summaryrefslogtreecommitdiffstats
path: root/kubernetes
diff options
context:
space:
mode:
authorMichael Hwang <mhwang@research.att.com>2019-07-19 09:52:24 -0400
committerMichael Hwang <mhwang@research.att.com>2019-07-22 21:02:31 +0000
commit5d1eaf5a34ee222388e3b9a187b3552904708ff6 (patch)
treec212626e6ae70d79441a763e5862b955d287beb1 /kubernetes
parent25d245fc8a18f34fa64fca0086acdf19fbc50e0e (diff)
Update inventory and sch charts
* Switch inventory to serve over https * Have SCH use https when making calls to inventory Issue-ID: DCAEGEN2-913 Issue-ID: DCAEGEN2-1597 Signed-off-by: Michael Hwang <mhwang@research.att.com> Change-Id: Id2dc3b2d6f58d1cbfa56f7eeb32e9b3ddba8b16d
Diffstat (limited to 'kubernetes')
-rw-r--r--kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/resources/config/config.json11
-rw-r--r--kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/templates/deployment.yaml18
-rw-r--r--kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/values.yaml5
-rw-r--r--kubernetes/dcaegen2/charts/dcae-servicechange-handler/resources/config/config.json2
-rw-r--r--kubernetes/dcaegen2/charts/dcae-servicechange-handler/templates/deployment.yaml28
-rw-r--r--kubernetes/dcaegen2/charts/dcae-servicechange-handler/values.yaml4
6 files changed, 58 insertions, 10 deletions
diff --git a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/resources/config/config.json b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/resources/config/config.json
index a8329f674b..c8c7dd79f1 100644
--- a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/resources/config/config.json
+++ b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/resources/config/config.json
@@ -30,5 +30,14 @@
"gzipEnabledForRequests": false,
"timeout": "5000milliseconds",
"connectionTimeout": "5000milliseconds"
+ },
+ "server": {
+ "applicationConnectors": [{
+ "type": "https",
+ "port": 8080,
+ "keyStorePath": "/opt/cert/cert.jks",
+ "keyStorePassword": "hD:!w:CxF]lGvM6Mz9l^j[7U",
+ "keyStoreType": "JKS"
+ }]
}
- } \ No newline at end of file
+ }
diff --git a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/templates/deployment.yaml b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/templates/deployment.yaml
index e3e4aaf5cd..28eeae23a1 100644
--- a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/templates/deployment.yaml
@@ -50,6 +50,19 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ - name: init-tls
+ env:
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: status.podIP
+ image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ resources: {}
+ volumeMounts:
+ - mountPath: /opt/tls/shared
+ name: tls-info
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -79,12 +92,15 @@ spec:
httpGet:
path: {{ .Values.readiness.path }}
port: {{ .Values.service.internalPort }}
+ scheme: {{ .Values.readiness.scheme }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
- name: {{ include "common.fullname" . }}-inv-config
mountPath: /opt/config.json
subPath: config.json
+ - mountPath: /opt/cert/
+ name: tls-info
env:
- name: CONSUL_HOST
value: consul.{{ include "common.namespace" . }}
@@ -92,5 +108,7 @@ spec:
- name: {{ include "common.fullname" . }}-inv-config
configMap:
name: {{ include "common.fullname" . }}-configmap
+ - emptyDir: {}
+ name: tls-info
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/values.yaml b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/values.yaml
index f12040210b..8e4430c37e 100644
--- a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/values.yaml
+++ b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/values.yaml
@@ -24,6 +24,8 @@ global:
readinessImage: readiness-check:2.0.0
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ tlsRepository: nexus3.onap.org:10001
+ tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3
repositoryCred:
user: docker
password: docker
@@ -42,7 +44,7 @@ config:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.inventory-api:3.2.0
+image: onap/org.onap.dcaegen2.platform.inventory-api:3.4.0
pullPolicy: Always
@@ -59,6 +61,7 @@ readiness:
initialDelaySeconds: 30
periodSeconds: 30
path: /dcae-service-types
+ scheme: HTTPS
service:
type: ClusterIP
diff --git a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/resources/config/config.json b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/resources/config/config.json
index 7ddc800817..4578d4c4ee 100644
--- a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/resources/config/config.json
+++ b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/resources/config/config.json
@@ -17,6 +17,6 @@
"isFilterInEmptyResources": false
},
"dcaeInventoryClient": {
- "uri": "http://inventory:8080"
+ "uri": "https://inventory:8080"
}
}
diff --git a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/templates/deployment.yaml b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/templates/deployment.yaml
index 44ebc42412..d948d3425b 100644
--- a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/templates/deployment.yaml
@@ -54,16 +54,23 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ - name: init-tls
+ env:
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: status.podIP
+ image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ resources: {}
+ volumeMounts:
+ - mountPath: /opt/tls/shared
+ name: tls-info
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["java"]
- args:
- - "-jar"
- - "/opt/servicechange-handler.jar"
- - "prod"
- - "/opt/config.json"
resources:
{{ include "common.resources" . | indent 12 }}
# disable liveness probe when breakpoints set in debugger
@@ -84,12 +91,21 @@ spec:
- name: {{ include "common.fullname" . }}-sch-config
mountPath: /opt/config.json
subPath: config.json
+ # NOTE: This is tied to the PATH_TO_CACERT env variable
+ - mountPath: /opt/cert/
+ name: tls-info
env:
- name: CONSUL_HOST
value: consul.{{ include "common.namespace" . }}
+ - name: PATH_TO_CACERT
+ value: "/opt/cert/cacert.pem"
+ - name: SCH_ARGS
+ value: "prod /opt/config.json"
volumes:
- name: {{ include "common.fullname" . }}-sch-config
configMap:
name: {{ include "common.fullname" . }}-configmap
+ - emptyDir: {}
+ name: tls-info
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/values.yaml b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/values.yaml
index 6e03f52713..5297e22b7a 100644
--- a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/values.yaml
+++ b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/values.yaml
@@ -24,6 +24,8 @@ global:
readinessImage: readiness-check:2.0.0
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ tlsRepository: nexus3.onap.org:10001
+ tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3
repositoryCred:
user: docker
password: docker
@@ -40,7 +42,7 @@ config:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.servicechange-handler:1.2.0
+image: onap/org.onap.dcaegen2.platform.servicechange-handler:1.3.0
pullPolicy: Always