diff options
author | Sylvain Desbureaux <sylvain.desbureaux@orange.com> | 2020-09-10 07:41:02 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2020-09-10 07:41:02 +0000 |
commit | 8c62083d8ac58e74f16409adf775cb1c49063745 (patch) | |
tree | a1bb88d71983737ab19eabf88931a313d3811882 /kubernetes/sdc/components/sdc-wfd-fe | |
parent | 86a28cdb200f482bc9a2e1f281ec1c51938f6c2c (diff) | |
parent | 742a7b29bfb6ffb18ef65b0a45ad08de59e52a6e (diff) |
Merge "[SDC] use of certInitializer template"
Diffstat (limited to 'kubernetes/sdc/components/sdc-wfd-fe')
9 files changed, 446 insertions, 0 deletions
diff --git a/kubernetes/sdc/components/sdc-wfd-fe/.helmignore b/kubernetes/sdc/components/sdc-wfd-fe/.helmignore new file mode 100644 index 0000000000..f0c1319444 --- /dev/null +++ b/kubernetes/sdc/components/sdc-wfd-fe/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/sdc/components/sdc-wfd-fe/Chart.yaml b/kubernetes/sdc/components/sdc-wfd-fe/Chart.yaml new file mode 100644 index 0000000000..d5ef0a4db7 --- /dev/null +++ b/kubernetes/sdc/components/sdc-wfd-fe/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP Service Design and Creation Workflow Designer frontend +name: sdc-wfd-fe +version: 6.0.0
\ No newline at end of file diff --git a/kubernetes/sdc/components/sdc-wfd-fe/requirements.yaml b/kubernetes/sdc/components/sdc-wfd-fe/requirements.yaml new file mode 100644 index 0000000000..b1d52ae32a --- /dev/null +++ b/kubernetes/sdc/components/sdc-wfd-fe/requirements.yaml @@ -0,0 +1,23 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright © 2020 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: certInitializer + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/sdc/components/sdc-wfd-fe/templates/NOTES.txt b/kubernetes/sdc/components/sdc-wfd-fe/templates/NOTES.txt new file mode 100644 index 0000000000..a3c79b12a4 --- /dev/null +++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/NOTES.txt @@ -0,0 +1,33 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.externalPort }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} +{{- end }} diff --git a/kubernetes/sdc/components/sdc-wfd-fe/templates/_helper.tpl b/kubernetes/sdc/components/sdc-wfd-fe/templates/_helper.tpl new file mode 100644 index 0000000000..546bab7ddf --- /dev/null +++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/_helper.tpl @@ -0,0 +1 @@ +{{- define "wfd-fe.internalPort" }}{{ if .Values.config.isHttpsEnabled }}{{ .Values.service.internalPort2 }}{{ else }}{{ .Values.service.internalPort }}{{ end }}{{- end }} diff --git a/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml new file mode 100644 index 0000000000..ad10480a3f --- /dev/null +++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml @@ -0,0 +1,165 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + selector: + matchLabels: + app: {{ include "common.name" . }} + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + spec: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} + - name: {{ include "common.name" . }}-readiness + command: + - /app/ready.py + args: + - --container-name + - "sdc-wfd-be" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.global.aafEnabled }} + - name: {{ include "common.fullname" . }}-move-cert + command: + - /bin/sh + args: + - -c + - | + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /sdc-certs/{{ .Values.certInitializer.keystoreFile }} + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /sdc-certs/{{ .Values.certInitializer.truststoreFile }} + cp {{ .Values.certInitializer.credsPath }}/mycreds.prop /sdc-certs/mycreds.prop + image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} + - name: sdc-certs + mountPath: /sdc-certs + {{- end }} + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - "-c" + - | + export $(grep '^c' /sdc-certs/mycreds.prop | xargs -0) + export KEYSTORE_PASS=$cadi_keystore_password_p12 + export TRUSTSTORE_PASS=$cadi_truststore_password + export KEYSTORE_PATH=/etc/{{ .Values.certInitializer.keystoreFile }} + export TRUSTSTORE_PATH=/etc/{{ .Values.certInitializer.truststoreFile }} + ./startup.sh + {{- end }} + ports: + - containerPort: {{ template "wfd-fe.internalPort" . }} + {{ if .Values.liveness.enabled }} + livenessProbe: + tcpSocket: + port: {{ template "wfd-fe.internalPort" . }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end }} + readinessProbe: + tcpSocket: + port: {{ template "wfd-fe.internalPort" . }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + env: + - name: ENVNAME + value: {{ .Values.env.name }} + - name: JAVA_OPTIONS + value: {{ .Values.config.javaOptions }} + - name: BACKEND + value: {{ .Values.config.backendServerURL }} + - name: IS_HTTPS + value: "{{ .Values.config.isHttpsEnabled}}" + {{ if and .Values.config.isHttpsEnabled (eq .Values.security.isDefaultStore false) }} + - name: TRUST_ALL + value: "{{ .Values.config.isTrustAll}}" + {{ end }} + volumeMounts: + - name: {{ include "common.fullname" . }}-localtime + mountPath: /etc/localtime + readOnly: true + {{- if .Values.global.aafEnabled }} + - name: sdc-certs + mountPath: /sdc-certs + subpath: mycreds.prop + - name: sdc-certs + mountPath: /var/lib/jetty/etc/{{ .Values.certInitializer.keystoreFile }} + subPath: {{ .Values.certInitializer.keystoreFile }} + - name: sdc-certs + mountPath: /var/lib/jetty/etc/{{ .Values.certInitializer.truststoreFile }} + subPath: {{ .Values.certInitializer.truststoreFile }} + {{ end }} + resources: +{{ include "common.resources" . | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + # side car containers + - name: {{ include "common.name" . }}-filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ include "common.fullname" . }}-filebeat-conf + mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap + - name: {{ include "common.fullname" . }}-data-filebeat + mountPath: /usr/share/filebeat/data + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} + - name: {{ include "common.fullname" . }}-localtime + hostPath: + path: /etc/localtime + {{- if .Values.global.aafEnabled }} + - name: sdc-certs + emptyDir: + medium: "Memory" + {{- end }} + - name: {{ include "common.fullname" . }}-filebeat-conf + configMap: + name: {{ include "common.release" . }}-sdc-filebeat-configmap + - name: {{ include "common.fullname" . }}-data-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/components/sdc-wfd-fe/templates/ingress.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/ingress.yaml new file mode 100644 index 0000000000..8f87c68f1e --- /dev/null +++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/ingress.yaml @@ -0,0 +1 @@ +{{ include "common.ingress" . }} diff --git a/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml new file mode 100644 index 0000000000..96e1c0aee4 --- /dev/null +++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml @@ -0,0 +1,50 @@ +# Copyright © 2018 ZTE +# Modifications Copyright © 2018 AT&T, Amdocs, Bell Canada +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} + annotations: + msb.onap.org/service-info: '[ + { + "serviceName": "wf-gui", + "version": "v1", + "url": "/", + "protocol": "UI", + "port": "{{ .Values.service.internalPort2 }}", + "visualRange":"0|1" + } + ]' +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ template "wfd-fe.internalPort" . }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ if .Values.config.isHttpsEnabled }}{{ .Values.service.externalPort2 }}{{ else }}{{ .Values.service.externalPort }}{{ end }} + targetPort: {{ template "wfd-fe.internalPort" . }} + name: {{ .Values.service.portName }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} diff --git a/kubernetes/sdc/components/sdc-wfd-fe/values.yaml b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml new file mode 100644 index 0000000000..7bb1b24ad6 --- /dev/null +++ b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml @@ -0,0 +1,134 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + nodePortPrefixExt: 304 + readinessImage: onap/oom/readiness:3.0.1 + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + aafEnabled: true + +################################################################# +# AAF Part +################################################################# +certInitializer: + nameOverride: sdc-wfd-fe-cert-init + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: sdc + fqi: sdc@sdc.onap.org + public_fqdn: sdc.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + addconfig: true + keystoreFile: "org.onap.sdc.p12" + truststoreFile: "org.onap.sdc.trust.jks" + permission_user: 352070 + permission_group: 35953 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/workflow-frontend:1.6.4 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +config: + javaOptions: "-Xmx256m -Xms256m" + backendServerURL: "https://sdc-wfd-be:8443" + isHttpsEnabled: true + # following flag decides whether to check the certificate on the outgoing proxy request or whether to trust all parties + isTrustAll: true +# https relevant settings. Change in case you have other trust files then default ones. + +#environment file +env: + name: AUTO + +security: + isDefaultStore: false + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 60 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 60 + periodSeconds: 10 + +service: + type: NodePort + internalPort: 8080 + externalPort: 8080 + internalPort2: 8443 + externalPort2: 8443 + portName: sdc-wfd-fe + nodePort: "56" # only one node port. set to http or https port depending on isHttpsEnabled property + +ingress: + enabled: false + service: + - baseaddr: "sdcwfdfe" + name: "sdc-wfd-fe" + port: 8443 + annotations: + ingress.kubernetes.io/secure-backends: "false" + nginx.ingress.kubernetes.io/secure-backends: "false" + nginx.ingress.kubernetes.io/proxy-body-size: "0" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + nginx.ingress.kubernetes.io/rewrite-target: "/workflows/" + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # + # Example: + # Configure resource requests and limits + # ref: http://kubernetes.io/docs/user-guide/compute-resources/ + # Minimum memory for development is 2 CPU cores and 4GB memory + # Minimum memory for production is 4 CPU cores and 8GB memory +#resources: +# limits: +# cpu: 2 +# memory: 4Gi +# requests: +# cpu: 2 +# memory: 4Gi |