aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/common
diff options
context:
space:
mode:
authorDan Timoney <dtimoney@att.com>2020-07-15 17:31:43 -0400
committerDan Timoney <dtimoney@att.com>2020-09-17 19:20:48 -0400
commitcb0a81fdf8cddb1f08616d8afdefb69202dcbed3 (patch)
tree61857fc3cd63f2a0de05cedb271b9bb158efc63e /kubernetes/common
parent6a5cf9898f992ea29a932988717336a036d03228 (diff)
[CCSDK] Configure dgbuilder to use certInitializer
This change makes the following fixes to dgbuilder: * Replace hard-coded certificate with certificate generated by certInitializer * Configure dgbuilder to use http instead of https if AAF is disabled (i.e. global aafEnabled property = false) * Add resource limits Issue-ID: SDNC-1356 Signed-off-by: Dan Timoney <dtimoney@att.com> Change-Id: I8ca97c6a44f62a0abe5b5a6f8564ebcd2e4addb1
Diffstat (limited to 'kubernetes/common')
-rw-r--r--kubernetes/common/dgbuilder/requirements.yaml3
-rw-r--r--kubernetes/common/dgbuilder/resources/config/customSettings.js6
-rw-r--r--kubernetes/common/dgbuilder/templates/deployment.yaml5
-rw-r--r--kubernetes/common/dgbuilder/values.yaml60
4 files changed, 53 insertions, 21 deletions
diff --git a/kubernetes/common/dgbuilder/requirements.yaml b/kubernetes/common/dgbuilder/requirements.yaml
index 4735901dfa..cf305d4bc9 100644
--- a/kubernetes/common/dgbuilder/requirements.yaml
+++ b/kubernetes/common/dgbuilder/requirements.yaml
@@ -16,3 +16,6 @@ dependencies:
- name: common
version: ~6.x-0
repository: 'file://../common'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
diff --git a/kubernetes/common/dgbuilder/resources/config/customSettings.js b/kubernetes/common/dgbuilder/resources/config/customSettings.js
index 42c2e5728b..b6a1a8636a 100644
--- a/kubernetes/common/dgbuilder/resources/config/customSettings.js
+++ b/kubernetes/common/dgbuilder/resources/config/customSettings.js
@@ -54,6 +54,8 @@ module.exports={
},
"uiHost": "0.0.0.0",
"version": "0.9.1",
- "performGitPull": "N",
- "enableHttps" : true
+ {{ if .Values.global.aafEnabled }}
+ "enableHttps" : true,
+ {{ end }}
+ "performGitPull": "N"
}
diff --git a/kubernetes/common/dgbuilder/templates/deployment.yaml b/kubernetes/common/dgbuilder/templates/deployment.yaml
index 1c32e12204..ec088e9274 100644
--- a/kubernetes/common/dgbuilder/templates/deployment.yaml
+++ b/kubernetes/common/dgbuilder/templates/deployment.yaml
@@ -70,6 +70,7 @@ spec:
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
- command:
- /app/ready.py
args:
@@ -89,7 +90,7 @@ spec:
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/bin/bash"]
- args: ["-c", "cd /opt/onap/ccsdk/dgbuilder/ && ./start.sh sdnc1.0 && wait"]
+ args: ["-c", "cd /opt/onap/ccsdk/dgbuilder/ && {{ if .Values.global.aafEnabled}} cp /opt/app/osaaf/local/node-*.pem certs && {{end}}./start.sh sdnc1.0 && wait"]
ports:
- containerPort: {{ .Values.service.internalPort }}
readinessProbe:
@@ -101,6 +102,7 @@ spec:
- name: SDNC_CONFIG_DIR
value: /opt/onap/sdnc/data/properties
volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -127,6 +129,7 @@ spec:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
volumes:
+{{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml
index a7e6e24265..cf88fe5c3f 100644
--- a/kubernetes/common/dgbuilder/values.yaml
+++ b/kubernetes/common/dgbuilder/values.yaml
@@ -158,21 +158,45 @@ ingress:
config:
ssl: "redirect"
-resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-# limits:
-# cpu: 2
-# memory: 4Gi
-# requests:
-# cpu: 2
-# memory: 4Gi
+ # dependency / sub-chart configuration
+certInitializer:
+ nameOverride: dgbuilder-cert-initializer
+ truststoreMountpath: /opt/onap/ccsdk/dgbuilder/certs
+ fqdn: "sdnc"
+ app_ns: "org.osaaf.aaf"
+ fqi: "sdnc@sdnc.onap.org"
+ fqi_namespace: org.onap.sdnc
+ public_fqdn: "dgbuilder.onap.org"
+ aafDeployFqi: "deployer@people.osaaf.org"
+ aafDeployPass: demo123456!
+ cadi_latitude: "38.0"
+ cadi_longitude: "-72.0"
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: >
+ cd /opt/app/osaaf/local;
+ /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} | grep cadi_keystore_password= | cut -d= -f 2 > {{ .Values.credsPath }}/.pass 2>&1 ;
+ cp {{ .Values.fqi_namespace }}.crt node-cert.pem;
+ cp {{ .Values.fqi_namespace }}.key node-key.pem;
+ chmod go+r node-*.pem
+
+#Resource Limit flavor -By Default using small
+flavor: small
+#segregation for different envionment (Small and Large)
+
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 2Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 8Gi
+ requests:
+ cpu: 2
+ memory: 4Gi
+ unlimited: {}
+