aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/sdc/components/sdc-wfd-fe
diff options
context:
space:
mode:
authorSylvain Desbureaux <sylvain.desbureaux@orange.com>2020-09-10 07:41:02 +0000
committerGerrit Code Review <gerrit@onap.org>2020-09-10 07:41:02 +0000
commit8c62083d8ac58e74f16409adf775cb1c49063745 (patch)
treea1bb88d71983737ab19eabf88931a313d3811882 /kubernetes/sdc/components/sdc-wfd-fe
parent86a28cdb200f482bc9a2e1f281ec1c51938f6c2c (diff)
parent742a7b29bfb6ffb18ef65b0a45ad08de59e52a6e (diff)
Merge "[SDC] use of certInitializer template"
Diffstat (limited to 'kubernetes/sdc/components/sdc-wfd-fe')
-rw-r--r--kubernetes/sdc/components/sdc-wfd-fe/.helmignore21
-rw-r--r--kubernetes/sdc/components/sdc-wfd-fe/Chart.yaml18
-rw-r--r--kubernetes/sdc/components/sdc-wfd-fe/requirements.yaml23
-rw-r--r--kubernetes/sdc/components/sdc-wfd-fe/templates/NOTES.txt33
-rw-r--r--kubernetes/sdc/components/sdc-wfd-fe/templates/_helper.tpl1
-rw-r--r--kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml165
-rw-r--r--kubernetes/sdc/components/sdc-wfd-fe/templates/ingress.yaml1
-rw-r--r--kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml50
-rw-r--r--kubernetes/sdc/components/sdc-wfd-fe/values.yaml134
9 files changed, 446 insertions, 0 deletions
diff --git a/kubernetes/sdc/components/sdc-wfd-fe/.helmignore b/kubernetes/sdc/components/sdc-wfd-fe/.helmignore
new file mode 100644
index 0000000000..f0c1319444
--- /dev/null
+++ b/kubernetes/sdc/components/sdc-wfd-fe/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/kubernetes/sdc/components/sdc-wfd-fe/Chart.yaml b/kubernetes/sdc/components/sdc-wfd-fe/Chart.yaml
new file mode 100644
index 0000000000..d5ef0a4db7
--- /dev/null
+++ b/kubernetes/sdc/components/sdc-wfd-fe/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2018 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP Service Design and Creation Workflow Designer frontend
+name: sdc-wfd-fe
+version: 6.0.0 \ No newline at end of file
diff --git a/kubernetes/sdc/components/sdc-wfd-fe/requirements.yaml b/kubernetes/sdc/components/sdc-wfd-fe/requirements.yaml
new file mode 100644
index 0000000000..b1d52ae32a
--- /dev/null
+++ b/kubernetes/sdc/components/sdc-wfd-fe/requirements.yaml
@@ -0,0 +1,23 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright © 2020 AT&T. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local' \ No newline at end of file
diff --git a/kubernetes/sdc/components/sdc-wfd-fe/templates/NOTES.txt b/kubernetes/sdc/components/sdc-wfd-fe/templates/NOTES.txt
new file mode 100644
index 0000000000..a3c79b12a4
--- /dev/null
+++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/NOTES.txt
@@ -0,0 +1,33 @@
+# Copyright © 2018 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.hosts }}
+ http://{{ . }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+ export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
+ export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
+ echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+ NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+ You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
+ export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+ echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+ export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+ echo "Visit http://127.0.0.1:8080 to use your application"
+ kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
+{{- end }}
diff --git a/kubernetes/sdc/components/sdc-wfd-fe/templates/_helper.tpl b/kubernetes/sdc/components/sdc-wfd-fe/templates/_helper.tpl
new file mode 100644
index 0000000000..546bab7ddf
--- /dev/null
+++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/_helper.tpl
@@ -0,0 +1 @@
+{{- define "wfd-fe.internalPort" }}{{ if .Values.config.isHttpsEnabled }}{{ .Values.service.internalPort2 }}{{ else }}{{ .Values.service.internalPort }}{{ end }}{{- end }}
diff --git a/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml
new file mode 100644
index 0000000000..ad10480a3f
--- /dev/null
+++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml
@@ -0,0 +1,165 @@
+# Copyright © 2018 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ - name: {{ include "common.name" . }}-readiness
+ command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - "sdc-wfd-be"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if .Values.global.aafEnabled }}
+ - name: {{ include "common.fullname" . }}-move-cert
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - |
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /sdc-certs/{{ .Values.certInitializer.keystoreFile }}
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /sdc-certs/{{ .Values.certInitializer.truststoreFile }}
+ cp {{ .Values.certInitializer.credsPath }}/mycreds.prop /sdc-certs/mycreds.prop
+ image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ - name: sdc-certs
+ mountPath: /sdc-certs
+ {{- end }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - "-c"
+ - |
+ export $(grep '^c' /sdc-certs/mycreds.prop | xargs -0)
+ export KEYSTORE_PASS=$cadi_keystore_password_p12
+ export TRUSTSTORE_PASS=$cadi_truststore_password
+ export KEYSTORE_PATH=/etc/{{ .Values.certInitializer.keystoreFile }}
+ export TRUSTSTORE_PATH=/etc/{{ .Values.certInitializer.truststoreFile }}
+ ./startup.sh
+ {{- end }}
+ ports:
+ - containerPort: {{ template "wfd-fe.internalPort" . }}
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ template "wfd-fe.internalPort" . }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ template "wfd-fe.internalPort" . }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: ENVNAME
+ value: {{ .Values.env.name }}
+ - name: JAVA_OPTIONS
+ value: {{ .Values.config.javaOptions }}
+ - name: BACKEND
+ value: {{ .Values.config.backendServerURL }}
+ - name: IS_HTTPS
+ value: "{{ .Values.config.isHttpsEnabled}}"
+ {{ if and .Values.config.isHttpsEnabled (eq .Values.security.isDefaultStore false) }}
+ - name: TRUST_ALL
+ value: "{{ .Values.config.isTrustAll}}"
+ {{ end }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-localtime
+ mountPath: /etc/localtime
+ readOnly: true
+ {{- if .Values.global.aafEnabled }}
+ - name: sdc-certs
+ mountPath: /sdc-certs
+ subpath: mycreds.prop
+ - name: sdc-certs
+ mountPath: /var/lib/jetty/etc/{{ .Values.certInitializer.keystoreFile }}
+ subPath: {{ .Values.certInitializer.keystoreFile }}
+ - name: sdc-certs
+ mountPath: /var/lib/jetty/etc/{{ .Values.certInitializer.truststoreFile }}
+ subPath: {{ .Values.certInitializer.truststoreFile }}
+ {{ end }}
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ # side car containers
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
+ - name: {{ include "common.fullname" . }}-localtime
+ hostPath:
+ path: /etc/localtime
+ {{- if .Values.global.aafEnabled }}
+ - name: sdc-certs
+ emptyDir:
+ medium: "Memory"
+ {{- end }}
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ include "common.release" . }}-sdc-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/sdc/components/sdc-wfd-fe/templates/ingress.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/ingress.yaml
new file mode 100644
index 0000000000..8f87c68f1e
--- /dev/null
+++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/ingress.yaml
@@ -0,0 +1 @@
+{{ include "common.ingress" . }}
diff --git a/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml
new file mode 100644
index 0000000000..96e1c0aee4
--- /dev/null
+++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml
@@ -0,0 +1,50 @@
+# Copyright © 2018 ZTE
+# Modifications Copyright © 2018 AT&T, Amdocs, Bell Canada
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+ msb.onap.org/service-info: '[
+ {
+ "serviceName": "wf-gui",
+ "version": "v1",
+ "url": "/",
+ "protocol": "UI",
+ "port": "{{ .Values.service.internalPort2 }}",
+ "visualRange":"0|1"
+ }
+ ]'
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ template "wfd-fe.internalPort" . }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ if .Values.config.isHttpsEnabled }}{{ .Values.service.externalPort2 }}{{ else }}{{ .Values.service.externalPort }}{{ end }}
+ targetPort: {{ template "wfd-fe.internalPort" . }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
diff --git a/kubernetes/sdc/components/sdc-wfd-fe/values.yaml b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml
new file mode 100644
index 0000000000..7bb1b24ad6
--- /dev/null
+++ b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml
@@ -0,0 +1,134 @@
+# Copyright © 2018 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ readinessImage: onap/oom/readiness:3.0.1
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+ aafEnabled: true
+
+#################################################################
+# AAF Part
+#################################################################
+certInitializer:
+ nameOverride: sdc-wfd-fe-cert-init
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: sdc
+ fqi: sdc@sdc.onap.org
+ public_fqdn: sdc.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ addconfig: true
+ keystoreFile: "org.onap.sdc.p12"
+ truststoreFile: "org.onap.sdc.trust.jks"
+ permission_user: 352070
+ permission_group: 35953
+ aaf_add_config: >
+ /opt/app/aaf_config/bin/agent.sh local showpass
+ {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/workflow-frontend:1.6.4
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+config:
+ javaOptions: "-Xmx256m -Xms256m"
+ backendServerURL: "https://sdc-wfd-be:8443"
+ isHttpsEnabled: true
+ # following flag decides whether to check the certificate on the outgoing proxy request or whether to trust all parties
+ isTrustAll: true
+# https relevant settings. Change in case you have other trust files then default ones.
+
+#environment file
+env:
+ name: AUTO
+
+security:
+ isDefaultStore: false
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+
+service:
+ type: NodePort
+ internalPort: 8080
+ externalPort: 8080
+ internalPort2: 8443
+ externalPort2: 8443
+ portName: sdc-wfd-fe
+ nodePort: "56" # only one node port. set to http or https port depending on isHttpsEnabled property
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "sdcwfdfe"
+ name: "sdc-wfd-fe"
+ port: 8443
+ annotations:
+ ingress.kubernetes.io/secure-backends: "false"
+ nginx.ingress.kubernetes.io/secure-backends: "false"
+ nginx.ingress.kubernetes.io/proxy-body-size: "0"
+ nginx.ingress.kubernetes.io/ssl-redirect: "true"
+ nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
+ nginx.ingress.kubernetes.io/rewrite-target: "/workflows/"
+
+resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ #
+ # Example:
+ # Configure resource requests and limits
+ # ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ # Minimum memory for development is 2 CPU cores and 4GB memory
+ # Minimum memory for production is 4 CPU cores and 8GB memory
+#resources:
+# limits:
+# cpu: 2
+# memory: 4Gi
+# requests:
+# cpu: 2
+# memory: 4Gi