summaryrefslogtreecommitdiffstats
path: root/kubernetes
diff options
context:
space:
mode:
authorAndreas Geissler <andreas-geissler@telekom.de>2023-03-01 11:23:32 +0100
committerAndreas Geissler <andreas-geissler@telekom.de>2023-03-03 09:44:33 +0100
commit4a5c1bdbe1198a88f96d04c00fee9e2cf2ec1a07 (patch)
treeaf43f4d1f368065321d92452d40796bb4a4fcd92 /kubernetes
parent5a2ba4cbff6acb73d96ae4550dce0252b316ad7c (diff)
[HOLMES] Remove AAF dependency and support SM
Delete AAF and certificate entries and change Holmes interfaces to HTTP Add readiness checks for the postgres-init-job to avoid missing DB user Issue-ID: OOM-3101 Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de> Change-Id: Id15cfdbcd753d404ccae912dcd0d057f647917e7
Diffstat (limited to 'kubernetes')
-rw-r--r--kubernetes/holmes/components/holmes-engine-mgmt/Chart.yaml2
-rw-r--r--kubernetes/holmes/components/holmes-engine-mgmt/resources/config/application.yaml5
-rw-r--r--kubernetes/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml4
-rw-r--r--kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml9
-rw-r--r--kubernetes/holmes/components/holmes-engine-mgmt/values.yaml50
-rw-r--r--kubernetes/holmes/components/holmes-rule-mgmt/Chart.yaml2
-rw-r--r--kubernetes/holmes/components/holmes-rule-mgmt/resources/config/application.yaml5
-rw-r--r--kubernetes/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml4
-rw-r--r--kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml9
-rw-r--r--kubernetes/holmes/components/holmes-rule-mgmt/values.yaml52
10 files changed, 41 insertions, 101 deletions
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/Chart.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/Chart.yaml
index 1aa4726253..5160145d86 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/Chart.yaml
+++ b/kubernetes/holmes/components/holmes-engine-mgmt/Chart.yaml
@@ -27,7 +27,7 @@ dependencies:
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
- - name: certInitializer
+ - name: readinessCheck
version: ~12.x-0
repository: '@local'
- name: serviceAccount
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/application.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/application.yaml
index f818dfd3b0..34c4024059 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/application.yaml
+++ b/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/application.yaml
@@ -2,11 +2,6 @@ server:
port: 9102
servlet:
context-path: /api/holmes-engine-mgmt/v1
- ssl:
- key-store: /opt/onap/conf/holmes.keystore
- key-store-password: holmes
- #PKCS12
- key-store-type: JKS
logging:
config: classpath:logback-spring.xml
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml b/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml
index 9e62ccf2f7..9a16390856 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml
+++ b/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml
@@ -19,10 +19,8 @@ server:
applicationContextPath: /
adminContextPath: /admin
connector:
- type: https
+ type: http
port: 9102
- keyStorePath: /opt/onap/conf/holmes.keystore
- keyStorePassword: holmes
validateCerts: false
validatePeers: false
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml
index dd7bb4552e..9bf6f39f08 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml
+++ b/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml
@@ -33,7 +33,10 @@ spec:
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers: {{- include "common.certInitializer.initContainer" . | nindent 6 }}
+ initContainers:
+ {{- if not .Values.global.postgres.localCluster }}
+ {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
+ {{- end }}
- name: {{ include "common.name" . }}-env-config
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
@@ -64,7 +67,7 @@ spec:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources: {{ include "common.resources" . | nindent 10 }}
ports: {{ include "common.containerPorts" . | nindent 10 }}
- volumeMounts: {{- include "common.certInitializer.volumeMount" . | nindent 8 }}
+ volumeMounts:
- name: {{ include "common.fullname" . }}-env-config
mountPath: /opt/hemconfig
- name: {{ include "common.fullname" . }}-config
@@ -119,7 +122,7 @@ spec:
- name: DB_PORT
value: "{{ .Values.config.pgConfig.dbPort }}"
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+ volumes:
- name: {{ include "common.fullname" . }}-config
configMap:
defaultMode: 422
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml
index ce3035e5da..d2ad0d4771 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml
+++ b/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml
@@ -20,9 +20,11 @@
#################################################################
global:
nodePortPrefixExt: 302
- msbProtocol: https
+ msbProtocol: http
msbServiceName: msb-iag
- msbPort: 443
+ msbPort: 80
+ postgres:
+ localCluster: false
#################################################################
# Application configuration defaults.
@@ -32,39 +34,6 @@ image: onap/holmes/engine-management:11.0.0
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: holmes-engine-mgmt-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: holmes-engine-mgmt
- fqi: holmes-engine-mgmt@holmes-engine-mgmt.onap.org
- fqi_namespace: org.onap.holmes-engine-mgmt
- public_fqdn: holmes-engine-mgmt.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- aaf_add_config: |
- echo "*** changing them into shell safe ones"
- export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- cd {{ .Values.credsPath }}
- keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
- -storepass "${cadi_keystore_password_p12}" \
- -keystore {{ .Values.fqi_namespace }}.p12
- keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \
- -storepass "${cadi_truststore_password}" \
- -keystore {{ .Values.fqi_namespace }}.trust.jks
- echo "*** save the generated passwords"
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
- echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop
- echo "*** change ownership of certificates to targeted user"
- chown -R 1000 .
-
-#################################################################
# Secrets metaconfig
#################################################################
secrets:
@@ -95,7 +64,7 @@ service:
type: ClusterIP
name: holmes-engine-mgmt
ports:
- - name: https-rest
+ - name: http-rest
port: &svc_port 9102
# probe configuration parameters
@@ -103,7 +72,7 @@ liveness:
initialDelaySeconds: 10
periodSeconds: 10
path: /api/holmes-engine-mgmt/v1/healthcheck
- scheme: HTTPS
+ scheme: HTTP
port: *svc_port
enabled: true
@@ -111,7 +80,7 @@ readiness:
initialDelaySeconds: 30
periodSeconds: 30
path: /api/holmes-engine-mgmt/v1/healthcheck
- scheme: HTTPS
+ scheme: HTTP
port: *svc_port
# Segregation for Different environment (Small and Large)
@@ -132,6 +101,11 @@ resources:
memory: 1Gi
unlimited: {}
+readinessCheck:
+ wait_for:
+ jobs:
+ - '{{ include "common.release" . }}-holmes-postgres-init-config-job'
+
#Pods Service Account
serviceAccount:
nameOverride: holmes-engine-mgmt
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/Chart.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/Chart.yaml
index 628f5c6828..09b24908e3 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/Chart.yaml
+++ b/kubernetes/holmes/components/holmes-rule-mgmt/Chart.yaml
@@ -27,7 +27,7 @@ dependencies:
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
- - name: certInitializer
+ - name: readinessCheck
version: ~12.x-0
repository: '@local'
- name: serviceAccount
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/application.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/application.yaml
index 18cf3b4966..2ff0fa6d52 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/application.yaml
+++ b/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/application.yaml
@@ -2,11 +2,6 @@ server:
port: 9101
servlet:
context-path: /api/holmes-rule-mgmt/v1
- ssl:
- key-store: /opt/onap/conf/holmes.keystore
- key-store-password: holmes
- #PKCS12
- key-store-type: JKS
logging:
config: classpath:logback-spring.xml
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml b/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml
index 89269dede8..3b7218855a 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml
+++ b/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml
@@ -13,10 +13,8 @@ server:
applicationContextPath: /
adminContextPath: /admin
connector:
- type: https
+ type: http
port: 9101
- keyStorePath: /opt/onap/conf/holmes.keystore
- keyStorePassword: holmes
validateCerts: false
validatePeers: false
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml
index 21a96568cb..8b0cd8406a 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml
+++ b/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml
@@ -32,7 +32,10 @@ spec:
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers: {{- include "common.certInitializer.initContainer" . | nindent 6 }}
+ initContainers:
+ {{- if not .Values.global.postgres.localCluster }}
+ {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
+ {{- end }}
- name: {{ include "common.name" . }}-env-config
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
@@ -62,7 +65,7 @@ spec:
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports: {{ include "common.containerPorts" . | nindent 8 }}
- volumeMounts: {{- include "common.certInitializer.volumeMount" . | nindent 8 }}
+ volumeMounts:
- name: {{ include "common.fullname" . }}-env-config
mountPath: /opt/hrmconfig
- name: {{ include "common.fullname" . }}-rule-config
@@ -117,7 +120,7 @@ spec:
- name: DB_PORT
value: "{{ .Values.config.pgConfig.dbPort }}"
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+ volumes:
- name: {{ include "common.fullname" . }}-general-config
configMap:
defaultMode: 422
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml
index bd84c249c9..0a2552719f 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml
+++ b/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml
@@ -20,9 +20,11 @@
#################################################################
global:
nodePortPrefixExt: 302
- msbProtocol: https
+ msbProtocol: http
msbServiceName: msb-iag
- msbPort: 443
+ msbPort: 80
+ postgres:
+ localCluster: false
#################################################################
# Application configuration defaults.
@@ -32,39 +34,6 @@ image: onap/holmes/rule-management:11.0.0
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: holmes-rule-mgmt-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: holmes-rule-mgmt
- fqi: holmes-rule-mgmt@holmes-rule-mgmt.onap.org
- fqi_namespace: org.onap.holmes-rule-mgmt
- public_fqdn: holmes-rule-mgmt.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- aaf_add_config: |
- echo "*** changing them into shell safe ones"
- export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- cd {{ .Values.credsPath }}
- keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
- -storepass "${cadi_keystore_password_p12}" \
- -keystore {{ .Values.fqi_namespace }}.p12
- keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \
- -storepass "${cadi_truststore_password}" \
- -keystore {{ .Values.fqi_namespace }}.trust.jks
- echo "*** save the generated passwords"
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
- echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop
- echo "*** change ownership of certificates to targeted user"
- chown -R 1000 .
-
-#################################################################
# Secrets metaconfig
#################################################################
secrets:
@@ -95,10 +64,10 @@ service:
type: NodePort
name: holmes-rule-mgmt
ports:
- - name: https-rest
+ - name: http-rest
port: &svc_port 9101
nodePort: 92
- - name: https-ui
+ - name: http-ui
port: 9104
nodePort: 93
@@ -109,14 +78,14 @@ liveness:
periodSeconds: 10
path: /api/holmes-rule-mgmt/v1/healthcheck
enabled: true
- scheme: HTTPS
+ scheme: HTTP
readiness:
initialDelaySeconds: 30
port: *svc_port
periodSeconds: 30
path: /api/holmes-rule-mgmt/v1/healthcheck
- scheme: HTTPS
+ scheme: HTTP
# Segregation for Different environment (Small and Large)
resources:
@@ -136,6 +105,11 @@ resources:
memory: 512Mi
unlimited: {}
+readinessCheck:
+ wait_for:
+ jobs:
+ - '{{ include "common.release" . }}-holmes-postgres-init-config-job'
+
#Pods Service Account
serviceAccount:
nameOverride: holmes-rule-mgmt