diff options
author | Jack Lucas <jflos@sonoris.net> | 2022-01-31 14:59:24 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2022-01-31 14:59:24 +0000 |
commit | 0eec968ce240c0f029de5c3d3f8b3e8037ee74ce (patch) | |
tree | 44ed2213ea1877c2da51b2698ff9a00d5cc78147 /kubernetes/sdc | |
parent | 85a13b2a91f3ba076a8ce28d9d7877354c6c0439 (diff) | |
parent | 2b764d035310d91744b4c22ace83593b9a561116 (diff) |
Merge "[SDC] Service Mesh Compliance for SDC"
Diffstat (limited to 'kubernetes/sdc')
26 files changed, 195 insertions, 141 deletions
diff --git a/kubernetes/sdc/components/sdc-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml index 5a5fcd6f75..24f169a5b9 100644 --- a/kubernetes/sdc/components/sdc-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml @@ -98,9 +98,9 @@ spec: cpu: 3m memory: 20Mi volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - - name: {{ include "common.fullname" . }}-environments + - name: sdc-environments-input mountPath: /config-input/ - - name: sdc-environments-output + - name: sdc-environments mountPath: /config-output/ {{- end }} containers: @@ -160,20 +160,22 @@ spec: fieldRef: fieldPath: status.podIP volumeMounts: - - name: sdc-environments-output + - name: sdc-environments mountPath: /app/jetty/chef-solo/environments/ - - name: sdc-environments-output + {{- if .Values.global.aafEnabled }} + - name: sdc-environments mountPath: /app/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.p12 subPath: org.onap.sdc.p12 - - name: sdc-environments-output + - name: sdc-environments mountPath: /app/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.trust.jks subPath: org.onap.sdc.trust.jks - - name: {{ include "common.fullname" . }}-localtime + {{- end }} + - name: localtime mountPath: /etc/localtime readOnly: true - name: logs mountPath: /var/log/onap - - name: {{ include "common.fullname" . }}-logback + - name: logback mountPath: /tmp/logback.xml subPath: logback.xml lifecycle: @@ -184,19 +186,21 @@ spec: {{ include "common.log.sidecar" . | nindent 8 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - - name: {{ include "common.fullname" . }}-localtime + - name: localtime hostPath: path: /etc/localtime {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - - name: {{ include "common.fullname" . }}-logback + - name: logback configMap: name : {{ include "common.fullname" . }}-logging-configmap - - name: {{ include "common.fullname" . }}-environments + - name: sdc-environments + {{- if .Values.global.aafEnabled }} + emptyDir: { medium: "Memory" } + - name: sdc-environments-input + {{- end }} configMap: name: {{ include "common.release" . }}-sdc-environments-configmap defaultMode: 0755 - - name: sdc-environments-output - emptyDir: { medium: "Memory" } - name: logs emptyDir: {} imagePullSecrets: diff --git a/kubernetes/sdc/components/sdc-be/templates/job.yaml b/kubernetes/sdc/components/sdc-be/templates/job.yaml index aaf8fada28..5f70991e6f 100644 --- a/kubernetes/sdc/components/sdc-be/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/job.yaml @@ -79,6 +79,7 @@ spec: requests: cpu: 200m memory: 200Mi + {{ include "common.waitForJobContainer" . | indent 6 | trim }} volumes: - name: {{ include "common.fullname" . }}-environments configMap: diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml index 7b11692d4b..0ae39bf436 100644 --- a/kubernetes/sdc/components/sdc-be/values.yaml +++ b/kubernetes/sdc/components/sdc-be/values.yaml @@ -85,7 +85,7 @@ affinity: {} liveness: initialDelaySeconds: 1 periodSeconds: 10 - timeoutSeconds: 5 + timeoutSeconds: 180 successThreshold: 1 failureThreshold: 3 # necessary to disable liveness probe when setting breakpoints @@ -95,14 +95,14 @@ liveness: readiness: initialDelaySeconds: 1 periodSeconds: 10 - timeoutSeconds: 5 + timeoutSeconds: 180 successThreshold: 1 failureThreshold: 3 startup: initialDelaySeconds: 10 periodSeconds: 10 - timeoutSeconds: 5 + timeoutSeconds: 180 successThreshold: 1 failureThreshold: 60 @@ -126,7 +126,7 @@ service: visualRange: "1" serviceName: sdc-deprecated ports: - - name: api + - name: tcp-api port: 8443 plain_port: 8080 port_protocol: http @@ -168,6 +168,10 @@ serviceAccount: roles: - read +wait_for_job_container: + containers: + - '{{ include "common.name" . }}-job' + #Log configuration log: path: /var/log/onap diff --git a/kubernetes/sdc/components/sdc-cs/templates/job.yaml b/kubernetes/sdc/components/sdc-cs/templates/job.yaml index 4a8388ada4..0eeeff52da 100644 --- a/kubernetes/sdc/components/sdc-cs/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-cs/templates/job.yaml @@ -96,6 +96,7 @@ spec: requests: cpu: 200m memory: 300Mi + {{ include "common.waitForJobContainer" . | indent 6 | trim }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: {{ include "common.fullname" . }}-environments diff --git a/kubernetes/sdc/components/sdc-cs/values.yaml b/kubernetes/sdc/components/sdc-cs/values.yaml index 2ac9c7f074..951249cfbd 100644 --- a/kubernetes/sdc/components/sdc-cs/values.yaml +++ b/kubernetes/sdc/components/sdc-cs/values.yaml @@ -122,3 +122,7 @@ serviceAccount: nameOverride: sdc-cs roles: - read + +wait_for_job_container: + containers: + - '{{ include "common.name" . }}-job' diff --git a/kubernetes/sdc/components/sdc-fe/resources/config/plugins/plugins-configuration.yaml b/kubernetes/sdc/components/sdc-fe/resources/config/plugins/plugins-configuration.yaml index 9dc317b2b5..cc91960dbf 100644 --- a/kubernetes/sdc/components/sdc-fe/resources/config/plugins/plugins-configuration.yaml +++ b/kubernetes/sdc/components/sdc-fe/resources/config/plugins/plugins-configuration.yaml @@ -1,6 +1,10 @@ pluginsList: - pluginId: WORKFLOW - pluginDiscoveryUrl: "{{ .Values.config.plugins.workflow_discovery_url }}" + {{- if (include "common.needTLS" .) }} + pluginDiscoveryUrl: "{{ .Values.config.plugins.workflow_discovery_url.https }}" + {{- else }} + pluginDiscoveryUrl: "{{ .Values.config.plugins.workflow_discovery_url.http }}" + {{- end }} pluginSourceUrl: "{{ .Values.config.plugins.workflow_source_url }}" pluginStateUrl: "workflowDesigner" pluginDisplayOptions: @@ -8,4 +12,4 @@ pluginsList: displayName: "WORKFLOW" displayRoles: ["DESIGNER", "TESTER"] -connectionTimeout: 1000
\ No newline at end of file +connectionTimeout: 1000 diff --git a/kubernetes/sdc/components/sdc-fe/templates/configmap.yaml b/kubernetes/sdc/components/sdc-fe/templates/configmap.yaml index 2ac85aead6..948a3fee99 100644 --- a/kubernetes/sdc/components/sdc-fe/templates/configmap.yaml +++ b/kubernetes/sdc/components/sdc-fe/templates/configmap.yaml @@ -39,4 +39,4 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ tpl (.Files.Glob "resources/config/plugins/*").AsConfig . | indent 2 }}
\ No newline at end of file +{{ tpl (.Files.Glob "resources/config/plugins/*").AsConfig . | indent 2 }} diff --git a/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml index 43f9f2c928..599e32e175 100644 --- a/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml @@ -82,9 +82,9 @@ spec: chmod 0755 /config-output/${PFILE} done volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - - name: {{ include "common.fullname" . }}-environments + - name: sdc-environments-input mountPath: /config-input/ - - name: sdc-environments-output + - name: sdc-environments mountPath: /config-output/ resources: limits: @@ -147,23 +147,25 @@ spec: - name: JAVA_OPTIONS value: {{ .Values.config.javaOptions }} volumeMounts: - - name: sdc-environments-output + - name: sdc-environments mountPath: /app/jetty/chef-solo/environments/ - - name: sdc-environments-output + {{- if .Values.global.aafEnabled }} + - name: sdc-environments mountPath: /app/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.p12 subPath: org.onap.sdc.p12 - - name: sdc-environments-output + - name: sdc-environments mountPath: /app/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.trust.jks subPath: org.onap.sdc.trust.jks - - name: {{ include "common.fullname" . }}-localtime + {{- end }} + - name: localtime mountPath: /etc/localtime readOnly: true - name: logs mountPath: /var/log/onap - - name: {{ include "common.fullname" . }}-configs + - name: configs mountPath: /app/jetty/config/catalog-fe/plugins-configuration.yaml subPath: plugins-configuration.yaml - - name: {{ include "common.fullname" . }}-logback + - name: logback mountPath: /tmp/logback.xml subPath: logback.xml lifecycle: @@ -174,23 +176,25 @@ spec: {{ include "common.log.sidecar" . | nindent 8 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - - name: {{ include "common.fullname" . }}-localtime + - name: localtime hostPath: path: /etc/localtime {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 8 }} - - name: {{ include "common.fullname" . }}-configs + - name: configs configMap: name : {{ include "common.fullname" . }}-plugins-configmap defaultMode: 0777 - - name: {{ include "common.fullname" . }}-logback + - name: logback configMap: name : {{ include "common.fullname" . }}-logging-configmap - - name: {{ include "common.fullname" . }}-environments + - name: sdc-environments + {{- if .Values.global.aafEnabled }} + emptyDir: { medium: "Memory" } + - name: sdc-environments-input + {{- end }} configMap: name: {{ include "common.release" . }}-sdc-environments-configmap defaultMode: 0755 - - name: sdc-environments-output - emptyDir: { medium: "Memory" } - name: logs emptyDir: {} imagePullSecrets: diff --git a/kubernetes/sdc/components/sdc-fe/templates/service.yaml b/kubernetes/sdc/components/sdc-fe/templates/service.yaml index db8b59c2ce..f899d58971 100644 --- a/kubernetes/sdc/components/sdc-fe/templates/service.yaml +++ b/kubernetes/sdc/components/sdc-fe/templates/service.yaml @@ -39,28 +39,20 @@ metadata: spec: type: {{ .Values.service.type }} ports: - {{ if not .Values.security.disableHttp }} - # setting http port only if enabled - {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{ end }} - {{ end }} - - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort2 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.service.portName }}2 - {{- else -}} - - port: {{ .Values.service.externalPort2 }} + {{ if eq .Values.service.type "NodePort" -}} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + {{ end }} + {{ if (include "common.needTLS" .) }} + - port: {{ .Values.service.internalPort2 }} targetPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.portName }}2 - {{- end}} + name: {{ .Values.service.portName }}s + {{ if eq .Values.service.type "NodePort" -}} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} + {{ end }} + {{ end }} selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} diff --git a/kubernetes/sdc/components/sdc-fe/values.yaml b/kubernetes/sdc/components/sdc-fe/values.yaml index a208226b76..09d9829c59 100644 --- a/kubernetes/sdc/components/sdc-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-fe/values.yaml @@ -53,11 +53,17 @@ pullPolicy: Always config: javaOptions: "-Xmx256m -Xms256m" plugins: - dcae_discovery_url: "https://sdc-dcae-fe:9444/dcaed/#/home" + dcae_discovery_url: + https: "https://sdc-dcae-fe:9444/dcaed/#/home" + http: "http://sdc-dcae-fe:8183/dcaed/#/home" dcae_source_url: "https://sdc.dcae.plugin.simpledemo.onap.org:30264/dcaed/#/home" - dcae_dt_discovery_url: "https://sdc-dcae-dt:9446/dcae/#/dcae/home" + dcae_dt_discovery_url: + https: "https://sdc-dcae-dt:9446/dcae/#/dcae/home" + http: "http://sdc-dcae-dt:8186/dcae/#/dcae/home" dcae_dt_source_url: "https://sdc.dcae.plugin.simpledemo.onap.org:30266/dcae/#/dcae/home" - workflow_discovery_url: "https://sdc-wfd-fe:8443/workflows" + workflow_discovery_url: + https: "https://sdc-wfd-fe:8443/workflows" + http: "http://sdc-wfd-fe:8080/workflows" workflow_source_url: "https://sdc.workflow.plugin.simpledemo.onap.org:30256/workflows/" #environment file @@ -105,7 +111,7 @@ service: #service being defined. type: NodePort name: sdc-fe - portName: sdc-fe + portName: http nodePort: "06" internalPort: 8181 externalPort: 8181 @@ -113,8 +119,6 @@ service: internalPort2: 9443 externalPort2: 9443 - - ingress: enabled: false service: diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml index d6b8a4e026..8180cc79f1 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml @@ -1,6 +1,7 @@ {{/* # Copyright © 2017 Amdocs, AT&T, Bell Canada # Modifications Copyright © 2018 ZTE +# Modifications Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -80,9 +81,9 @@ spec: chmod 0755 /config-output/${PFILE} done volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - - name: {{ include "common.fullname" . }}-environments + - name: sdc-environments-input mountPath: /config-input/ - - name: sdc-environments-output + - name: sdc-environments mountPath: /config-output/ resources: limits: @@ -104,7 +105,7 @@ spec: securityContext: runAsUser: 0 volumeMounts: - - name: {{ include "common.fullname" . }}-cert-storage + - name: cert-storage mountPath: "/onboard/cert" resources: limits: @@ -172,22 +173,24 @@ spec: - name: SDC_CERT_DIR value: {{ .Values.cert.certDir }} volumeMounts: - - name: sdc-environments-output + - name: sdc-environments mountPath: /app/jetty/chef-solo/environments/ - - name: sdc-environments-output + {{- if .Values.global.aafEnabled }} + - name: sdc-environments mountPath: /app/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.p12 subPath: org.onap.sdc.p12 - - name: sdc-environments-output + - name: sdc-environments mountPath: /app/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.trust.jks subPath: org.onap.sdc.trust.jks - - name: {{ include "common.fullname" . }}-localtime + {{- end }} + - name: localtime mountPath: /etc/localtime readOnly: true - name: logs mountPath: /var/log/onap - - name: {{ include "common.fullname" . }}-cert-storage + - name: cert-storage mountPath: "{{ .Values.cert.certDir }}" - - name: {{ include "common.fullname" . }}-logback + - name: logback mountPath: /tmp/logback.xml subPath: logback.xml lifecycle: @@ -198,22 +201,25 @@ spec: {{ include "common.log.sidecar" . | nindent 8 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - - name: {{ include "common.fullname" . }}-localtime + - name: localtime hostPath: path: /etc/localtime + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - - name: {{ include "common.fullname" . }}-logback + - name: logback configMap: name : {{ include "common.fullname" . }}-logging-configmap - - name: {{ include "common.fullname" . }}-environments + - name: sdc-environments + {{- if .Values.global.aafEnabled }} + emptyDir: { medium: "Memory" } + - name: sdc-environments-input + {{- end }} configMap: name: {{ include "common.release" . }}-sdc-environments-configmap defaultMode: 0755 - - name: sdc-environments-output - emptyDir: { medium: "Memory" } - name: logs emptyDir: {} - - name: {{ include "common.fullname" . }}-cert-storage + - name: cert-storage persistentVolumeClaim: claimName: {{ include "common.fullname" . }}-cert imagePullSecrets: diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml index d92b42a09c..bfc1ef8e7b 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml @@ -62,6 +62,13 @@ spec: - name: {{ include "common.name" . }}-job image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.onboardingInitImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if include "common.onServiceMesh" . }} + args: + - echo "waiting 10s for istio side cars to be up"; sleep 10s; /home/sdc/startup.sh + command: + - /bin/sh + - -c + {{- end }} volumeMounts: - name: {{ include "common.fullname" . }}-environments mountPath: /home/sdc/chef-solo/environments/ @@ -90,6 +97,7 @@ spec: requests: cpu: 200m memory: 200Mi + {{ include "common.waitForJobContainer" . | indent 6 | trim }} volumes: - name: {{ include "common.fullname" . }}-environments configMap: diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/service.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/service.yaml index 2ee87eeb33..ece5a439a3 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/templates/service.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/service.yaml @@ -31,18 +31,18 @@ spec: {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.externalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName | default "http" }} + name: {{ .Values.service.portName | default "http" }}s - port: {{ .Values.service.externalPort2 }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.service.portName | default "http" }}2 + name: {{ .Values.service.portName | default "http" }}} {{- else -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName | default "http" }} + name: {{ .Values.service.portName | default "http" }}s - port: {{ .Values.service.externalPort2 }} targetPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.portName | default "http" }}2 + name: {{ .Values.service.portName | default "http" }} {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml index 3ed98fef3f..f96d59b71a 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml @@ -109,9 +109,10 @@ startup: service: type: ClusterIP name: sdc-onboarding-be - portName: sdc-onboarding-be + portName: http internalPort: 8445 externalPort: 8445 + internalPort2: 8081 externalPort2: 8081 @@ -182,6 +183,10 @@ serviceAccount: roles: - read +wait_for_job_container: + containers: + - '{{ include "common.name" . }}-job' + #Log configuration log: path: /var/log/onap diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/_helper.tpl b/kubernetes/sdc/components/sdc-wfd-be/templates/_helper.tpl deleted file mode 100644 index 298a2cd673..0000000000 --- a/kubernetes/sdc/components/sdc-wfd-be/templates/_helper.tpl +++ /dev/null @@ -1 +0,0 @@ -{{- define "wfd-be.internalPort" }}{{ if .Values.config.serverSSLEnabled }}{{ .Values.service.internalPort2 }}{{ else }}{{ .Values.service.internalPort }}{{ end }}{{- end }} diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml index 1cfcad4f56..a187e19a75 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml @@ -79,13 +79,13 @@ spec: ./startup.sh {{- end }} ports: - - containerPort: {{ template "wfd-be.internalPort" . }} + - containerPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{ if .Values.liveness.enabled }} livenessProbe: tcpSocket: - port: {{ template "wfd-be.internalPort" . }} + port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} successThreshold: {{ .Values.liveness.successThreshold }} @@ -93,14 +93,14 @@ spec: {{ end }} readinessProbe: tcpSocket: - port: {{ template "wfd-be.internalPort" . }} + port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} successThreshold: {{ .Values.readiness.successThreshold }} failureThreshold: {{ .Values.readiness.failureThreshold }} startupProbe: tcpSocket: - port: {{ template "wfd-be.internalPort" . }} + port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }} periodSeconds: {{ .Values.startup.periodSeconds }} successThreshold: {{ .Values.startup.successThreshold }} @@ -128,20 +128,25 @@ spec: valueFrom: secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: cs_truststore_password} - name: SDC_PROTOCOL - value: "{{ .Values.config.sdcProtocol }}" + value: "{{ (eq "true" (include "common.needTLS" .)) | ternary "HTTPS" "HTTP" }}" - name: SDC_ENDPOINT - value: "{{ .Values.config.sdcEndpoint }}" + value: "{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.sdcEndpoint.https .Values.config.sdcEndpoint.http }}" - name: SDC_USER value: "{{ .Values.config.sdcExternalUser }}" - name: SDC_PASSWORD valueFrom: secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: wf_external_user_password} + {{- if (include "common.needTLS" .) }} - name: SERVER_SSL_ENABLED - value: "{{ .Values.config.serverSSLEnabled }}" + value: "true" - name: SERVER_SSL_KEYSTORE_TYPE value: "{{ .Values.config.serverSSLKeyStoreType }}" - name: SERVER_SSL_TRUSTSTORE_TYPE value: "{{ .Values.config.serverSSLTrustStoreType }}" + {{- else }} + - name: SERVER_SSL_ENABLED + value: "false" + {{- end }} volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} resources: {{ include "common.resources" . | nindent 12 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml index 8f87c68f1e..171442dfdc 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml @@ -1 +1 @@ -{{ include "common.ingress" . }} +{{include "common.ingress" .}} diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml index da3df9062f..2e5826d229 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml @@ -60,23 +60,31 @@ spec: cpu: 3m memory: 20Mi containers: - - name: {{ include "common.name" . }}-job - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.configInitImage }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: + - name: {{ include "common.name" . }}-job + image: + {{ include "repositoryGenerator.repository" . }}/{{ .Values.configInitImage }} + imagePullPolicy: + {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if include "common.onServiceMesh" . }} + args: + - echo "waiting 10s for istio side cars to be up"; sleep 10s; /start.sh + command: + - /bin/sh + - -c + {{- end }} + env: - name: CS_HOST value: "{{ .Values.global.sdc_cassandra.serviceName }}" - name: CS_PORT - value: "{{ .Values.config.cassandraClientPort }}" + value: {{ .Values.config.cassandraClientPort | quote }} - name: CS_AUTHENTICATE - value: "{{ .Values.config.cassandraAuthenticationEnabled }}" + value: {{ .Values.config.cassandraAuthenticationEnabled | quote }} - name: CS_USER - valueFrom: - secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_user} + valueFrom: {secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_user}} - name: CS_PASSWORD - valueFrom: - secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_password} - resources: {{ include "common.resources" . | nindent 12 }} + valueFrom: {secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_password}} + resources: {{ include "common.resources" . | nindent 12 }} + {{ include "common.waitForJobContainer" . | indent 6 | trim }} imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" + - name: "{{ include "common.namespace" . }}-docker-registry-key" {{ end }} diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml index 2af5e2ba26..2f4129b03f 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml @@ -30,13 +30,13 @@ spec: type: {{ .Values.service.type }} ports: {{if eq .Values.service.type "NodePort" -}} - - port: {{ template "wfd-be.internalPort" . }} + - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} {{- else -}} - - port: {{ if .Values.config.serverSslEnabled }}{{ .Values.service.externalPort2 }}{{ else }}{{ .Values.service.externalPort }}{{ end }} - targetPort: {{ template "wfd-be.internalPort" . }} - name: {{ .Values.service.portName }} + - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.externalPort2 .Values.service.externalPort }} + targetPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/sdc/components/sdc-wfd-be/values.yaml b/kubernetes/sdc/components/sdc-wfd-be/values.yaml index d5e4eaaebb..6b18f47d66 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/values.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/values.yaml @@ -20,13 +20,14 @@ global: nodePortPrefix: 302 aafEnabled: true sdc_cassandra: - #This flag allows SDC to instantiate its own cluster, serviceName - #should be sdc-cs if this flag is enabled + # This flag allows SDC to instantiate its own cluster, serviceName + # should be sdc-cs if this flag is enabled localCluster: false - #The cassandra service name to connect to (default: shared cassandra service) + # The cassandra service name to connect to + # (default: shared cassandra service) serviceName: cassandra - #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled - #to match with its own cluster replica + # Shared cassandra cluster replicaCount, should be changed if + # localCluster is enabled to match with its own cluster replica replicaCount: 3 clusterName: cassandra dataCenter: Pod @@ -69,10 +70,10 @@ config: javaOptions: "-Xmx1536m -Xms1536m" cassandraAuthenticationEnabled: true cassandraClientPort: 9042 - sdcProtocol: HTTPS - sdcEndpoint: sdc-be:8443 + sdcEndpoint: + https: sdc-be:8443 + http: sdc-be:8080 sdcExternalUser: workflow - serverSSLEnabled: true serverSSLKeyStoreType: jks serverSSLTrustStoreType: jks cassandraSSLEnabled: false @@ -90,16 +91,16 @@ nodeSelector: {} affinity: {} # probe configuration parameters -liveness: - initialDelaySeconds: 60 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true +#liveness: +# initialDelaySeconds: 60 +# periodSeconds: 10 +# # necessary to disable liveness probe when setting breakpoints +# # in debugger so K8s doesn't restart unresponsive container +# enabled: true -readiness: - initialDelaySeconds: 60 - periodSeconds: 10 +#readiness: +# initialDelaySeconds: 60 +# periodSeconds: 10 # probe configuration parameters liveness: @@ -125,7 +126,7 @@ startup: service: type: NodePort - portName: sdc-wfd-be + portName: http internalPort: 8080 externalPort: 8080 internalPort2: 8443 @@ -166,3 +167,7 @@ serviceAccount: nameOverride: sdc-wfd-be roles: - read + +wait_for_job_container: + containers: + - '{{ include "common.name" . }}-job' diff --git a/kubernetes/sdc/components/sdc-wfd-fe/templates/_helper.tpl b/kubernetes/sdc/components/sdc-wfd-fe/templates/_helper.tpl deleted file mode 100644 index 546bab7ddf..0000000000 --- a/kubernetes/sdc/components/sdc-wfd-fe/templates/_helper.tpl +++ /dev/null @@ -1 +0,0 @@ -{{- define "wfd-fe.internalPort" }}{{ if .Values.config.isHttpsEnabled }}{{ .Values.service.internalPort2 }}{{ else }}{{ .Values.service.internalPort }}{{ end }}{{- end }} diff --git a/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml index b703e6656c..d57309004d 100644 --- a/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml @@ -98,11 +98,11 @@ spec: ./startup.sh {{- end }} ports: - - containerPort: {{ template "wfd-fe.internalPort" . }} + - containerPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} {{ if .Values.liveness.enabled }} livenessProbe: tcpSocket: - port: {{ template "wfd-fe.internalPort" . }} + port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} successThreshold: {{ .Values.liveness.successThreshold }} @@ -110,14 +110,14 @@ spec: {{ end }} readinessProbe: tcpSocket: - port: {{ template "wfd-fe.internalPort" . }} + port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} successThreshold: {{ .Values.readiness.successThreshold }} failureThreshold: {{ .Values.readiness.failureThreshold }} startupProbe: tcpSocket: - port: {{ template "wfd-fe.internalPort" . }} + port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }} periodSeconds: {{ .Values.startup.periodSeconds }} successThreshold: {{ .Values.startup.successThreshold }} @@ -128,13 +128,13 @@ spec: - name: JAVA_OPTIONS value: {{ .Values.config.javaOptions }} - name: BACKEND - value: {{ .Values.config.backendServerURL }} + value: "{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.backendServerURL.https .Values.config.backendServerURL.http }}" - name: IS_HTTPS - value: "{{ .Values.config.isHttpsEnabled}}" - {{ if and .Values.config.isHttpsEnabled (eq .Values.security.isDefaultStore false) }} + value: "{{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}" + {{- if and (include "common.needTLS" .) (eq .Values.security.isDefaultStore false) }} - name: TRUST_ALL value: "{{ .Values.config.isTrustAll}}" - {{ end }} + {{- end }} volumeMounts: - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime diff --git a/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml index bc838ac22f..08feb5a6ed 100644 --- a/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml @@ -31,7 +31,7 @@ metadata: "version": "v1", "url": "/", "protocol": "UI", - "port": "{{ .Values.service.internalPort2 }}", + "port": "{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}", "visualRange":"0|1" } ]' @@ -39,13 +39,13 @@ spec: type: {{ .Values.service.type }} ports: {{if eq .Values.service.type "NodePort" -}} - - port: {{ template "wfd-fe.internalPort" . }} + - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} {{- else -}} - - port: {{ if .Values.config.isHttpsEnabled }}{{ .Values.service.externalPort2 }}{{ else }}{{ .Values.service.externalPort }}{{ end }} - targetPort: {{ template "wfd-fe.internalPort" . }} - name: {{ .Values.service.portName }} + - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.externalPort2 .Values.service.externalPort }} + targetPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/sdc/components/sdc-wfd-fe/values.yaml b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml index b3e3b39a41..c7e680a745 100644 --- a/kubernetes/sdc/components/sdc-wfd-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml @@ -55,8 +55,9 @@ debugEnabled: false config: javaOptions: "-Xmx256m -Xms256m" - backendServerURL: "https://sdc-wfd-be:8443" - isHttpsEnabled: true + backendServerURL: + https: "https://sdc-wfd-be:8443" + http: "http://sdc-wfd-be:8080" # following flag decides whether to check the certificate on the outgoing proxy request or whether to trust all parties isTrustAll: true # https relevant settings. Change in case you have other trust files then default ones. diff --git a/kubernetes/sdc/resources/config/environments/AUTO.json b/kubernetes/sdc/resources/config/environments/AUTO.json index 3b03205ffc..c9535592d8 100755 --- a/kubernetes/sdc/resources/config/environments/AUTO.json +++ b/kubernetes/sdc/resources/config/environments/AUTO.json @@ -8,7 +8,7 @@ "chef_type": "environment", "default_attributes": { - "disableHttp": {{ .Values.global.security.disableHttp }}, + "disableHttp": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}, "CS_VIP": "{{.Values.global.sdc_cassandra.serviceName}}.{{include "common.namespace" .}}", "BE_VIP": "sdc-be.{{include "common.namespace" .}}", "ONBOARDING_BE_VIP": "sdc-onboarding-be.{{include "common.namespace" .}}", @@ -112,11 +112,13 @@ "username": "user1@sdc.com", "password": "password==" } + {{- if .Values.global.aafEnabled }} }, "jetty": { "keystore_pwd": "${KEYSTORE_PASS}", "truststore_pwd": "${TRUSTSTORE_PASS}", "keymanager_pwd": "${KEYMANAGER_PASS}" + {{- end }} } } } diff --git a/kubernetes/sdc/values.yaml b/kubernetes/sdc/values.yaml index 73e9654328..e7643069bf 100644 --- a/kubernetes/sdc/values.yaml +++ b/kubernetes/sdc/values.yaml @@ -40,8 +40,6 @@ global: writeConsistencyLevel: ALL clusterName: cassandra dataCenter: Pod - security: - disableHttp: true centralizedLoggingEnabled: true sdc-be: |