aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/msb
diff options
context:
space:
mode:
authorvladimir turok <vladimir.turok@t-systems.com>2023-07-27 16:28:36 +0200
committerAndreas Geissler <andreas-geissler@telekom.de>2023-08-07 18:34:04 +0200
commitd804418c890dde93bff26125b8cf1a9fd7fc82d1 (patch)
tree5c8d93188819e6a913f8e0566d061607b5be9095 /kubernetes/msb
parent7a34dfca27abc3a13f89ed8d6b87e4aa7be9613f (diff)
[OOM] Fixing k8s ServiceAccounts
Adding service account for the jobs Cleanup MSB, ES and other common charts from AAF dependencies Issue-ID: OOM-3199 Issue-ID: OOM-3114 Issue-ID: OOM-3116 Change-Id: I55bf80876c9fb3b110e538ed1a5504e0dc1d4e1a Signed-off-by: vladimir turok <vladimir.turok@t-systems.com>
Diffstat (limited to 'kubernetes/msb')
-rw-r--r--kubernetes/msb/components/msb-eag/Chart.yaml3
-rw-r--r--kubernetes/msb/components/msb-eag/resources/config/nginx/msbhttps.conf28
-rw-r--r--kubernetes/msb/components/msb-eag/templates/configmap.yaml9
-rw-r--r--kubernetes/msb/components/msb-eag/templates/deployment.yaml17
-rw-r--r--kubernetes/msb/components/msb-eag/values.yaml40
-rw-r--r--kubernetes/msb/components/msb-iag/Chart.yaml3
-rw-r--r--kubernetes/msb/components/msb-iag/resources/config/nginx/msbhttps.conf28
-rw-r--r--kubernetes/msb/components/msb-iag/templates/configmap.yaml8
-rw-r--r--kubernetes/msb/components/msb-iag/templates/deployment.yaml17
-rw-r--r--kubernetes/msb/components/msb-iag/values.yaml40
10 files changed, 11 insertions, 182 deletions
diff --git a/kubernetes/msb/components/msb-eag/Chart.yaml b/kubernetes/msb/components/msb-eag/Chart.yaml
index 53c66f7bfa..d42c99388d 100644
--- a/kubernetes/msb/components/msb-eag/Chart.yaml
+++ b/kubernetes/msb/components/msb-eag/Chart.yaml
@@ -25,9 +25,6 @@ dependencies:
- name: repositoryGenerator
version: ~13.x-0
repository: '@local'
- - name: certInitializer
- version: ~13.x-0
- repository: '@local'
- name: serviceAccount
version: ~13.x-0
repository: '@local'
diff --git a/kubernetes/msb/components/msb-eag/resources/config/nginx/msbhttps.conf b/kubernetes/msb/components/msb-eag/resources/config/nginx/msbhttps.conf
deleted file mode 100644
index 70125753ed..0000000000
--- a/kubernetes/msb/components/msb-eag/resources/config/nginx/msbhttps.conf
+++ /dev/null
@@ -1,28 +0,0 @@
-{{/*
-#
-# Copyright (C) 2017-2018 ZTE, Inc. and others. All rights reserved. (ZTE)
-# Copyright © 2021 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-*/}}
-server {
- listen 443 ssl;
- ssl_certificate {{ .Values.certInitializer.credsPath }}/certs/cert.crt;
- ssl_certificate_key {{ .Values.certInitializer.credsPath }}/certs/cert.key;
- ssl_protocols TLSv1.1 TLSv1.2;
- ssl_dhparam ../ssl/dh-pubkey/dhparams.pem;
- include ../msb-enabled/location-default/msblocations.conf;
- # Add below settings for making SDC to work
- underscores_in_headers on;
-} \ No newline at end of file
diff --git a/kubernetes/msb/components/msb-eag/templates/configmap.yaml b/kubernetes/msb/components/msb-eag/templates/configmap.yaml
index 30c0a80209..62bbf4272a 100644
--- a/kubernetes/msb/components/msb-eag/templates/configmap.yaml
+++ b/kubernetes/msb/components/msb-eag/templates/configmap.yaml
@@ -21,11 +21,4 @@ metadata:
namespace: {{ include "common.namespace" . }}
data:
{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-nginx
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/nginx/*").AsConfig . | indent 2 }}
+
diff --git a/kubernetes/msb/components/msb-eag/templates/deployment.yaml b/kubernetes/msb/components/msb-eag/templates/deployment.yaml
index cbab98b9fa..ee6db2dc30 100644
--- a/kubernetes/msb/components/msb-eag/templates/deployment.yaml
+++ b/kubernetes/msb/components/msb-eag/templates/deployment.yaml
@@ -24,7 +24,6 @@ spec:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- {{ include "common.certInitializer.initContainer" . | indent 6 | trim }}
- command:
- /app/ready.py
args:
@@ -49,13 +48,13 @@ spec:
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
tcpSocket:
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
@@ -66,17 +65,11 @@ spec:
- name: ROUTE_LABELS
value: {{ .Values.config.routeLabels }}
volumeMounts:
- {{ include "common.certInitializer.volumeMount" . | indent 10 | trim }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /usr/local/apiroute-works/logs
name: {{ include "common.fullname" . }}-logs
- {{- if (include "common.needTLS" .) }}
- - mountPath: /usr/local/openresty/nginx/msb-enabled/msbhttps.conf
- name: {{ include "common.fullname" . }}-nginx-conf
- subPath: msbhttps.conf
- {{- end }}
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
@@ -90,15 +83,9 @@ spec:
{{ include "common.log.sidecar" . | nindent 8 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- {{ include "common.certInitializer.volumes" . | indent 8 | trim }}
- name: {{ include "common.fullname" . }}-log-conf
configMap:
name: {{ include "common.fullname" . }}-log
- {{- if (include "common.needTLS" .) }}
- - name: {{ include "common.fullname" . }}-nginx-conf
- configMap:
- name: {{ include "common.fullname" . }}-nginx
- {{- end }}
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
diff --git a/kubernetes/msb/components/msb-eag/values.yaml b/kubernetes/msb/components/msb-eag/values.yaml
index 836673ffb1..d66c4a8e13 100644
--- a/kubernetes/msb/components/msb-eag/values.yaml
+++ b/kubernetes/msb/components/msb-eag/values.yaml
@@ -19,36 +19,6 @@ global:
nodePortPrefix: 302
#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: msb-eag-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: msb-eag
- fqi: msb-eag@msb-eag.onap.org
- fqi_namespace: org.onap.msb-eag
- public_fqdn: msb-eag.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- aaf_add_config: |
- mkdir -p {{ .Values.credsPath }}/certs
- echo "*** retrieve certificate from pkcs12"
- openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \
- -out {{ .Values.credsPath }}/certs/cert.crt -nokeys \
- -passin pass:$cadi_keystore_password_p12 \
- -passout pass:$cadi_keystore_password_p12
- echo "*** copy key to relevant place"
- cp {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key {{ .Values.credsPath }}/certs/cert.key
- echo "*** change ownership and read/write attributes"
- chown -R 1000 {{ .Values.credsPath }}/certs
- chmod 600 {{ .Values.credsPath }}/certs/cert.crt
- chmod 600 {{ .Values.credsPath }}/certs/cert.key
-
-#################################################################
# Application configuration defaults.
#################################################################
# application image
@@ -82,15 +52,12 @@ readiness:
service:
type: NodePort
name: msb-eag
- both_tls_and_plain: true
# for liveness and readiness probe only
# internalPort:
- internalPort: 443
- internalPlainPort: 80
+ internalPort: 80
ports:
- name: msb-eag
- port: 443
- plain_port: 80
+ port: 80
port_protocol: http
nodePort: '84'
@@ -99,8 +66,7 @@ ingress:
service:
- baseaddr: "msb-eag-ui"
name: "msb-eag"
- port: 443
- plain_port: 80
+ port: 80
config:
ssl: "redirect"
diff --git a/kubernetes/msb/components/msb-iag/Chart.yaml b/kubernetes/msb/components/msb-iag/Chart.yaml
index f7cb95b81e..50fa020c8b 100644
--- a/kubernetes/msb/components/msb-iag/Chart.yaml
+++ b/kubernetes/msb/components/msb-iag/Chart.yaml
@@ -25,9 +25,6 @@ dependencies:
- name: repositoryGenerator
version: ~13.x-0
repository: '@local'
- - name: certInitializer
- version: ~13.x-0
- repository: '@local'
- name: serviceAccount
version: ~13.x-0
repository: '@local'
diff --git a/kubernetes/msb/components/msb-iag/resources/config/nginx/msbhttps.conf b/kubernetes/msb/components/msb-iag/resources/config/nginx/msbhttps.conf
deleted file mode 100644
index 70125753ed..0000000000
--- a/kubernetes/msb/components/msb-iag/resources/config/nginx/msbhttps.conf
+++ /dev/null
@@ -1,28 +0,0 @@
-{{/*
-#
-# Copyright (C) 2017-2018 ZTE, Inc. and others. All rights reserved. (ZTE)
-# Copyright © 2021 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-*/}}
-server {
- listen 443 ssl;
- ssl_certificate {{ .Values.certInitializer.credsPath }}/certs/cert.crt;
- ssl_certificate_key {{ .Values.certInitializer.credsPath }}/certs/cert.key;
- ssl_protocols TLSv1.1 TLSv1.2;
- ssl_dhparam ../ssl/dh-pubkey/dhparams.pem;
- include ../msb-enabled/location-default/msblocations.conf;
- # Add below settings for making SDC to work
- underscores_in_headers on;
-} \ No newline at end of file
diff --git a/kubernetes/msb/components/msb-iag/templates/configmap.yaml b/kubernetes/msb/components/msb-iag/templates/configmap.yaml
index 30c0a80209..7214c8a95f 100644
--- a/kubernetes/msb/components/msb-iag/templates/configmap.yaml
+++ b/kubernetes/msb/components/msb-iag/templates/configmap.yaml
@@ -21,11 +21,3 @@ metadata:
namespace: {{ include "common.namespace" . }}
data:
{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-nginx
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/nginx/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/msb/components/msb-iag/templates/deployment.yaml b/kubernetes/msb/components/msb-iag/templates/deployment.yaml
index cbab98b9fa..ee6db2dc30 100644
--- a/kubernetes/msb/components/msb-iag/templates/deployment.yaml
+++ b/kubernetes/msb/components/msb-iag/templates/deployment.yaml
@@ -24,7 +24,6 @@ spec:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- {{ include "common.certInitializer.initContainer" . | indent 6 | trim }}
- command:
- /app/ready.py
args:
@@ -49,13 +48,13 @@ spec:
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
tcpSocket:
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
@@ -66,17 +65,11 @@ spec:
- name: ROUTE_LABELS
value: {{ .Values.config.routeLabels }}
volumeMounts:
- {{ include "common.certInitializer.volumeMount" . | indent 10 | trim }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /usr/local/apiroute-works/logs
name: {{ include "common.fullname" . }}-logs
- {{- if (include "common.needTLS" .) }}
- - mountPath: /usr/local/openresty/nginx/msb-enabled/msbhttps.conf
- name: {{ include "common.fullname" . }}-nginx-conf
- subPath: msbhttps.conf
- {{- end }}
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
@@ -90,15 +83,9 @@ spec:
{{ include "common.log.sidecar" . | nindent 8 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- {{ include "common.certInitializer.volumes" . | indent 8 | trim }}
- name: {{ include "common.fullname" . }}-log-conf
configMap:
name: {{ include "common.fullname" . }}-log
- {{- if (include "common.needTLS" .) }}
- - name: {{ include "common.fullname" . }}-nginx-conf
- configMap:
- name: {{ include "common.fullname" . }}-nginx
- {{- end }}
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
diff --git a/kubernetes/msb/components/msb-iag/values.yaml b/kubernetes/msb/components/msb-iag/values.yaml
index 004a1a7840..5c455d8984 100644
--- a/kubernetes/msb/components/msb-iag/values.yaml
+++ b/kubernetes/msb/components/msb-iag/values.yaml
@@ -19,36 +19,6 @@ global:
nodePortPrefix: 302
#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: msb-iag-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: msb-iag
- fqi: msb-iag@msb-iag.onap.org
- fqi_namespace: org.onap.msb-iag
- public_fqdn: msb-iag.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- aaf_add_config: |
- mkdir -p {{ .Values.credsPath }}/certs
- echo "*** retrieve certificate from pkcs12"
- openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \
- -out {{ .Values.credsPath }}/certs/cert.crt -nokeys \
- -passin pass:$cadi_keystore_password_p12 \
- -passout pass:$cadi_keystore_password_p12
- echo "*** copy key to relevant place"
- cp {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key {{ .Values.credsPath }}/certs/cert.key
- echo "*** change ownership and read/write attributes"
- chown -R 1000 {{ .Values.credsPath }}/certs
- chmod 600 {{ .Values.credsPath }}/certs/cert.crt
- chmod 600 {{ .Values.credsPath }}/certs/cert.key
-
-#################################################################
# Application configuration defaults.
#################################################################
# application image
@@ -82,15 +52,12 @@ readiness:
service:
type: NodePort
name: msb-iag
- both_tls_and_plain: true
# for liveness and readiness probe only
# internalPort:
- internalPort: 443
- internalPlainPort: 80
+ internalPort: 80
ports:
- name: msb-iag
- port: 443
- plain_port: 80
+ port: 80
port_protocol: http
nodePort: '83'
@@ -99,8 +66,7 @@ ingress:
service:
- baseaddr: "msb-iag-ui"
name: "msb-iag"
- port: 443
- plain_port: 80
+ port: 80
config:
ssl: "redirect"