{{- if .Values.autoscaling.enabled }}
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
diff --git a/kubernetes/aai/components/aai-traversal/templates/configmap.yaml b/kubernetes/aai/components/aai-traversal/templates/configmap.yaml
index 905c21f4b3..e9415df278 100644
--- a/kubernetes/aai/components/aai-traversal/templates/configmap.yaml
+++ b/kubernetes/aai/components/aai-traversal/templates/configmap.yaml
@@ -18,14 +18,7 @@
apiVersion: v1
kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
data:
{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
{{ tpl (.Files.Glob "resources/config/localhost-access-logback.xml").AsConfig . | indent 2 }}
diff --git a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml
index 6d97b0e7e8..d12fc6b702 100644
--- a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml
@@ -20,20 +20,7 @@
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- app.kubernetes.io/name: {{ include "common.name" . }}
- {{- if .Chart.AppVersion }}
- version: "{{ .Chart.AppVersion | replace "+" "_" }}"
- {{- else }}
- version: "{{ .Chart.Version | replace "+" "_" }}"
- {{- end }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
{{- if or .Values.config.debug.enabled .Values.config.profiling.enabled }}
replicas: 1
@@ -53,19 +40,7 @@ spec:
matchLabels:
app: {{ include "common.name" . }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- app.kubernetes.io/name: {{ include "common.name" . }}
- {{- if .Chart.AppVersion }}
- version: "{{ .Chart.AppVersion | replace "+" "_" }}"
- {{- else }}
- version: "{{ .Chart.Version | replace "+" "_" }}"
- {{- end }}
- name: {{ include "common.name" . }}
- annotations:
- checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
{{- if .Values.global.msbEnabled }}
{{ $values := .Values }}
msb.onap.org/service-info: '[
@@ -119,43 +94,19 @@ spec:
hostname: aai-traversal
terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }}
initContainers:
- - command:
- - /app/ready.py
- args:
{{- if .Values.global.jobs.migration.enabled }}
- - --job-name
- - {{ include "common.release" . }}-aai-graphadmin-migration
- {{- else }}
- {{- if .Values.global.jobs.createSchema.enabled }}
- - --job-name
- - {{ include "common.release" . }}-aai-graphadmin-create-db-schema
- {{- else }}
- - --service-name
- - {{ .Values.global.cassandra.serviceName }}
- - --service-name
- - aai-schema-service
- {{- end }}
+ {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_migration) | nindent 8 }}
+ {{- else if .Values.global.jobs.createSchema.enabled }}
+ {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_createSchema) | nindent 8 }}
+ {{- else }}
+ {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_cassandra) | nindent 8 }}
{{- end }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- resources:
- limits:
- cpu: "100m"
- memory: "500Mi"
- requests:
- cpu: "3m"
- memory: "20Mi"
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
env:
{{- if .Values.config.env }}
{{- range $key,$value := .Values.config.env }}
@@ -219,6 +170,8 @@ spec:
- mountPath: /opt/app/aai-traversal/resources/application-keycloak.properties
name: {{ include "common.fullname" . }}-config
subPath: application-keycloak.properties
+ - mountPath: /tmp
+ name: tmp
ports:
- containerPort: {{ .Values.service.traversalPort }}
name: {{ .Values.service.traversalPortName }}
@@ -277,9 +230,14 @@ spec:
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: logs
- emptyDir: {}
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.logSizeLimit }}
+ - name: tmp
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.tmpSizeLimit }}
- name: {{ include "common.fullname" . }}-logs-misc
- emptyDir: {}
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.logmiscSizeLimit }}
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: {{ include "common.fullname" . }}-config
configMap:
diff --git a/kubernetes/aai/components/aai-traversal/templates/job.yaml b/kubernetes/aai/components/aai-traversal/templates/job.yaml
index db90f824ef..3ea973fb99 100644
--- a/kubernetes/aai/components/aai-traversal/templates/job.yaml
+++ b/kubernetes/aai/components/aai-traversal/templates/job.yaml
@@ -24,11 +24,7 @@ kind: Job
metadata:
name: {{ include "common.fullname" . }}-update-query-data
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+ labels: {{- include "common.labels" . | nindent 4 }}
{{ if .Values.global.jobs.migration.enabled }}
annotations:
"helm.sh/hook": post-upgrade,post-rollback,post-install
@@ -38,33 +34,12 @@ metadata:
spec:
template:
metadata:
- labels:
- app: {{ include "common.name" . }}-job
- release: {{ include "common.release" . }}
+ labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "job") | nindent 8 }}
name: {{ include "common.name" . }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- - name: {{ include "common.name" . }}-readiness
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /app/ready.py
- args:
- - --service-name
- - aai
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- resources:
- limits:
- cpu: "100m"
- memory: "500Mi"
- requests:
- cpu: "3m"
- memory: "20Mi"
+ {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_service) | nindent 6 }}
- name: {{ include "common.name" . }}-wait-for-aai-haproxy
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
@@ -85,6 +60,16 @@ spec:
requests:
cpu: "3m"
memory: "20Mi"
+ securityContext:
+ runAsUser: 100
+ runAsGroup: 65533
+ readOnlyRootFilesystem: true
+ privileged: false
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ - CAP_NET_RAW
containers:
- name: {{ include "common.name" . }}-job
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
@@ -101,6 +86,7 @@ spec:
sh -x /opt/app/aai-traversal/bin/install/updateQueryData.sh ;
{{ include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
resources: {{ include "common.resources" . | nindent 10 }}
volumeMounts:
- mountPath: /opt/app/aai-traversal/resources/etc/appprops/janusgraph-realtime.properties
@@ -127,9 +113,11 @@ spec:
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.logSizeLimit }}
- name: {{ include "common.fullname" . }}-logs-misc
- emptyDir: {}
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.logmiscSizeLimit }}
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: {{ include "common.fullname" . }}-config
configMap:
diff --git a/kubernetes/aai/components/aai-traversal/templates/service.yaml b/kubernetes/aai/components/aai-traversal/templates/service.yaml
index 49ed56306a..60e8efc2ad 100644
--- a/kubernetes/aai/components/aai-traversal/templates/service.yaml
+++ b/kubernetes/aai/components/aai-traversal/templates/service.yaml
@@ -19,12 +19,7 @@ kind: Service
metadata:
name: {{ include "common.servicename" . }}
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- app.kubernetes.io/name: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+ labels: {{- include "common.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
@@ -54,8 +49,6 @@ spec:
name: {{ .Values.service.metricsPortName }}
targetPort: {{ .Values.service.metricsPortName }}
{{- end }}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ selector: {{- include "common.matchLabels" . | nindent 4 }}
clusterIP: None
sessionAffinity: {{ .Values.service.sessionAffinity }}
diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml
index e19ea65b9c..fd8206865e 100644
--- a/kubernetes/aai/components/aai-traversal/values.yaml
+++ b/kubernetes/aai/components/aai-traversal/values.yaml
@@ -111,7 +111,7 @@ global: # global defaults
someConfig: random
# application image
-image: onap/aai-traversal:1.15.1
+image: onap/aai-traversal:1.15.2
pullPolicy: Always
restartPolicy: Always
flavor: small
@@ -353,6 +353,9 @@ endpoints:
info:
enabled: true
+podAnnotations:
+ checksum/config: '{{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}'
+
metrics:
serviceMonitor:
enabled: true
@@ -383,9 +386,9 @@ metrics:
##
selector:
app: '{{ include "common.name" . }}'
- chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
- release: '{{ include "common.release" . }}'
- heritage: '{{ .Release.Service }}'
+ helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+ app.kubernetes.io/instance: '{{ include "common.release" . }}'
+ app.kubernetes.io/managed-by: '{{ .Release.Service }}'
## RelabelConfigs to apply to samples before scraping
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
@@ -418,6 +421,30 @@ log:
root: INFO
base: INFO # base package (org.onap.aai)
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
+
+volumes:
+ logSizeLimit: 50Mi
+ logmiscSizeLimit: 50Mi
+ tmpSizeLimit: 100Mi
+
+securityContext:
+ user_id: 1000
+ group_id: 1000
+
+readinessCheck:
+ wait_for_migration:
+ jobs:
+ - '{{ include "common.release" . }}-aai-graphadmin-migration'
+ wait_for_createSchema:
+ jobs:
+ - '{{ include "common.release" . }}-aai-graphadmin-create-db-schema'
+ wait_for_cassandra:
+ services:
+ - '{{ .Values.global.cassandra.serviceName }}'
+ - aai-schema-service
+ wait_for_service:
+ services:
+ - aai
#################################################################
# Secrets metaconfig
#################################################################
diff --git a/kubernetes/aai/resources/config/haproxy/resolvers.conf b/kubernetes/aai/resources/config/haproxy/resolvers.conf
new file mode 100644
index 0000000000..c456e3526a
--- /dev/null
+++ b/kubernetes/aai/resources/config/haproxy/resolvers.conf
@@ -0,0 +1,3 @@
+resolvers kubernetes
+ nameserver dns1 {{.Values.config.NAME_SERVER}}:53
+ hold valid 1s
diff --git a/kubernetes/aai/templates/authorizationpolicy.yaml b/kubernetes/aai/templates/authorizationpolicy.yaml
index fa59f52f35..f48e06eab4 100644
--- a/kubernetes/aai/templates/authorizationpolicy.yaml
+++ b/kubernetes/aai/templates/authorizationpolicy.yaml
@@ -27,6 +27,7 @@ kind: AuthorizationPolicy
metadata:
name: {{ include "common.fullname" (dict "suffix" "authz" "dot" . )}}
namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
diff --git a/kubernetes/aai/templates/configmap.yaml b/kubernetes/aai/templates/configmap.yaml
index dac36d729d..c66af502ac 100644
--- a/kubernetes/aai/templates/configmap.yaml
+++ b/kubernetes/aai/templates/configmap.yaml
@@ -22,12 +22,9 @@ kind: ConfigMap
metadata:
name: aai-deployment-configmap
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+ labels: {{- include "common.labels" . | nindent 4 }}
data:
+{{ tpl (.Files.Glob "resources/config/haproxy/resolvers.conf").AsConfig . | indent 2 }}
{{ if .Values.global.installSidecarSecurity }}
{{ tpl (.Files.Glob "resources/config/haproxy/haproxy-pluggable-security.cfg").AsConfig . | indent 2 }}
{{ else }}
@@ -40,6 +37,7 @@ kind: Secret
metadata:
name: aai-fproxy-auth-certs
namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/fproxy/auth/*").AsSecrets . | indent 2 }}
@@ -49,6 +47,7 @@ kind: Secret
metadata:
name: aai-rproxy-auth-certs
namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/rproxy/auth/*").AsSecrets . | indent 2 }}
@@ -58,6 +57,7 @@ kind: Secret
metadata:
name: aai-rproxy-security-config
namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/rproxy/security/*").AsSecrets . | indent 2 }}
diff --git a/kubernetes/aai/templates/deployment.yaml b/kubernetes/aai/templates/deployment.yaml
index 58bbc8af78..a743592036 100644
--- a/kubernetes/aai/templates/deployment.yaml
+++ b/kubernetes/aai/templates/deployment.yaml
@@ -18,20 +18,7 @@
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- app.kubernetes.io/name: {{ include "common.name" . }}
- {{- if .Chart.AppVersion }}
- version: "{{ .Chart.AppVersion | replace "+" "_" }}"
- {{- else }}
- version: "{{ .Chart.Version | replace "+" "_" }}"
- {{- end }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
selector:
matchLabels:
@@ -46,59 +33,48 @@ spec:
maxSurge: {{ .Values.updateStrategy.maxSurge }}
{{- end }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- app.kubernetes.io/name: {{ include "common.name" . }}
- {{- if .Chart.AppVersion }}
- version: "{{ .Chart.AppVersion | replace "+" "_" }}"
- {{- else }}
- version: "{{ .Chart.Version | replace "+" "_" }}"
- {{- end }}
- name: {{ include "common.release" . }}
- annotations:
- checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }}
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- - command:
- - /app/ready.py
- args:
- - --service-name
- - aai-resources
- - --service-name
- - aai-traversal
- - --service-name
- - aai-graphadmin
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
+ {{ include "common.readinessCheck.waitFor" . | indent 6 | trim}}
+ - command: ["/bin/sh","-c"]
+ args: ['cp -R /usr/local/etc/haproxy /usr/local/etc/haproxy_rw/']
+ image: '{{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}'
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
+ name: copy-haproxy-config
resources:
- requests:
- memory: {{ .Values.haproxy.initContainers.resources.memory }}
- cpu: {{ .Values.haproxy.initContainers.resources.cpu }}
limits:
- memory: {{ .Values.haproxy.initContainers.resources.memory }}
- cpu: {{ .Values.haproxy.initContainers.resources.cpu }}
+ cpu: 100m
+ memory: 200Mi
+ requests:
+ cpu: 2m
+ memory: 100Mi
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+ terminationMessagePath: /dev/termination-log
+ terminationMessagePolicy: File
+ volumeMounts:
+ - mountPath: /usr/local/etc/haproxy_rw
+ name: haproxy-etc
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}"
+ image: '{{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}'
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
+ - mountPath: /usr/local/etc/haproxy
+ name: haproxy-etc
+ - mountPath: /usr/local/etc/haproxy/resolvers.conf
+ name: haproxy-config
+ subPath: resolvers.conf
+ readOnly: true
- mountPath: /usr/local/etc/haproxy/haproxy.cfg
{{ if .Values.global.installSidecarSecurity }}
subPath: haproxy-pluggable-security.cfg
{{ else }}
subPath: haproxy.cfg
{{ end }}
- name: haproxy-cfg
+ name: haproxy-config
ports:
- containerPort: {{ .Values.service.internalPort }}
name: {{ .Values.service.portName }}
@@ -113,7 +89,11 @@ spec:
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+ resources: {{ include "common.resources" . | nindent 10 }}
readinessProbe:
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
httpGet:
path: /aai/util/echo
port: {{ .Values.service.internalPort }}
@@ -129,9 +109,6 @@ spec:
value: OOM_ReadinessCheck_TID
- name: Accept
value: application/json
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources: {{ include "common.resources" . | nindent 10 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
@@ -142,7 +119,10 @@ spec:
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: haproxy-cfg
- configMap:
- name: aai-deployment-configmap
+ - name: haproxy-config
+ configMap:
+ name: aai-deployment-configmap
+ - name: haproxy-etc
+ emptyDir:
+ sizeLimit: {{ .Values.volumes.haProxySizeLimit }}
{{- include "common.imagePullSecrets" . | nindent 6 }}
diff --git a/kubernetes/aai/templates/secret.yaml b/kubernetes/aai/templates/secret.yaml
index d868b9582e..1a592a0801 100644
--- a/kubernetes/aai/templates/secret.yaml
+++ b/kubernetes/aai/templates/secret.yaml
@@ -19,11 +19,7 @@ kind: Secret
metadata:
name: aai-common-aai-auth
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+ labels: {{- include "common.labels" . | nindent 4 }}
type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/auth/*").AsSecrets . | indent 2 }}
@@ -33,6 +29,7 @@ kind: Secret
metadata:
name: aai-common-truststore
namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/aai/*").AsSecrets . | indent 2 }}
diff --git a/kubernetes/aai/templates/service.yaml b/kubernetes/aai/templates/service.yaml
index b5a8cc1a0d..1509311a2b 100644
--- a/kubernetes/aai/templates/service.yaml
+++ b/kubernetes/aai/templates/service.yaml
@@ -19,12 +19,7 @@ kind: Service
metadata:
name: {{ include "common.servicename" . }}
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- app.kubernetes.io/name: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+ labels: {{- include "common.labels" . | nindent 4 }}
spec:
ports:
- name: {{ .Values.service.portName }}
@@ -36,8 +31,7 @@ spec:
{{ end }}
{{- end }}
type: {{ if (include "common.ingressEnabled" .) }}ClusterIP{{ else }}{{ .Values.service.type }}{{ end }}
- selector:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.matchLabels" . | nindent 4 }}
sessionAffinity: {{ .Values.service.sessionAffinity }}
---
apiVersion: v1
@@ -45,38 +39,26 @@ kind: Service
metadata:
name: {{ include "common.servicename" . }}-internal
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- app.kubernetes.io/name: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+ labels: {{- include "common.labels" . | nindent 4 }}
spec:
ports:
- name: {{ .Values.service.portName }}
port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
type: ClusterIP
- selector:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.matchLabels" . | nindent 4 }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "common.servicename" . }}-metrics
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}-metrics
- app.kubernetes.io/name: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+ labels: {{- include "common.labels" . | nindent 4 }}
spec:
ports:
- port: {{ .Values.metricsService.externalPort }}
targetPort: {{ .Values.metricsService.internalPort }}
name: {{ .Values.metricsService.portName }}
type: {{ .Values.metricsService.type }}
- selector:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.matchLabels" . | nindent 4 }}
clusterIP: None
diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml
index e129220e23..a000d2f934 100644
--- a/kubernetes/aai/values.yaml
+++ b/kubernetes/aai/values.yaml
@@ -309,7 +309,7 @@ aai-traversal:
# application image
dockerhubRepository: registry.hub.docker.com
-image: onap/aai-haproxy:1.11.0
+image: onap/aai-haproxy:1.15.2
pullPolicy: Always
flavor: small
@@ -321,6 +321,9 @@ debugEnabled: false
config:
logstashServiceName: log-ls
logstashPort: 5044
+ # IP address of name server is needed in nginx configuration. The secure endpoint for logging with Keycloak need the ip address in the config file.
+ # You can find this ip address in the /etc/resolv.conf This file is generated by k8s. The name server ip address is in all k8s cluster the same.
+ NAME_SERVER: coredns.kube-system
# default number of instances
replicaCount: 1
@@ -408,9 +411,9 @@ metrics:
selector:
app: '{{ include "common.name" . }}-metrics'
- chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
- release: '{{ include "common.release" . }}'
- heritage: '{{ .Release.Service }}'
+ helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+ app.kubernetes.io/instance: '{{ include "common.release" . }}'
+ app.kubernetes.io/managed-by: '{{ .Release.Service }}'
relabelings: []
@@ -459,15 +462,15 @@ resources:
cpu: "2"
memory: "4Gi"
requests:
- cpu: "1"
- memory: "1.2Gi"
+ cpu: "500m"
+ memory: "1200Mi"
large:
limits:
cpu: "4"
memory: "8Gi"
requests:
- cpu: "2"
- memory: "2.4Gi"
+ cpu: "1"
+ memory: "2400Mi"
unlimited: {}
#Pods Service Account
@@ -475,3 +478,20 @@ serviceAccount:
nameOverride: aai
roles:
- read
+
+securityContext:
+ user_id: 99
+ group_id: 99
+
+readinessCheck:
+ wait_for:
+ services:
+ - aai-resources
+ - aai-traversal
+ - aai-graphadmin
+
+volumes:
+ haProxySizeLimit: 20Mi
+
+podAnnotations:
+ checksum/config: '{{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}'