summaryrefslogtreecommitdiffstats
path: root/kubernetes/policy/components/policy-api
diff options
context:
space:
mode:
authorAndreas Geissler <andreas-geissler@telekom.de>2023-03-21 18:09:46 +0100
committerAndreas Geissler <andreas-geissler@telekom.de>2023-03-23 18:33:22 +0100
commitf10c5555b94780a402c5d62dce1e60dfe12390ec (patch)
tree0a9f54172cc89f68e4a04c43b23503b15eedef6f /kubernetes/policy/components/policy-api
parentae76d2e31d845728ad34ea599a2254b77fd87132 (diff)
[POLICY] Cleanup of Helmcharts from AAF/TLS options
Remove AAF options and Certificate settings Disable Istio Sidecar injection for DB jobs due to problems during DB Migration Extended the timeouts for clamp-runtime-acm Issue-ID: OOM-3120 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: I802fa2038535524f4696513acd5aa7772e0a3f35
Diffstat (limited to 'kubernetes/policy/components/policy-api')
-rwxr-xr-xkubernetes/policy/components/policy-api/Chart.yaml4
-rw-r--r--kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml3
-rwxr-xr-xkubernetes/policy/components/policy-api/templates/deployment.yaml37
-rwxr-xr-xkubernetes/policy/components/policy-api/templates/service.yaml27
-rwxr-xr-xkubernetes/policy/components/policy-api/values.yaml44
5 files changed, 16 insertions, 99 deletions
diff --git a/kubernetes/policy/components/policy-api/Chart.yaml b/kubernetes/policy/components/policy-api/Chart.yaml
index 49c067b639..1ce7d969f5 100755
--- a/kubernetes/policy/components/policy-api/Chart.yaml
+++ b/kubernetes/policy/components/policy-api/Chart.yaml
@@ -2,6 +2,7 @@
# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021 Nordix Foundation
+# Modification (C) 2023 Deutsche Telekom. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -27,9 +28,6 @@ dependencies:
- name: common
version: ~12.x-0
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
diff --git a/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml b/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml
index 53ab355332..269ecd5f5f 100644
--- a/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml
+++ b/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml
@@ -1,6 +1,7 @@
# ============LICENSE_START=======================================================
# Copyright (C) 2022 Bell Canada. All rights reserved.
# Modifications Copyright (C) 2022 AT&T Intellectual Property.
+# Modification (C) 2023 Deutsche Telekom. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -20,7 +21,7 @@
server:
port: {{ .Values.service.internalPort }}
ssl:
- enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+ enabled: false
servlet:
context-path: /policy/api/v1
diff --git a/kubernetes/policy/components/policy-api/templates/deployment.yaml b/kubernetes/policy/components/policy-api/templates/deployment.yaml
index b791614b92..580dcdde86 100755
--- a/kubernetes/policy/components/policy-api/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-api/templates/deployment.yaml
@@ -1,23 +1,11 @@
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
@@ -56,26 +44,13 @@ spec:
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-{{ include "common.certInitializer.initContainer" . | indent 8 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-{{- if .Values.global.aafEnabled }}
- command: ["sh","-c"]
- args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
- /opt/app/policy/api/bin/policy-api.sh /opt/app/policy/api/etc/mounted/apiParameters.yaml"]
-{{- else }}
command: ["/opt/app/policy/api/bin/policy-api.sh"]
args: ["/opt/app/policy/api/etc/mounted/apiParameters.yaml"]
- env:
- - name: KEYSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
- - name: TRUSTSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
-{{- end }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if eq .Values.liveness.enabled true }}
@@ -92,14 +67,13 @@ spec:
httpHeaders:
- name: Authorization
value: Basic {{ printf "%s:%s" .Values.restServer.user .Values.restServer.password | b64enc }}
- scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
+ scheme: HTTP
successThreshold: {{ .Values.readiness.successThreshold }}
failureThreshold: {{ .Values.readiness.failureThreshold }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeout }}
volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -116,7 +90,6 @@ spec:
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
-{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
diff --git a/kubernetes/policy/components/policy-api/templates/service.yaml b/kubernetes/policy/components/policy-api/templates/service.yaml
index b5dee39e60..abb9a44bbe 100755
--- a/kubernetes/policy/components/policy-api/templates/service.yaml
+++ b/kubernetes/policy/components/policy-api/templates/service.yaml
@@ -1,6 +1,7 @@
{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# Modification (C) 2023 Deutsche Telekom. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -18,28 +19,4 @@
# ============LICENSE_END=========================================================
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml
index 429e9eaf2b..2ec88ee82e 100755
--- a/kubernetes/policy/components/policy-api/values.yaml
+++ b/kubernetes/policy/components/policy-api/values.yaml
@@ -1,6 +1,7 @@
# ============LICENSE_START=======================================================
# Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright (C) 2022 Bell Canada. All rights reserved.
+# Modification (C) 2023 Deutsche Telekom. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -23,7 +24,6 @@
global:
nodePortPrefix: 304
persistence: {}
- aafEnabled: true
#################################################################
# Secrets metaconfig
@@ -41,39 +41,6 @@ secrets:
login: '{{ .Values.restServer.user }}'
password: '{{ .Values.restServer.password }}'
passwordPolicy: required
- - uid: keystore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.keyStorePassword }}'
- passwordPolicy: required
- - uid: truststore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.trustStorePassword }}'
- passwordPolicy: required
-
-certStores:
- keyStorePassword: Pol1cy_0nap
- trustStorePassword: Pol1cy_0nap
-
-certInitializer:
- nameOverride: policy-api-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: policy
- fqi: policy@policy.onap.org
- public_fqdn: policy.onap.org
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- app_ns: org.osaaf.aaf
- uid: 100
- gid: 101
- aaf_add_config: >
- echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
- echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
- chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
-
#################################################################
# Application configuration defaults.
@@ -123,10 +90,11 @@ readiness:
service:
type: ClusterIP
name: policy-api
- portName: http
- externalPort: 6969
internalPort: 6969
- nodePort: 40
+ ports:
+ - name: http
+ port: 6969
+
ingress:
enabled: false
@@ -164,7 +132,7 @@ metrics:
enabled: true
port: policy-api
interval: 60s
- isHttps: true
+ isHttps: false
basicAuth:
enabled: true
externalSecretNameSuffix: policy-api-user-creds