summaryrefslogtreecommitdiffstats
path: root/kubernetes/oof/components
diff options
context:
space:
mode:
authoramatthews <adrian.matthews@est.tech>2022-08-18 15:31:12 +0100
committerAndreas Geissler <andreas-geissler@telekom.de>2022-10-24 13:39:32 +0000
commit379daacca80d748ea9fee3c4185c828a9559b509 (patch)
tree91591b52e8402e61821e811f5973548deab060ef /kubernetes/oof/components
parent702d68ae02195cbe56ab5f5cd61bddc816880076 (diff)
[OOF] Service Mesh Compliance for OOF
Updating basic requirements for Service Mesh Compliance within OOF. Removed AAF dependencies in OOF deployments. Resolved merge conflict for oof-has/resources/conflict/conductor.conf for DCAE Issue-ID: OOM-2253 Change-Id: I660085ca94db723e4880dfa67aa31b604e712d15 Signed-off-by: amatthews <adrian.matthews@est.tech>
Diffstat (limited to 'kubernetes/oof/components')
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml12
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-api/templates/service.yaml4
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-api/values.yaml2
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml8
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml8
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml6
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml6
-rwxr-xr-xkubernetes/oof/components/oof-has/resources/config/conductor.conf25
-rw-r--r--kubernetes/oof/components/oof-has/resources/config/nginx.conf5
-rwxr-xr-xkubernetes/oof/components/oof-has/values.yaml2
10 files changed, 65 insertions, 13 deletions
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml
index 3ed20ba8a6..4e38c830f0 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml
@@ -44,8 +44,10 @@ spec:
args:
- --container-name
- oof-has-controller
+ {{- if (include "common.needTLS" .) }}
- --container-name
- aaf-service
+ {{- end }}
env:
- name: NAMESPACE
valueFrom:
@@ -55,6 +57,7 @@ spec:
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if (include "common.needTLS" .) }}
- name: {{ include "common.name" . }}-has-sms-readiness
command:
- sh
@@ -73,6 +76,7 @@ spec:
fieldPath: metadata.namespace
image: {{ include "repositoryGenerator.image.curl" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- end }}
{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
@@ -108,9 +112,11 @@ spec:
- mountPath: /usr/local/bin/log.conf
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: log.conf
+ {{- if (include "common.needTLS" .) }}
- mountPath: /usr/local/bin/AAF_RootCA.cer
name: {{ include "common.fullname" . }}-onap-certs
subPath: aaf_root_ca.cer
+ {{- end }}
resources:
{{ include "common.resources" . | indent 12 }}
- name: {{ include "common.name" . }}-nginx
@@ -121,8 +127,10 @@ spec:
args:
- "-c"
- |
+ {{- if (include "common.needTLS" .) }}
grep -v '^$' /opt/bitnami/nginx/ssl/local/org.onap.oof.crt > /tmp/oof.crt
cat /tmp/oof.crt /tmp/intermediate_root_ca.pem /tmp/AAF_RootCA.cer >> /opt/bitnami/nginx/org.onap.oof.crt
+ {{- end }}
/opt/bitnami/scripts/nginx/entrypoint.sh /opt/bitnami/scripts/nginx/run.sh
ports:
- containerPort: {{ .Values.service.internalPort }}
@@ -146,12 +154,14 @@ spec:
- mountPath: /opt/bitnami/nginx/conf/nginx.conf
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: nginx.conf
+ {{- if (include "common.needTLS" .) }}
- mountPath: /tmp/AAF_RootCA.cer
name: {{ include "common.fullname" . }}-onap-certs
subPath: aaf_root_ca.cer
- mountPath: /tmp/intermediate_root_ca.pem
name: {{ include "common.fullname" . }}-onap-certs
subPath: intermediate_root_ca.pem
+ {{- end }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -178,6 +188,8 @@ spec:
path: conductor.conf
- key: log.conf
path: log.conf
+{{- if (include "common.needTLS" .) }}
{{ include "oof.certificate.volume" . | indent 8 }}
+{{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/service.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/service.yaml
index 751545ebef..f13e7cea9b 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/service.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/service.yaml
@@ -32,11 +32,11 @@ spec:
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.externalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
{{- end}}
selector:
app: {{ include "common.name" . }}
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml
index e4e843ac3e..c850cb7752 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml
@@ -45,7 +45,7 @@ service:
externalPort: 8091
internalPort: 8091
nodePort: 75
- portName: oof-has-api
+ portName: http
#backend container info
uwsgi:
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml
index 55bb4f620d..92be670db6 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml
@@ -43,8 +43,10 @@ spec:
args:
- --job-name
- {{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job
+ {{- if (include "common.needTLS" .) }}
- --container-name
- aaf-sms
+ {{- end }}
env:
- name: NAMESPACE
valueFrom:
@@ -54,6 +56,7 @@ spec:
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if (include "common.needTLS" .) }}
- name: {{ include "common.name" . }}-cont-sms-readiness
command:
- sh
@@ -72,6 +75,7 @@ spec:
fieldPath: metadata.namespace
image: {{ include "repositoryGenerator.image.curl" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }}
@@ -113,9 +117,11 @@ spec:
- mountPath: /usr/local/bin/healthy.sh
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: healthy.sh
+ {{- if (include "common.needTLS" .) }}
- mountPath: /usr/local/bin/AAF_RootCA.cer
name: {{ include "common.fullname" . }}-onap-certs
subPath: aaf_root_ca.cer
+ {{- end }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -141,6 +147,8 @@ spec:
path: log.conf
- key: healthy.sh
path: healthy.sh
+{{- if (include "common.needTLS" .) }}
{{ include "oof.certificate.volume" . | indent 8 }}
+{{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml
index 4f58ec3b94..72ecd7db2d 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml
@@ -52,6 +52,7 @@ spec:
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if (include "common.needTLS" .) }}
- name: {{ include "common.name" . }}-data-sms-readiness
command:
- sh
@@ -70,6 +71,7 @@ spec:
fieldPath: metadata.namespace
image: {{ include "repositoryGenerator.image.curl" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
@@ -112,6 +114,7 @@ spec:
- mountPath: /usr/local/bin/healthy.sh
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: healthy.sh
+ {{- if (include "common.needTLS" .) }}
- mountPath: /usr/local/bin/aai_cert.cer
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: aai_cert.cer
@@ -121,6 +124,7 @@ spec:
- mountPath: /usr/local/bin/AAF_RootCA.cer
name: {{ include "common.fullname" . }}-onap-certs
subPath: aaf_root_ca.cer
+ {{- end }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -146,10 +150,14 @@ spec:
path: log.conf
- key: healthy.sh
path: healthy.sh
+ {{- if (include "common.needTLS" .) }}
- key: aai_cert.cer
path: aai_cert.cer
- key: aai_key.key
path: aai_key.key
+ {{- end }}
+{{- if (include "common.needTLS" .) }}
{{ include "oof.certificate.volume" . | indent 8 }}
+{{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml
index f8755ea66b..b90a6f6e89 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml
@@ -52,6 +52,7 @@ spec:
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if (include "common.needTLS" .) }}
- name: {{ include "common.name" . }}-resrv-sms-readiness
command:
- sh
@@ -70,6 +71,7 @@ spec:
fieldPath: metadata.namespace
image: {{ include "repositoryGenerator.image.curl" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
@@ -112,9 +114,11 @@ spec:
- mountPath: /usr/local/bin/healthy.sh
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: healthy.sh
+ {{- if (include "common.needTLS" .) }}
- mountPath: /usr/local/bin/AAF_RootCA.cer
name: {{ include "common.fullname" . }}-onap-certs
subPath: aaf_root_ca.cer
+ {{- end }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -140,6 +144,8 @@ spec:
path: log.conf
- key: healthy.sh
path: healthy.sh
+{{- if (include "common.needTLS" .) }}
{{ include "oof.certificate.volume" . | indent 8 }}
+{{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml
index 154bc78e41..4499d9806e 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml
@@ -52,6 +52,7 @@ spec:
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if (include "common.needTLS" .) }}
- name: {{ include "common.name" . }}-solvr-sms-readiness
command:
- sh
@@ -70,6 +71,7 @@ spec:
fieldPath: metadata.namespace
image: {{ include "repositoryGenerator.image.curl" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
@@ -112,9 +114,11 @@ spec:
- mountPath: /usr/local/bin/healthy.sh
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: healthy.sh
+ {{- if (include "common.needTLS" .) }}
- mountPath: /usr/local/bin/AAF_RootCA.cer
name: {{ include "common.fullname" . }}-onap-certs
subPath: aaf_root_ca.cer
+ {{- end }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -140,6 +144,8 @@ spec:
path: log.conf
- key: healthy.sh
path: healthy.sh
+{{- if (include "common.needTLS" .) }}
{{ include "oof.certificate.volume" . | indent 8 }}
+{{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/oof/components/oof-has/resources/config/conductor.conf b/kubernetes/oof/components/oof-has/resources/config/conductor.conf
index 78553d73af..d650808036 100755
--- a/kubernetes/oof/components/oof-has/resources/config/conductor.conf
+++ b/kubernetes/oof/components/oof-has/resources/config/conductor.conf
@@ -159,13 +159,13 @@ appkey = ""
#
# is_aaf_enabled. (boolean value)
-is_aaf_enabled = true
+is_aaf_enabled = {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
# aaf_cache_expiry_hrs. (integer value)
aaf_cache_expiry_hrs = 3
# aaf_url. (string value)
-aaf_url = https://{{.Values.config.aaf.serviceName}}:{{.Values.config.aaf.port}}/authz/perms/user/
+aaf_url = http{{ if (include "common.needTLS" .) }}s{{ end }}://{{.Values.config.aaf.serviceName}}:{{.Values.config.aaf.port}}/authz/perms/user/
# aaf_cert_file. (string value)
#aaf_cert_file = <None>
@@ -175,7 +175,7 @@ aaf_url = https://{{.Values.config.aaf.serviceName}}:{{.Values.config.aaf.port}}
# aaf_ca_bundle_file. (string value)
#aaf_ca_bundle_file =
-aaf_ca_bundle_file = /usr/local/bin/AAF_RootCA.cer
+aaf_ca_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }}
# aaf_retries. (integer value)
#aaf_retries = 3
@@ -193,9 +193,12 @@ aaf_ca_bundle_file = /usr/local/bin/AAF_RootCA.cer
# From conductor
#
+# is_enabled. (boolean value)
+is_enabled = {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+
# Base URL for SMS, up to and not including the version, and without a trailing
# slash. (string value)
-aaf_sms_url = https://{{.Values.config.sms.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.sms.port}}
+aaf_sms_url = http{{ if (include "common.needTLS" .) }}s{{ end }}://{{.Values.config.sms.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.sms.port}}
# Timeout for SMS API Call (integer value)
@@ -231,7 +234,8 @@ complex_cache_refresh_interval = 60
# Base URL for A&AI, up to and not including the version, and without a
# trailing slash. (string value)
-server_url = https://{{.Values.config.aai.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.aai.port}}/aai
+#server_url = https://{{.Values.config.aai.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.aai.port}}/aai
+server_url = http{{ if (include "common.needTLS" .) }}s{{ end }}://{{.Values.config.aai.serviceName}}.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.aai.port .Values.config.aai.plainPort }}/aai
# Timeout for A&AI Rest Call (string value)
#aai_rest_timeout = 30
@@ -252,7 +256,7 @@ certificate_key_file =
# Certificate Authority Bundle file in pem format. Must contain the appropriate
# trust chain for the Certificate file. (string value)
#certificate_authority_bundle_file = certificate_authority_bundle.pem
-certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer
+certificate_authority_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }}
# Username for AAI. (string value)
username = OOF
@@ -676,7 +680,8 @@ concurrent = true
# Base URL for SDC, up to and not including the version, and without a
# trailing slash. (string value)
#server_url = https://controller:8443/sdc
-server_url = https://{{.Values.config.sdc.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.sdc.port}}/sdc
+#server_url = https://{{.Values.config.sdc.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.sdc.port}}/sdc
+server_url = http{{ if (include "common.needTLS" .) }}s{{ end }}://{{.Values.config.sdc.serviceName}}.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.sdc.port .Values.config.sdc.plainPort }}/sdc
# Timeout for SDC Rest Call (string value)
#sdc_rest_timeout = 30
@@ -699,7 +704,7 @@ certificate_key_file =
# Certificate Authority Bundle file in pem format. Must contain the appropriate
# trust chain for the Certificate file. (string value)
#certificate_authority_bundle_file = certificate_authority_bundle.pem
-certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer
+certificate_authority_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }}
# Username for SDC. (string value)
#username =
@@ -744,7 +749,7 @@ certificate_key_file =
# Certificate Authority Bundle file in pem format. Must contain the appropriate
# trust chain for the Certificate file. (string value)
#certificate_authority_bundle_file = certificate_authority_bundle.pem
-certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer
+certificate_authority_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }}
# Username for CPS. (string value)
#username =
@@ -788,7 +793,7 @@ certificate_key_file =
# Certificate Authority Bundle file in pem format. Must contain the appropriate
# trust chain for the Certificate file. (string value)
#certificate_authority_bundle_file = certificate_authority_bundle.pem
-certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer
+certificate_authority_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }}
# Username for DCAE. (string value)
#username =
diff --git a/kubernetes/oof/components/oof-has/resources/config/nginx.conf b/kubernetes/oof/components/oof-has/resources/config/nginx.conf
index cbb1b60a58..9272e8581c 100644
--- a/kubernetes/oof/components/oof-has/resources/config/nginx.conf
+++ b/kubernetes/oof/components/oof-has/resources/config/nginx.conf
@@ -11,12 +11,17 @@ http {
server {
+{{ if (include "common.needTLS" .) }}
listen 8091 ssl;
server_name oof;
ssl_certificate /opt/bitnami/nginx/org.onap.oof.crt;
ssl_certificate_key /opt/bitnami/nginx/ssl/local/org.onap.oof.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
+{{ else }}
+ listen 8091;
+ server_name oof;
+{{ end }}
location / {
include /opt/bitnami/nginx/conf/uwsgi_params;
diff --git a/kubernetes/oof/components/oof-has/values.yaml b/kubernetes/oof/components/oof-has/values.yaml
index 733b9209b5..0c5397c5a8 100755
--- a/kubernetes/oof/components/oof-has/values.yaml
+++ b/kubernetes/oof/components/oof-has/values.yaml
@@ -56,6 +56,7 @@ config:
aai:
serviceName: aai
port: 8443
+ plainPort: 80
msb:
serviceName: msb-iag
port: 80
@@ -68,6 +69,7 @@ config:
sdc:
serviceName: sdc-be
port: 8443
+ plainPort: 8080
cps:
service: cps-tbdmt
port: 8080