summaryrefslogtreecommitdiffstats
path: root/kubernetes/oof
diff options
context:
space:
mode:
authorAndreas Geissler <andreas-geissler@telekom.de>2023-02-20 12:00:42 +0100
committerAndreas Geissler <andreas-geissler@telekom.de>2023-02-23 16:25:04 +0100
commit0fcefb64c2bd0be21f0d20b1d6fa6a4600a51a37 (patch)
tree806d3d808e45d5e3ce2432ff603265dfeee72247 /kubernetes/oof
parent7a7b5d419bf216a4ce1d69f5ce135d0d90849e67 (diff)
[OOF] Make OOF ServiceMesh compatible
Update the OSDF image version to 3.0.8 and remove the AAF related configuration options Issue-ID: OOM-2990 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: Ib2b5085fa51eacb5ddc0e62dc29c2df9838c9c74
Diffstat (limited to 'kubernetes/oof')
-rwxr-xr-xkubernetes/oof/Chart.yaml6
-rwxr-xr-xkubernetes/oof/components/oof-has/Chart.yaml4
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-api/Chart.yaml7
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml83
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-api/templates/service.yaml28
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-api/values.yaml35
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-controller/Chart.yaml3
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml66
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml9
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-data/Chart.yaml3
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml75
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-data/values.yaml9
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-reservation/Chart.yaml3
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml63
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml9
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-solver/Chart.yaml3
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml63
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml9
-rwxr-xr-xkubernetes/oof/components/oof-has/resources/config/aai_cert.cer25
-rwxr-xr-xkubernetes/oof/components/oof-has/resources/config/aai_key.key30
-rwxr-xr-xkubernetes/oof/components/oof-has/resources/config/bundle.pem26
-rwxr-xr-xkubernetes/oof/components/oof-has/resources/config/conductor.conf122
-rw-r--r--kubernetes/oof/components/oof-has/resources/config/nginx.conf9
-rwxr-xr-xkubernetes/oof/components/oof-has/values.yaml27
-rw-r--r--kubernetes/oof/components/oof-templates/templates/_certificate.tpl11
-rwxr-xr-xkubernetes/oof/resources/config/certs/aaf_root_ca.cer31
-rw-r--r--kubernetes/oof/resources/config/certs/intermediate_root_ca.pem27
-rw-r--r--kubernetes/oof/resources/config/conf/common_config.yaml2
-rwxr-xr-xkubernetes/oof/resources/config/conf/osdf_config.yaml25
-rw-r--r--kubernetes/oof/templates/deployment.yaml70
-rw-r--r--kubernetes/oof/templates/ingress.yaml18
-rw-r--r--kubernetes/oof/templates/service.yaml28
-rw-r--r--kubernetes/oof/values.yaml55
33 files changed, 134 insertions, 850 deletions
diff --git a/kubernetes/oof/Chart.yaml b/kubernetes/oof/Chart.yaml
index 3d5441dd4c..fabc2e55e7 100755
--- a/kubernetes/oof/Chart.yaml
+++ b/kubernetes/oof/Chart.yaml
@@ -24,9 +24,6 @@ dependencies:
- name: common
version: ~12.x-0
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: oof-has
version: ~12.x-0
repository: 'file://components/oof-has'
@@ -40,3 +37,6 @@ dependencies:
- name: serviceAccount
version: ~12.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~12.x-0
+ repository: '@local'
diff --git a/kubernetes/oof/components/oof-has/Chart.yaml b/kubernetes/oof/components/oof-has/Chart.yaml
index 0b3a324c9a..8fd5dbd2ad 100755
--- a/kubernetes/oof/components/oof-has/Chart.yaml
+++ b/kubernetes/oof/components/oof-has/Chart.yaml
@@ -24,10 +24,6 @@ dependencies:
- name: common
version: ~12.x-0
repository: '@local'
- - name: music
- version: ~12.x-0
- repository: '@local'
- condition: music.enabled
- name: etcd
version: ~12.x-0
repository: '@local'
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/Chart.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/Chart.yaml
index 39d3f0c89f..a7a1d1f172 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-api/Chart.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-api/Chart.yaml
@@ -24,9 +24,6 @@ dependencies:
- name: common
version: ~12.x-0
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: oof-templates
version: ~12.x-0
repository: 'file://../../../oof-templates'
@@ -36,3 +33,7 @@ dependencies:
- name: serviceAccount
version: ~12.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~12.x-0
+ repository: '@local'
+
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml
index 4e38c830f0..10793cafc6 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml
@@ -18,67 +18,15 @@
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /app/ready.py
- args:
- - --container-name
- - oof-has-controller
- {{- if (include "common.needTLS" .) }}
- - --container-name
- - aaf-service
- {{- end }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- {{- if (include "common.needTLS" .) }}
- - name: {{ include "common.name" . }}-has-sms-readiness
- command:
- - sh
- - -c
- - resp="FAILURE";
- until [ $resp = "200" ]; do
- resp=$(curl -s -o /dev/null -k --write-out %{http_code} https://aaf-sms.{{ include "common.namespace" . }}:10443/v1/sms/domain/has/secret);
- echo $resp;
- sleep 2;
- done
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.curl" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{- end }}
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
-
+ {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }}
@@ -112,11 +60,6 @@ spec:
- mountPath: /usr/local/bin/log.conf
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: log.conf
- {{- if (include "common.needTLS" .) }}
- - mountPath: /usr/local/bin/AAF_RootCA.cer
- name: {{ include "common.fullname" . }}-onap-certs
- subPath: aaf_root_ca.cer
- {{- end }}
resources:
{{ include "common.resources" . | indent 12 }}
- name: {{ include "common.name" . }}-nginx
@@ -127,13 +70,10 @@ spec:
args:
- "-c"
- |
- {{- if (include "common.needTLS" .) }}
- grep -v '^$' /opt/bitnami/nginx/ssl/local/org.onap.oof.crt > /tmp/oof.crt
- cat /tmp/oof.crt /tmp/intermediate_root_ca.pem /tmp/AAF_RootCA.cer >> /opt/bitnami/nginx/org.onap.oof.crt
- {{- end }}
/opt/bitnami/scripts/nginx/entrypoint.sh /opt/bitnami/scripts/nginx/run.sh
ports:
- containerPort: {{ .Values.service.internalPort }}
+ name: http
{{- if .Values.liveness.enabled }}
livenessProbe:
tcpSocket:
@@ -147,21 +87,12 @@ spec:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /opt/bitnami/nginx/conf/nginx.conf
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: nginx.conf
- {{- if (include "common.needTLS" .) }}
- - mountPath: /tmp/AAF_RootCA.cer
- name: {{ include "common.fullname" . }}-onap-certs
- subPath: aaf_root_ca.cer
- - mountPath: /tmp/intermediate_root_ca.pem
- name: {{ include "common.fullname" . }}-onap-certs
- subPath: intermediate_root_ca.pem
- {{- end }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -174,7 +105,6 @@ spec:
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
@@ -188,8 +118,5 @@ spec:
path: conductor.conf
- key: log.conf
path: log.conf
-{{- if (include "common.needTLS" .) }}
-{{ include "oof.certificate.volume" . | indent 8 }}
-{{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/service.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/service.yaml
index f13e7cea9b..b77b592c08 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/service.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/service.yaml
@@ -1,6 +1,7 @@
{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T,VMware
+# Modifications Copyright © 2023 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -15,29 +16,4 @@
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml
index c850cb7752..8b2ebdd23c 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml
@@ -22,10 +22,6 @@ global: # global defaults
# secrets metaconfig
#################################################################
secrets:
- - uid: oof-onap-certs
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths: '{{ .Values.secretsFilePaths }}'
- uid: oof-has-etcd-secret
name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret'
type: basicAuth
@@ -42,16 +38,15 @@ config:
service:
type: NodePort
name: oof-has-api
- externalPort: 8091
internalPort: 8091
- nodePort: 75
- portName: http
+ ports:
+ - name: http
+ port: 8091
+ nodePort: '75'
#backend container info
uwsgi:
internalPort: 8080
-ingress:
- enabled: false
replicaCount: 1
nodeSelector: {}
affinity: {}
@@ -85,24 +80,6 @@ readiness:
initialDelaySeconds: 10
periodSeconds: 10
-#sub-charts configuration
-certInitializer:
- nameOverride: oof-has-cert-initializer
- fqdn: "oof.onap"
- app_ns: "org.osaaf.aaf"
- fqi: "oof@oof.onap.org"
- fqi_namespace: org.onap.oof
- public_fqdn: "oof.onap.org"
- aafDeployFqi: "deployer@people.osaaf.org"
- aafDeployPass: demo123456!
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- appMountPath: /opt/bitnami/nginx/ssl
- aaf_add_config: >
- chmod 444 {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key;
-
-
ingress:
enabled: false
service:
@@ -112,6 +89,10 @@ ingress:
config:
ssl: "redirect"
+readinessCheck:
+ wait_for:
+ - oof-has-controller
+
#Pods Service Account
serviceAccount:
nameOverride: oof-has-api
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/Chart.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/Chart.yaml
index 9713d7a497..cfa4c5e37b 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-controller/Chart.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/Chart.yaml
@@ -33,3 +33,6 @@ dependencies:
- name: serviceAccount
version: ~12.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~12.x-0
+ repository: '@local'
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml
index 92be670db6..ba7d462f6c 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml
@@ -17,65 +17,15 @@
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job
- {{- if (include "common.needTLS" .) }}
- - --container-name
- - aaf-sms
- {{- end }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- {{- if (include "common.needTLS" .) }}
- - name: {{ include "common.name" . }}-cont-sms-readiness
- command:
- - sh
- - -c
- - resp="FAILURE";
- until [ $resp = "200" ]; do
- resp=$(curl -s -o /dev/null -k --write-out %{http_code} https://aaf-sms.{{ include "common.namespace" . }}:10443/v1/sms/domain/has/secret);
- echo $resp;
- sleep 2;
- done
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.curl" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{- end }}
+ {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }}
@@ -117,11 +67,6 @@ spec:
- mountPath: /usr/local/bin/healthy.sh
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: healthy.sh
- {{- if (include "common.needTLS" .) }}
- - mountPath: /usr/local/bin/AAF_RootCA.cer
- name: {{ include "common.fullname" . }}-onap-certs
- subPath: aaf_root_ca.cer
- {{- end }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -147,8 +92,5 @@ spec:
path: log.conf
- key: healthy.sh
path: healthy.sh
-{{- if (include "common.needTLS" .) }}
-{{ include "oof.certificate.volume" . | indent 8 }}
-{{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml
index d6da75fd18..c72dc6c516 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml
@@ -20,10 +20,6 @@ global:
# Secrets metaconfig
#################################################################
secrets:
- - uid: oof-onap-certs
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths: '{{ .Values.secretsFilePaths }}'
- uid: oof-has-etcd-secret
name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret'
type: basicAuth
@@ -72,6 +68,11 @@ readiness:
initialDelaySeconds: 10
periodSeconds: 10
+readinessCheck:
+ wait_for:
+ jobs:
+ - '{{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job'
+
#Pods Service Account
serviceAccount:
nameOverride: oof-has-controller
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/Chart.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/Chart.yaml
index 725545159c..0b0b6e7abe 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-data/Chart.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-data/Chart.yaml
@@ -33,3 +33,6 @@ dependencies:
- name: serviceAccount
version: ~12.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~12.x-0
+ repository: '@local'
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml
index 72ecd7db2d..6319c99b25 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml
@@ -17,62 +17,15 @@
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- {{- if (include "common.needTLS" .) }}
- - name: {{ include "common.name" . }}-data-sms-readiness
- command:
- - sh
- - -c
- - resp="FAILURE";
- until [ $resp = "200" ]; do
- resp=$(curl -s -o /dev/null -k --write-out %{http_code} https://aaf-sms.{{ include "common.namespace" . }}:10443/v1/sms/domain/has/secret);
- echo $resp;
- sleep 2;
- done
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.curl" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{- end }}
-
+ {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }}
@@ -114,17 +67,6 @@ spec:
- mountPath: /usr/local/bin/healthy.sh
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: healthy.sh
- {{- if (include "common.needTLS" .) }}
- - mountPath: /usr/local/bin/aai_cert.cer
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: aai_cert.cer
- - mountPath: /usr/local/bin/aai_key.key
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: aai_key.key
- - mountPath: /usr/local/bin/AAF_RootCA.cer
- name: {{ include "common.fullname" . }}-onap-certs
- subPath: aaf_root_ca.cer
- {{- end }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -150,14 +92,5 @@ spec:
path: log.conf
- key: healthy.sh
path: healthy.sh
- {{- if (include "common.needTLS" .) }}
- - key: aai_cert.cer
- path: aai_cert.cer
- - key: aai_key.key
- path: aai_key.key
- {{- end }}
-{{- if (include "common.needTLS" .) }}
-{{ include "oof.certificate.volume" . | indent 8 }}
-{{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml
index 93a335d29d..166b1a4099 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml
@@ -20,10 +20,6 @@ global:
# secrets metaconfig
#################################################################
secrets:
- - uid: oof-onap-certs
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths: '{{ .Values.secretsFilePaths }}'
- uid: oof-has-etcd-secret
name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret'
type: basicAuth
@@ -72,6 +68,11 @@ readiness:
initialDelaySeconds: 10
periodSeconds: 10
+readinessCheck:
+ wait_for:
+ jobs:
+ - '{{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job'
+
#Pods Service Account
serviceAccount:
nameOverride: oof-has-data
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/Chart.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/Chart.yaml
index b8e5521b93..9f60691b5e 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/Chart.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/Chart.yaml
@@ -33,3 +33,6 @@ dependencies:
- name: serviceAccount
version: ~12.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~12.x-0
+ repository: '@local'
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml
index b90a6f6e89..e7c5d7c9fa 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml
@@ -17,62 +17,15 @@
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- {{- if (include "common.needTLS" .) }}
- - name: {{ include "common.name" . }}-resrv-sms-readiness
- command:
- - sh
- - -c
- - resp="FAILURE";
- until [ $resp = "200" ]; do
- resp=$(curl -s -o /dev/null -k --write-out %{http_code} https://aaf-sms.{{ include "common.namespace" .}}:10443/v1/sms/domain/has/secret);
- echo $resp;
- sleep 2;
- done
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.curl" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{- end }}
-
+ {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }}
@@ -114,11 +67,6 @@ spec:
- mountPath: /usr/local/bin/healthy.sh
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: healthy.sh
- {{- if (include "common.needTLS" .) }}
- - mountPath: /usr/local/bin/AAF_RootCA.cer
- name: {{ include "common.fullname" . }}-onap-certs
- subPath: aaf_root_ca.cer
- {{- end }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -144,8 +92,5 @@ spec:
path: log.conf
- key: healthy.sh
path: healthy.sh
-{{- if (include "common.needTLS" .) }}
-{{ include "oof.certificate.volume" . | indent 8 }}
-{{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml
index 651e832929..3b4b1e2fe6 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml
@@ -20,10 +20,6 @@ global:
# secrets metaconfig
#################################################################
secrets:
- - uid: oof-onap-certs
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths: '{{ .Values.secretsFilePaths }}'
- uid: oof-has-etcd-secret
name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret'
type: basicAuth
@@ -72,6 +68,11 @@ readiness:
initialDelaySeconds: 10
periodSeconds: 10
+readinessCheck:
+ wait_for:
+ jobs:
+ - '{{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job'
+
#Pods Service Account
serviceAccount:
nameOverride: oof-has-reservation
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/Chart.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/Chart.yaml
index 9f5381be53..0262f41062 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-solver/Chart.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/Chart.yaml
@@ -33,3 +33,6 @@ dependencies:
- name: serviceAccount
version: ~12.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~12.x-0
+ repository: '@local'
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml
index 4499d9806e..3cf0450c06 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml
@@ -17,62 +17,15 @@
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- {{- if (include "common.needTLS" .) }}
- - name: {{ include "common.name" . }}-solvr-sms-readiness
- command:
- - sh
- - -c
- - resp="FAILURE";
- until [ $resp = "200" ]; do
- resp=$(curl -s -o /dev/null -k --write-out %{http_code} https://aaf-sms.{{ include "common.namespace" . }}:10443/v1/sms/domain/has/secret);
- echo $resp;
- sleep 2;
- done
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.curl" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{- end }}
-
+ {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }}
@@ -114,11 +67,6 @@ spec:
- mountPath: /usr/local/bin/healthy.sh
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: healthy.sh
- {{- if (include "common.needTLS" .) }}
- - mountPath: /usr/local/bin/AAF_RootCA.cer
- name: {{ include "common.fullname" . }}-onap-certs
- subPath: aaf_root_ca.cer
- {{- end }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -144,8 +92,5 @@ spec:
path: log.conf
- key: healthy.sh
path: healthy.sh
-{{- if (include "common.needTLS" .) }}
-{{ include "oof.certificate.volume" . | indent 8 }}
-{{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml
index 46ff033c82..0bce2bc1ce 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml
@@ -20,10 +20,6 @@ global:
# secrets metaconfig
#################################################################
secrets:
- - uid: oof-onap-certs
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths: '{{ .Values.secretsFilePaths }}'
- uid: oof-has-etcd-secret
name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret'
type: basicAuth
@@ -72,6 +68,11 @@ readiness:
initialDelaySeconds: 10
periodSeconds: 10
+readinessCheck:
+ wait_for:
+ jobs:
+ - '{{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job'
+
#Pods Service Account
serviceAccount:
nameOverride: oof-has-solver
diff --git a/kubernetes/oof/components/oof-has/resources/config/aai_cert.cer b/kubernetes/oof/components/oof-has/resources/config/aai_cert.cer
deleted file mode 100755
index 4c6eb916e6..0000000000
--- a/kubernetes/oof/components/oof-has/resources/config/aai_cert.cer
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEKjCCAxKgAwIBAgIBHjANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJVUzEN
-MAsGA1UECgwET05BUDEOMAwGA1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVk
-aWF0ZUNBXzEwHhcNMTgwNDI1MTIxMzAxWhcNMTkwNDIwMTIxMzAxWjBtMQswCQYD
-VQQGEwJVUzENMAsGA1UECgwET05BUDEZMBcGA1UECwwQb29mQG9vZi5vbmFwLm9y
-ZzEOMAwGA1UECwwFT1NBQUYxJDAiBgNVBAMMG29vZi5hcGkuc2ltcGxlZGVtby5v
-bmFwLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANGpQUtgLXG3
-dVikd/QC2Q24wzeTOeZzbx3PnidNYZT5K0sJ/TdnZF6O/4+9gXQ6AQS2Q8wfQ009
-MQAA5vhUaq5yZ2K+XAtEFGln1TxTFpGu3WDOwQ800Vw18Dk8WidrkzDJv489Bn1f
-SSaPC0IaRB0K1d8BD63ZHgsuEY8lt31DX2wFWJcfN9mxNDzuLTZoLxtxKsedoZKH
-rsOOILwXOhwuunfx40i6RQN/pFX6C2i8dtOA5OwUm9Q1RrZ2Tv1Uf4IURriH6bfZ
-5n50yxTuL22TMYXsF/ohrdgwacuC0aV9ZSGhIZUJPyHVg7+QTBioHmoUJInVKuIx
-kkC4lENbLYUCAwEAAaOB+jCB9zAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIG
-wDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgU2VydmVyIENlcnRp
-ZmljYXRlMB0GA1UdDgQWBBQwbU5oHU2iYHCoVz4hFCvBW59cdTBUBgNVHSMETTBL
-gBQd5lldG54KOKRipsGF8/PP1vGX6qEwpC4wLDEOMAwGA1UECwwFT1NBQUYxDTAL
-BgNVBAoMBE9OQVAxCzAJBgNVBAYTAlVTggEBMA4GA1UdDwEB/wQEAwIF4DAdBgNV
-HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBADEa
-0VuxoFIygeQTqlizpHNwfApPmlAVSKDTWuEu4rhJs8GT61EuWZQPygXEUHCYmGvJ
-GMwEGGIDGiQqxMqlqng46gksNJbi1ktXr6Du18qW7gziUd84ve8KcecjZru1Sk1e
-UJ/6WEQVE17CHKcnzQZsMDakgP+61VgKbk5NlkeF/Qh4L6/3jY7g+xoXqaId5RT9
-BetmH/cMsj33lxQTs0fcXTbAQd6BX5ug854OJ1mU4ngJnNBdmn9Ow1bB71ohf5Xv
-OEYX8+khjgjlmM0u1hBRL4qViv3y2Gzhpm1M8cETMDj4g0zIJytzIYMxO8XvDPCF
-YmVZHXJDLsCogSOmmh0=
------END CERTIFICATE----- \ No newline at end of file
diff --git a/kubernetes/oof/components/oof-has/resources/config/aai_key.key b/kubernetes/oof/components/oof-has/resources/config/aai_key.key
deleted file mode 100755
index 246ff6d8cb..0000000000
--- a/kubernetes/oof/components/oof-has/resources/config/aai_key.key
+++ /dev/null
@@ -1,30 +0,0 @@
------BEGIN ENCRYPTED PRIVATE KEY-----
-MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIvxjZPeQVkRACAggA
-MBQGCCqGSIb3DQMHBAhWqwQCjZFCrASCBMjWG5wsC1WFJISJ5odMHzYOWOKLpaDP
-7a/dxnBrV6gId/DTmzoqtiBCmQRqhnUuYok98DNUFGjR9JqztNNOf5eslzqCugsh
-zVwCvsJYKvxxJ4Q8tow3DKx28I6EmOvwudMsL9c30OxpEWdlWmyFimu5JDdDvWUH
-S0fWKebQETZ7lptiRX2IXhC3Ye6Wu/DowDYc5L4Z/Q8nwncMB3n2ntMX10pBrura
-15/R18AvG5cDwcasTXz5WKIB/K2onvJfW0so2M8jApu2DF4MpEIN9Z973uTNFXcL
-dgHKWtIl2WO38coedaXUILgsxLSSU27TG4F+7QMGjiKXUSWjN9+TD+8zWye/9OIW
-qfVtoh+n7lWtzC3Axo1OmPInCkFb+I7QaDsJgsUn+ZWap7FVJFrYiz20UTzYYgAK
-OukCgKiJTHOhTT1k0km34ROPmqOk6mH7IkioUSTmoP362RpIVTbKv2e5GKzhYfkk
-27W3RRG/qoZLUTU2AaAyoGZlzXDkBFw2g4vxnhcfHeXX6jyJyQWOOOeRJ5B6uc+Y
-4XmKKJvq5pFlxUDmVCZLRzjwpvYPTQwTQQ9t7kEZFI8B7TMkDqv62YlXyoWNDwPq
-yLvDwPDicx33AZor8N/eDgIOE+TXQ0vEyphf0c9OcgneeJmEtn7IskEahv32ruMQ
-uFAAuIUmQfXPNMXu3MYIUItvZDm3RUk3YJDj9c8YtvxDlzLytHu5QYJ3v7rvo+mG
-XKwmnZouaNRLw5Y7Mff07BuTPuttyNadacuJtUjvv8qVOIeuxQ7nku6yqKKLTeJr
-8E4/tYyZ15FIo3hWi16h3zyZ9LiHhhe7d2XYSVMuzuD4jkIdHbdgiKsCJn9mI5PF
-VpDF34w1Fjwv7Gu32MRMpJijAW10ENaP1O2izr9l8jwo+CLgi5qa6a2YTYAZooqt
-UjTLfEIQKbwFbq5L9Eb1uRw1lRR9SxcxdNQdY+mtx0x2BSmXVUEcyi6OG/8Lzf/1
-9VoE5UPfhSE7ogfbL8eraFlQmKL8f3h3Jx/XDvvKC8YXxgooEhV0BsofXmLdF0BK
-bhXR1/JptLz8CJjtlBWQkmqj+ONOHFA9/4YHMNn5T1PBLNzQCZSjQXrDKxowLDsI
-ozUyZ080c2LrJCf6zj6+fB3LDvHYfJ6LnYASCHJlNS0NVmRPiYB/dmoqF/iyAEjp
-cKUUrbhs6U95aPMo0pPSCuhLKiibCo3Vz/9dvGb7pr6aj/ehOjrtKtGlYukBqNkS
-RQK2kkL8IO+iPWs3aCnEhfeS+wNBMAtI/TEw6As2zseyb3/SylHjek4s1gs9MPdw
-c3o2ArwMzmP0sfFIjYz+AyQm+5i/LSnkNjG0OU9ekGXy7Z4HAcko2Dv8/SmOVapP
-cf8c55RUDlYJh9Ltn0W5fuNA6dykV7f9s8BIrZcnzTN+lifNhNlEYYcmyZwlCcX4
-NBLoH+ENW+Q7+nuhGcf52j/XgTaPZ0Eec8ZJdK7FzVDN4DWKM4KHD7DgpkOR7TZl
-IKGNtdvb3SaGG83YlJhRkkr0C2KvB0Mz2dkAhOKX3NkBr5fY62IvuMdqD7VDjGAw
-h/GBn0k5+gpVP0Uh6yWEla3CjM9GnUuMVcwIUAYSeW2rFu4iapK0gBwguR91cM1N
-MA8=
------END ENCRYPTED PRIVATE KEY-----
diff --git a/kubernetes/oof/components/oof-has/resources/config/bundle.pem b/kubernetes/oof/components/oof-has/resources/config/bundle.pem
deleted file mode 100755
index 60121e751b..0000000000
--- a/kubernetes/oof/components/oof-has/resources/config/bundle.pem
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEVDCCAjygAwIBAgIBATANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB
-RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwNDA1MTQxNTQwWhcN
-MTgwNjA0MTQxNTQwWjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG
-A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzEwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCY3YPA/YQdz4kaZQzdRzWNjmn33WYAWZ8+
-EIz3PhkEzk7M1q9N7Icx2LvozMj4VH0yGz/HYlliHhw26ZRsjYMSR8zATsXl4oW9
-w9BrjuyvM3w8Ptxe8WbUFF9LJDGyXPeVvcXVo0iyh3QYPWC/AWmomN19MvBFN5vH
-AvEG/7qtonViNfISW9Gr9LpXB0foCmUDBu/lV+SwRGajoCPqdZhZ6/L6/yqDvha2
-wsML/UZXlGhXAedt/xOKmT/dSXx/I0vWBVp6Tq4zu87yCvd+I6Tpa5HjttA2I5EV
-zdHX+JYBPBBcVCyO9YQOYjJuoVDE4D5etY6dEipKG/KZF/rqAoqZAgMBAAGjZjBk
-MB0GA1UdDgQWBBQd5lldG54KOKRipsGF8/PP1vGX6jAfBgNVHSMEGDAWgBRTVTPy
-S+vQUbHBeJrBKDF77+rtSTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQE
-AwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAmgeiitBDi/YEqFh2Cqp0VIEqw8hiuV87
-rADQWMK4hv5WXl3KJTjFAnWsYFUKrm6s1jNH16FyGExUQgwggob0Vt+MHiUs36jU
-kyret/uE5qrjz+/J+i2XG6s1oKcDRVD/jU4qBygZWFBMuwl7sz8IEvaYXGM43s96
-Du3UF9E+V3aMppqkGWz6MnrTmANnWAlDAMeifcoexjrpxiKbp8f49HX1UzwFoeEg
-RnVwNqgDWT66yGV6mbNl6FpE/U81RpCRY1ZJDeVTxbqIaG/UPV4hpQ+BEVBDF+cb
-rGsvsNYYpWx5srIQ7WtGKIlaDFbfWPwnHDHegzr8ypAS3KNWULE+QXCbHWtB+b0Y
-WhP/2F6Jjb+ByvJqQoE+nHEYBeUOZUUZC4IuQFNJ5Wy5P0CNXdheiWhdrBmG02Gy
-KMi0FJx6BEoWM2xcdl6bn5j9mhF4TX7zgepNWlgTra4Z8Oz8iqbQk33/s2OKM4ic
-6ZezUYhNp+MuUt4Se+ufNcGV65jnUKeROtWzNLwP+xwglEFlG8aNiAORthd7QJuT
-Ey2cX7H7f38ENQ5YCriUk1nVLO9F66l/rNRzYZgQzRI3IvDW8vyM2TLW2mcZNsaf
-qjFMcCDweV2FRb8eTbmWzzB2/xTVpGzVJqzwgE+U7UtJx5CZS3wPkvXuEgvcg1tY
-m1r4NGYFvLM=
------END CERTIFICATE----- \ No newline at end of file
diff --git a/kubernetes/oof/components/oof-has/resources/config/conductor.conf b/kubernetes/oof/components/oof-has/resources/config/conductor.conf
index d650808036..511c0cd6de 100755
--- a/kubernetes/oof/components/oof-has/resources/config/conductor.conf
+++ b/kubernetes/oof/components/oof-has/resources/config/conductor.conf
@@ -159,13 +159,13 @@ appkey = ""
#
# is_aaf_enabled. (boolean value)
-is_aaf_enabled = {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+is_aaf_enabled = false
# aaf_cache_expiry_hrs. (integer value)
aaf_cache_expiry_hrs = 3
# aaf_url. (string value)
-aaf_url = http{{ if (include "common.needTLS" .) }}s{{ end }}://{{.Values.config.aaf.serviceName}}:{{.Values.config.aaf.port}}/authz/perms/user/
+aaf_url =
# aaf_cert_file. (string value)
#aaf_cert_file = <None>
@@ -175,7 +175,7 @@ aaf_url = http{{ if (include "common.needTLS" .) }}s{{ end }}://{{.Values.config
# aaf_ca_bundle_file. (string value)
#aaf_ca_bundle_file =
-aaf_ca_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }}
+aaf_ca_bundle_file =
# aaf_retries. (integer value)
#aaf_retries = 3
@@ -194,11 +194,11 @@ aaf_ca_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_Roo
#
# is_enabled. (boolean value)
-is_enabled = {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+is_enabled = false
# Base URL for SMS, up to and not including the version, and without a trailing
# slash. (string value)
-aaf_sms_url = http{{ if (include "common.needTLS" .) }}s{{ end }}://{{.Values.config.sms.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.sms.port}}
+aaf_sms_url =
# Timeout for SMS API Call (integer value)
@@ -234,8 +234,7 @@ complex_cache_refresh_interval = 60
# Base URL for A&AI, up to and not including the version, and without a
# trailing slash. (string value)
-#server_url = https://{{.Values.config.aai.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.aai.port}}/aai
-server_url = http{{ if (include "common.needTLS" .) }}s{{ end }}://{{.Values.config.aai.serviceName}}.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.aai.port .Values.config.aai.plainPort }}/aai
+server_url = http://{{.Values.config.aai.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.aai.port}}/aai
# Timeout for A&AI Rest Call (string value)
#aai_rest_timeout = 30
@@ -256,7 +255,7 @@ certificate_key_file =
# Certificate Authority Bundle file in pem format. Must contain the appropriate
# trust chain for the Certificate file. (string value)
#certificate_authority_bundle_file = certificate_authority_bundle.pem
-certificate_authority_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }}
+certificate_authority_bundle_file =
# Username for AAI. (string value)
username = OOF
@@ -452,102 +451,6 @@ username =
password =
-[music_api]
-
-#
-# From conductor
-#
-
-# Base URL for Music REST API without a trailing slash. (string value)
-#server_url = http://oof-has-music:8080/MUSIC/rest/v2
-server_url = https://{{.Values.config.music.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.music.port}}/MUSIC/rest/v2
-version = v2
-
-# DEPRECATED: List of hostnames (round-robin access) (list value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Use server_url instead
-#hostnames = <None>
-
-# DEPRECATED: Port (integer value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Use server_url instead
-#port = <None>
-
-# DEPRECATED: Path (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Use server_url instead
-#path = <None>
-
-# Socket connection timeout (floating point value)
-#connect_timeout = 3.05
-
-# Socket read timeout (floating point value)
-#read_timeout = 12.05
-
-# Lock timeout (integer value)
-#lock_timeout = 10
-
-# Replication factor (integer value)
-#replication_factor = 1
-replication_factor = 1
-
-# Use mock API (boolean value)
-#mock = false
-
-# (string value)
-#music_topology = SimpleStrategy
-
-# Name of the first data center (string value)
-#first_datacenter_name = <None>
-
-# Number of replicas in first data center (integer value)
-#first_datacenter_replicas = <None>
-
-# Name of the second data center (string value)
-#second_datacenter_name = <None>
-
-# Number of replicas in second data center (integer value)
-#second_datacenter_replicas = <None>
-
-# Name of the third data center (string value)
-#third_datacenter_name = <None>
-
-# Number of replicas in third data center (integer value)
-#third_datacenter_replicas = <None>
-
-# new or old version (boolean value)
-#music_new_version = <None>
-music_new_version = True
-
-# for version (string value)
-#music_version = <None>
-music_version = "3.2.40"
-
-# username value that used for creating basic authorization header (string
-# value)
-#aafuser = <None>
-aafuser = conductor
-
-# password value that used for creating basic authorization header (string
-# value)
-#aafpass = <None>
-aafpass = c0nduct0r
-
-# AAF namespace field used in MUSIC request header (string value)
-#aafns = <None>
-aafns = conductor
-
-# Enabling HTTPs mode (boolean value)
-enable_https_mode = True
-
-# Certificate Authority Bundle file in pem format. Must contain the appropriate
-# trust chain for the Certificate file. (string value)
-certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer
-
-
[prometheus]
#
@@ -680,8 +583,7 @@ concurrent = true
# Base URL for SDC, up to and not including the version, and without a
# trailing slash. (string value)
#server_url = https://controller:8443/sdc
-#server_url = https://{{.Values.config.sdc.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.sdc.port}}/sdc
-server_url = http{{ if (include "common.needTLS" .) }}s{{ end }}://{{.Values.config.sdc.serviceName}}.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.sdc.port .Values.config.sdc.plainPort }}/sdc
+server_url = http://{{.Values.config.sdc.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.sdc.port}}/sdc
# Timeout for SDC Rest Call (string value)
#sdc_rest_timeout = 30
@@ -704,7 +606,7 @@ certificate_key_file =
# Certificate Authority Bundle file in pem format. Must contain the appropriate
# trust chain for the Certificate file. (string value)
#certificate_authority_bundle_file = certificate_authority_bundle.pem
-certificate_authority_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }}
+certificate_authority_bundle_file =
# Username for SDC. (string value)
#username =
@@ -749,7 +651,7 @@ certificate_key_file =
# Certificate Authority Bundle file in pem format. Must contain the appropriate
# trust chain for the Certificate file. (string value)
#certificate_authority_bundle_file = certificate_authority_bundle.pem
-certificate_authority_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }}
+certificate_authority_bundle_file =
# Username for CPS. (string value)
#username =
@@ -770,7 +672,7 @@ get_ta_list_url = "/api/v1/execute/ran-coverage-area/get_ta_list"
# Base URL for DCAE, up to and not including the version, and without a
# trailing slash. (string value)
-server_url = http://{{.Values.config.dcae.service}}.{{ include "common.namespace" . }}:{{.Values.config.dcae.port}}
+server_url = http://{{.Values.config.dcae.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.dcae.port}}
# Timeout for DCAE Rest Call (string value)
#dcae_rest_timeout = 30
@@ -793,7 +695,7 @@ certificate_key_file =
# Certificate Authority Bundle file in pem format. Must contain the appropriate
# trust chain for the Certificate file. (string value)
#certificate_authority_bundle_file = certificate_authority_bundle.pem
-certificate_authority_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }}
+certificate_authority_bundle_file =
# Username for DCAE. (string value)
#username =
diff --git a/kubernetes/oof/components/oof-has/resources/config/nginx.conf b/kubernetes/oof/components/oof-has/resources/config/nginx.conf
index 9272e8581c..1c1094dacb 100644
--- a/kubernetes/oof/components/oof-has/resources/config/nginx.conf
+++ b/kubernetes/oof/components/oof-has/resources/config/nginx.conf
@@ -11,17 +11,8 @@ http {
server {
-{{ if (include "common.needTLS" .) }}
- listen 8091 ssl;
- server_name oof;
- ssl_certificate /opt/bitnami/nginx/org.onap.oof.crt;
- ssl_certificate_key /opt/bitnami/nginx/ssl/local/org.onap.oof.key;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
- ssl_ciphers HIGH:!aNULL:!MD5;
-{{ else }}
listen 8091;
server_name oof;
-{{ end }}
location / {
include /opt/bitnami/nginx/conf/uwsgi_params;
diff --git a/kubernetes/oof/components/oof-has/values.yaml b/kubernetes/oof/components/oof-has/values.yaml
index 0c5397c5a8..219e236fbf 100755
--- a/kubernetes/oof/components/oof-has/values.yaml
+++ b/kubernetes/oof/components/oof-has/values.yaml
@@ -27,11 +27,6 @@ global:
# Secrets metaconfig
#################################################################
secrets:
- - uid: oof-onap-certs
- name: &oof-certs '{{ include "common.release" . }}-oof-onap-certs'
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths: '{{ .Values.secretsFilePaths }}'
- uid: oof-has-etcd-root-password
name: &root-password '{{ include "common.release" . }}-has-etcd-root-password'
type: password
@@ -50,31 +45,20 @@ nodePortPrefix: 302
dataRootDir: /dockerdata-nfs
config:
dbBackend: etcd
- aaf:
- serviceName: aaf-service
- port: 8100
aai:
serviceName: aai
- port: 8443
- plainPort: 80
+ port: 80
msb:
serviceName: msb-iag
port: 80
- music:
- serviceName: music
- port: 8443
- sms:
- serviceName: aaf-sms
- port: 10443
sdc:
serviceName: sdc-be
- port: 8443
- plainPort: 8080
+ port: 8080
cps:
- service: cps-tbdmt
+ serviceName: cps-tbdmt
port: 8080
dcae:
- service: dcae-slice-analysis-ms
+ serviceName: dcae-slice-analysis-ms
port: 8080
etcd:
serviceName: &etcd-service oof-has-etcd
@@ -106,7 +90,6 @@ resources:
#component overrides
oof-has-api: &has-config
enabled: true
- certSecret: *oof-certs
config:
etcd:
userCredentialsExternalSecret: *user-creds
@@ -115,8 +98,6 @@ oof-has-controller: *has-config
oof-has-data: *has-config
oof-has-reservation: *has-config
oof-has-solver: *has-config
-music:
- enabled: false
#etcd subchart configurations
etcd:
diff --git a/kubernetes/oof/components/oof-templates/templates/_certificate.tpl b/kubernetes/oof/components/oof-templates/templates/_certificate.tpl
deleted file mode 100644
index 4da128bcbb..0000000000
--- a/kubernetes/oof/components/oof-templates/templates/_certificate.tpl
+++ /dev/null
@@ -1,11 +0,0 @@
-{{- define "oof.certificate.volume" -}}
-- name: {{ include "common.fullname" . }}-onap-certs
- secret:
- secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "oof-onap-certs") }}
- items:
- - key: aaf_root_ca.cer
- path: aaf_root_ca.cer
- - key: intermediate_root_ca.pem
- path: intermediate_root_ca.pem
-{{- end -}}
-
diff --git a/kubernetes/oof/resources/config/certs/aaf_root_ca.cer b/kubernetes/oof/resources/config/certs/aaf_root_ca.cer
deleted file mode 100755
index e9a50d7ea0..0000000000
--- a/kubernetes/oof/resources/config/certs/aaf_root_ca.cer
+++ /dev/null
@@ -1,31 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
-BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
-NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK
-DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7
-XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn
-H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM
-pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7
-NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg
-2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY
-wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd
-ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM
-P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6
-aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY
-PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G
-A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ
-UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
-BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz
-L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9
-7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx
-c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf
-jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2
-RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h
-PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF
-CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+
-Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A
-cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
-ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
-dYY=
------END CERTIFICATE-----
diff --git a/kubernetes/oof/resources/config/certs/intermediate_root_ca.pem b/kubernetes/oof/resources/config/certs/intermediate_root_ca.pem
deleted file mode 100644
index b67866d160..0000000000
--- a/kubernetes/oof/resources/config/certs/intermediate_root_ca.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB
-RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN
-MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG
-A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL
-neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d
-o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3
-nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV
-v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO
-15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw
-gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV
-M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/
-BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B
-AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q
-ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl
-u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+
-+pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/
-QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht
-8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX
-kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3
-aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky
-uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w
-tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep
-BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k=
------END CERTIFICATE-----
-
diff --git a/kubernetes/oof/resources/config/conf/common_config.yaml b/kubernetes/oof/resources/config/conf/common_config.yaml
index 5ee95c096d..394bece9d9 100644
--- a/kubernetes/oof/resources/config/conf/common_config.yaml
+++ b/kubernetes/oof/resources/config/conf/common_config.yaml
@@ -4,8 +4,6 @@ osdf_system:
internal: 8699 # inside the Docker container, the app listens to this port
external: 8698 # clients use this port on DockerHost
osdf_ip_default: 0.0.0.0
-# # Important Note: At deployment time, we need to ensure the port mapping is done
- ssl_context: {{ if (include "common.needTLS" .) }}['/opt/osdf/org.onap.oof.crt', '/opt/osdf/osaaf/local/org.onap.oof.key']{{ end }}
osdf_temp: # special configuration required for "workarounds" or testing
local_policies:
diff --git a/kubernetes/oof/resources/config/conf/osdf_config.yaml b/kubernetes/oof/resources/config/conf/osdf_config.yaml
index ff62bb6b0a..818d4f340a 100755
--- a/kubernetes/oof/resources/config/conf/osdf_config.yaml
+++ b/kubernetes/oof/resources/config/conf/osdf_config.yaml
@@ -11,14 +11,14 @@ placementDefaultMinorVersion: {{ .Values.config.placementDefaultMinorVersion }}
placementDefaultPatchVersion: {{ .Values.config.placementDefaultPatchVersion }}
# Credentials for Conductor
-conductorUrl: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.conductorUrl.https .Values.config.conductorUrl.http }}
+conductorUrl: {{ .Values.config.conductorUrl.http }}
conductorPingWaitTime: {{ .Values.config.conductorPingWaitTime }}
conductorMaxRetries: {{ .Values.config.conductorMaxRetries }}
# versions to be set in HTTP header
conductorMinorVersion: {{ .Values.config.conductorMinorVersion }}
# Policy Platform -- requires ClientAuth, Authorization, and Environment
-policyPlatformUrl: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.policyPlatformUrl.https .Values.config.policyPlatformUrl.http }}
+policyPlatformUrl: {{ .Values.config.policyPlatformUrl.http }}
policyPlatformEnv: {{ .Values.config.policyPlatformEnv }}
# Credentials for DMaaP
@@ -29,19 +29,16 @@ messageReaderTopic: {{ .Values.config.messageReaderTopic }}
sdcUrl: {{ .Values.config.sdcUrl }}
sdcONAPInstanceID: {{ .Values.config.sdcONAPInstanceID }}
-is_aaf_enabled: {{ .Values.config.is_aaf_enabled }}
-aaf_cache_expiry_mins: {{ .Values.config.aaf_cache_expiry_mins }}
-aaf_url: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.aaf_url.https .Values.config.aaf_url.http }}
+is_aaf_enabled: False
+aaf_cache_expiry_mins: 5
+aaf_url:
aaf_user_roles:
- {{- range .Values.config.aaf_user_roles }}
- - {{ . }}
- {{- end }}
# Secret Management Service from AAF
-aaf_sms_url: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.aaf_sms_url.https .Values.config.aaf_sms_url.http }}.{{ include "common.namespace" . }}:{{ .Values.config.aaf_sms_port }}
-aaf_sms_timeout: {{ .Values.config.aaf_sms_timeout }}
-secret_domain: {{ .Values.config.secret_domain }}
-aaf_ca_certs: {{ .Values.config.aaf_ca_certs }}
+aaf_sms_url:
+aaf_sms_timeout: 30
+secret_domain: ''
+aaf_ca_certs: ''
configClientType: {{ .Values.config.configClientType }}
@@ -56,7 +53,7 @@ cpsCellListUrl: {{ .Values.config.cps.cellListUrl }}
cpsNbrListUrl: {{ .Values.config.cps.nbrListUrl }}
# AAI api
-aaiUrl: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.aaiUrl.https .Values.config.aaiUrl.http }}
+aaiUrl: {{ .Values.config.aaiUrl.http }}
aaiGetLinksUrl: {{ .Values.config.aaiGetLinksUrl }}
aaiServiceInstanceUrl : {{ .Values.config.aaiServiceInstanceUrl }}
aaiGetControllersUrl: {{ .Values.config.aaiGetControllersUrl }}
@@ -65,7 +62,7 @@ aaiGetInterDomainLinksUrl: {{ .Values.config.aaiGetInterDomainLinksUrl }}
dslQueryPath: /aai/v23/dsl?format=
#DES api
-desUrl: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.desUrl.https .Values.config.desUrl.http }}
+desUrl: {{ .Values.config.desUrl.http }}
desApiPath: {{ .Values.config.desApiPath }}
desHeaders:
Accept: application/json
diff --git a/kubernetes/oof/templates/deployment.yaml b/kubernetes/oof/templates/deployment.yaml
index 31884c06bb..2d07cc1f51 100644
--- a/kubernetes/oof/templates/deployment.yaml
+++ b/kubernetes/oof/templates/deployment.yaml
@@ -18,61 +18,15 @@
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- - command:
- - /app/ready.py
- args:
- - --container-name
- - policy-xacml-pdp
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- {{- if (include "common.needTLS" .) }}
- - command:
- - sh
- - -c
- - resp="FAILURE";
- until [ $resp = "200" ]; do
- resp=$(curl -s -o /dev/null -k --write-out %{http_code} http{{ if (include "common.needTLS" .) }}s{{ end }}://aaf-sms.{{ include "common.namespace" . }}:10443/v1/sms/domain/osdf/secret);
- echo $resp;
- sleep 2;
- done
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.curl" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-osdf-sms-readiness
- {{- end }}
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
+ {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
@@ -82,13 +36,10 @@ spec:
args:
- "-c"
- |
- {{- if (include "common.needTLS" .) }}
- grep -v '^$' /opt/osdf/osaaf/local/org.onap.oof.crt > /tmp/oof.crt
- cat /tmp/oof.crt /opt/app/ssl_cert/intermediate_root_ca.pem /opt/app/ssl_cert/aaf_root_ca.cer >> /opt/osdf/org.onap.oof.crt
- {{ end }}
python osdfapp.py
ports:
- containerPort: {{ .Values.service.internalPort }}
+ name: http
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if .Values.liveness.enabled }}
@@ -105,21 +56,12 @@ spec:
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /opt/osdf/config/osdf_config.yaml
name: {{ include "common.fullname" . }}-config
subPath: osdf_config.yaml
- {{- if (include "common.needTLS" .) }}
- - mountPath: /opt/app/ssl_cert/aaf_root_ca.cer
- name: {{ include "common.fullname" . }}-onap-certs
- subPath: aaf_root_ca.cer
- - mountPath: /opt/app/ssl_cert/intermediate_root_ca.pem
- name: {{ include "common.fullname" . }}-onap-certs
- subPath: intermediate_root_ca.pem
- {{- end }}
- mountPath: /opt/osdf/config/common_config.yaml
name: {{ include "common.fullname" . }}-config
subPath: common_config.yaml
@@ -141,7 +83,6 @@ spec:
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
@@ -157,6 +98,5 @@ spec:
path: log.yml
- key: slicing_config.yaml
path: slicing_config.yaml
-{{ include "oof.certificate.volume" . | indent 8 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/oof/templates/ingress.yaml b/kubernetes/oof/templates/ingress.yaml
index 8f87c68f1e..99c7f87970 100644
--- a/kubernetes/oof/templates/ingress.yaml
+++ b/kubernetes/oof/templates/ingress.yaml
@@ -1 +1,19 @@
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T,VMware
+# Modifications Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
{{ include "common.ingress" . }}
diff --git a/kubernetes/oof/templates/service.yaml b/kubernetes/oof/templates/service.yaml
index b2da17a23f..418f89ac93 100644
--- a/kubernetes/oof/templates/service.yaml
+++ b/kubernetes/oof/templates/service.yaml
@@ -15,30 +15,4 @@
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }} \ No newline at end of file
diff --git a/kubernetes/oof/values.yaml b/kubernetes/oof/values.yaml
index f6867bd8bf..87202e16dd 100644
--- a/kubernetes/oof/values.yaml
+++ b/kubernetes/oof/values.yaml
@@ -20,22 +20,10 @@ global:
persistence: {}
#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: oof-onap-certs
- name: &oof-certs '{{ include "common.release" . }}-oof-onap-certs'
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths:
- - resources/config/certs/intermediate_root_ca.pem
- - resources/config/certs/aaf_root_ca.cer
-
-#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/optf-osdf:3.0.7
+image: onap/optf-osdf:3.0.8
pullPolicy: Always
# flag to enable debugging - application support required
@@ -57,7 +45,6 @@ config:
# Url and credentials for Conductor.
conductorUrl:
- https: https://oof-has-api:8091/v1/plans/
http: http://oof-has-api:8091/v1/plans/
conductorPingWaitTime: 10
conductorMaxRetries: 30
@@ -65,7 +52,6 @@ config:
conductorMinorVersion: 0
# Url and credentials for the Policy Platform
policyPlatformUrl:
- https: https://policy-xacml-pdp:6969/policy/pdpx/v1/decision # Policy Dev platform URL
http: http://policy-xacml-pdp:8080/policy/pdpx/v1/decision
policyPlatformEnv: TEST # Environment for policy platform
# Credentials for the message reader - A placeholder.
@@ -74,28 +60,14 @@ config:
# Credentials for the SDC interface - A placeholder.
sdcUrl: NA
sdcONAPInstanceID: NA
- #AAF Authentication
- is_aaf_enabled: False
- aaf_cache_expiry_mins: 5
- aaf_url:
- https: https://aaf-service:8100
- http: http://aaf-service:8080
- aaf_user_roles:
- - '/placement:org.onap.oof.access|*|read ALL'
- - '/pci:org.onap.oof.access|*|read ALL'
- # Secret Management Service from AAF
- aaf_sms_url:
- https: https://aaf-sms
- http: http://aaf-sms
- aaf_sms_port: 10443
- aaf_sms_timeout: 30
- secret_domain: osdf
- aaf_ca_certs: /opt/app/ssl_cert/aaf_root_ca.cer
+
configClientType: cps
+
# config db api
configDbUrl: http://configdb:8080
configDbGetCellListUrl: 'api/sdnc-config-db/v3/getCellList'
configDbGetNbrListUrl: 'api/sdnc-config-db/v3/getNbrList'
+
# cps api
cps:
url: cps-tbdmt:8080/execute
@@ -104,8 +76,7 @@ config:
#aai api
aaiUrl:
- https: https://aai:8443
- http: http://aai:8080
+ http: http://aai:80
aaiGetLinksUrl: /aai/v16/network/logical-links
aaiServiceInstanceUrl : /aai/v20/nodes/service-instances/service-instance/
aaiGetControllersUrl: /aai/v19/external-system/esr-thirdparty-sdnc-list
@@ -113,7 +84,6 @@ config:
aaiGetInterDomainLinksUrl: /aai/v19/network/logical-links?link-type=inter-domain&operational-status=up
#des api
desUrl:
- https: https://des.url:9000
http: http://des.url:8080
desApiPath: /datalake/v1/exposure/
desUsername: ''
@@ -133,14 +103,10 @@ certInitializer:
fqi: "oof@oof.onap.org"
fqi_namespace: org.onap.oof
public_fqdn: "oof.onap.org"
- aafDeployFqi: "deployer@people.osaaf.org"
- aafDeployPass: demo123456!
cadi_latitude: "0.0"
cadi_longitude: "0.0"
credsPath: /opt/app/osaaf/local
appMountPath: /opt/osdf/osaaf
- aaf_add_config: >
- chmod 444 {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key;
# Segregation for Different environment (Small and Large)
resources:
@@ -172,9 +138,11 @@ readiness:
service:
type: NodePort
name: oof-osdf
- externalPort: 8698
internalPort: 8699
- nodePort: 48
+ ports:
+ - name: http
+ port: 8698
+ nodePort: '48'
ingress:
enabled: false
service:
@@ -188,7 +156,10 @@ ingress:
oof-has:
enabled: true
- certSecret: *oof-certs
+
+readinessCheck:
+ wait_for:
+ - policy-xacml-pdp
#Pods Service Account
serviceAccount: