summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--kubernetes/common/dgbuilder/values.yaml2
-rw-r--r--kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml6
-rw-r--r--kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml6
-rw-r--r--kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml6
-rw-r--r--kubernetes/common/etcd-init/templates/job.yaml3
-rw-r--r--kubernetes/common/etcd-init/values.yaml4
-rw-r--r--kubernetes/common/network-name-gen/templates/deployment.yaml12
-rw-r--r--kubernetes/common/network-name-gen/values.yaml10
-rw-r--r--kubernetes/common/postgres-init/templates/job.yaml3
-rw-r--r--kubernetes/common/postgres-init/values.yaml4
-rw-r--r--kubernetes/contrib/components/ejbca/templates/deployment.yaml16
-rw-r--r--kubernetes/contrib/components/ejbca/values.yaml10
-rw-r--r--kubernetes/dcaemod/components/dcaemod-runtime-api/resources/config/base/values.yaml15
-rw-r--r--kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml2
-rw-r--r--kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml10
-rw-r--r--kubernetes/platform/components/oom-cert-service/templates/deployment.yaml10
16 files changed, 93 insertions, 26 deletions
diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml
index f23955db2e..ddad8d7360 100644
--- a/kubernetes/common/dgbuilder/values.yaml
+++ b/kubernetes/common/dgbuilder/values.yaml
@@ -130,7 +130,7 @@ readiness:
service:
type: NodePort
name: dgbuilder
- portName: dgbuilder
+ portName: http
externalPort: 3000
internalPort: 3100
nodePort: 28
diff --git a/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml
index ea805c1813..a7278ba104 100644
--- a/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml
+++ b/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml
@@ -111,6 +111,12 @@ spec:
value: "yes"
- name: ELASTICSEARCH_NODE_TYPE
value: "data"
+ - name: network.bind_host
+ value: 127.0.0.1
+ - name: network.publish_host
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
ports: {{- include "common.containerPorts" . |indent 12 }}
{{- if .Values.livenessProbe.enabled }}
livenessProbe:
diff --git a/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml
index a35b4bf741..85ea2bbc54 100644
--- a/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml
+++ b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml
@@ -115,6 +115,12 @@ spec:
value: {{ .Values.dedicatednode | quote }}
- name: ELASTICSEARCH_NODE_TYPE
value: "master"
+ - name: network.bind_host
+ value: 127.0.0.1
+ - name: network.publish_host
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
ports: {{- include "common.containerPorts" . |indent 12 }}
{{- if .Values.livenessProbe.enabled }}
livenessProbe:
diff --git a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml
index 22de4dbf37..05e09cb696 100644
--- a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml
+++ b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml
@@ -113,6 +113,12 @@ spec:
value: "coordinating"
- name: ELASTICSEARCH_PORT_NUMBER
value: "9000"
+ - name: network.bind_host
+ value: 127.0.0.1
+ - name: network.publish_host
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
{{/*ports: {{- include "common.containerPorts" . | indent 12 -}} */}}
{{- if .Values.livenessProbe.enabled }}
livenessProbe:
diff --git a/kubernetes/common/etcd-init/templates/job.yaml b/kubernetes/common/etcd-init/templates/job.yaml
index 69bcfaaf99..9d7dcc26da 100644
--- a/kubernetes/common/etcd-init/templates/job.yaml
+++ b/kubernetes/common/etcd-init/templates/job.yaml
@@ -55,6 +55,8 @@ spec:
- /bin/sh
- -ec
- |
+ {{- if include "common.onServiceMesh" . }}
+ echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
# Create users
export ETCDCTL_ENDPOINTS=http://${ETCD_HOST}:${ETCD_PORT}
export ETCDCTL_API=3
@@ -89,6 +91,7 @@ spec:
name: localtime
readOnly: true
resources: {{ include "common.resources" . | nindent 12 }}
+ {{ include "common.waitForJobContainer" . | indent 6 | trim }}
{{- if .Values.nodeSelector }}
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
{{- end -}}
diff --git a/kubernetes/common/etcd-init/values.yaml b/kubernetes/common/etcd-init/values.yaml
index c99c9f1e5b..6ccfb3e5d7 100644
--- a/kubernetes/common/etcd-init/values.yaml
+++ b/kubernetes/common/etcd-init/values.yaml
@@ -72,3 +72,7 @@ resources:
cpu: 20m
memory: 20Mi
unlimited: {}
+
+wait_for_job_container:
+ containers:
+ - '{{ include "common.name" . }}'
diff --git a/kubernetes/common/network-name-gen/templates/deployment.yaml b/kubernetes/common/network-name-gen/templates/deployment.yaml
index 9bdf19c7ec..97fece8a54 100644
--- a/kubernetes/common/network-name-gen/templates/deployment.yaml
+++ b/kubernetes/common/network-name-gen/templates/deployment.yaml
@@ -80,7 +80,11 @@ spec:
- name: POL_BASIC_AUTH_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pol-basic-auth-secret" "key" "password") | indent 10}}
- name: POL_URL
- value: "{{ .Values.config.polUrl }}"
+ {{- if (include "common.needTLS" .) }}
+ value: "{{ .Values.config.polUrl.https }}"
+ {{- else }}
+ value: "{{ .Values.config.polUrl.http }}"
+ {{- end }}
- name: POL_ENV
value: "{{ .Values.config.polEnv }}"
- name: POL_REQ_ID
@@ -90,7 +94,11 @@ spec:
- name: AAI_CERT_PATH
value: "{{ .Values.config.aaiCertPath }}"
- name: AAI_URI
- value: "{{ .Values.config.aaiUri }}"
+ {{- if (include "common.needTLS" .) }}
+ value: "{{ .Values.config.aaiUri.https }}"
+ {{- else }}
+ value: "{{ .Values.config.aaiUri.http }}"
+ {{- end }}
- name: AAI_AUTH
value: "{{ .Values.config.aaiAuth }}"
- name: DISABLE_HOST_VERIFICATION
diff --git a/kubernetes/common/network-name-gen/values.yaml b/kubernetes/common/network-name-gen/values.yaml
index 5f864a6555..e5e2a7a338 100644
--- a/kubernetes/common/network-name-gen/values.yaml
+++ b/kubernetes/common/network-name-gen/values.yaml
@@ -87,14 +87,18 @@ config:
polClientAuth: cHl0aG9uOnRlc3Q=
polBasicAuthUser: healthcheck
polBasicAuthPassword: zb!XztG34
- polUrl: https://policy-xacml-pdp:6969/policy/pdpx/v1/decision
+ polUrl:
+ https: https://policy-xacml-pdp:6969/policy/pdpx/v1/decision
+ http: http://policy-xacml-pdp:8080/policy/pdpx/v1/decision
polEnv: TEST
polReqId: xx
disableHostVerification: true
aaiCertPass: changeit
aaiCertPath: /opt/etc/config/aai_keystore
aaiAuth: QUFJOkFBSQ==
- aaiUri: https://aai:8443/aai/v14/
+ aaiUri:
+ https: https://aai:8443/aai/v14/
+ http: http://aai:8080/aai/v14/
# default number of instances
replicaCount: 1
@@ -118,7 +122,7 @@ readiness:
service:
type: ClusterIP
name: neng-serv
- portName: neng-serv-port
+ portName: http
internalPort: 8080
externalPort: 8080
diff --git a/kubernetes/common/postgres-init/templates/job.yaml b/kubernetes/common/postgres-init/templates/job.yaml
index 01151bb4a9..d9a7386f83 100644
--- a/kubernetes/common/postgres-init/templates/job.yaml
+++ b/kubernetes/common/postgres-init/templates/job.yaml
@@ -59,6 +59,8 @@ spec:
}
export PG_PASSWORD=`prepare_password $PG_PASSWORD_INPUT`;
export PG_ROOT_PASSWORD=`prepare_password $PG_ROOT_PASSWORD_INPUT`;
+ {{- if include "common.onServiceMesh" . }}
+ echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done;
psql "postgresql://postgres:$PG_ROOT_PASSWORD@$PG_HOST" < /config/setup.sql
env:
@@ -98,6 +100,7 @@ spec:
name: pgconf
resources:
{{ include "common.resources" . | indent 12 }}
+ {{ include "common.waitForJobContainer" . | indent 6 | trim }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
diff --git a/kubernetes/common/postgres-init/values.yaml b/kubernetes/common/postgres-init/values.yaml
index 7bcd8e23b4..d6d51f0b51 100644
--- a/kubernetes/common/postgres-init/values.yaml
+++ b/kubernetes/common/postgres-init/values.yaml
@@ -89,3 +89,7 @@ resources:
cpu: 1
memory: 2Gi
unlimited: {}
+
+wait_for_job_container:
+ containers:
+ - '{{ include "common.name" . }}-update-config' \ No newline at end of file
diff --git a/kubernetes/contrib/components/ejbca/templates/deployment.yaml b/kubernetes/contrib/components/ejbca/templates/deployment.yaml
index 6bd5b259ea..a36dcacb23 100644
--- a/kubernetes/contrib/components/ejbca/templates/deployment.yaml
+++ b/kubernetes/contrib/components/ejbca/templates/deployment.yaml
@@ -22,6 +22,16 @@ spec:
selector: {{- include "common.selectors" . | nindent 4 }}
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ {{- if (include "common.onServiceMesh" . ) }}
+ annotations:
+ {{- if eq ( .Values.global.serviceMesh.engine ) "linkerd" }}
+ linkerd.io/inject: disabled
+ {{- end }}
+ {{- if eq ( .Values.global.serviceMesh.engine ) "istio" }}
+ sidecar.istio.io/rewriteAppHTTPProbers: "false"
+ proxy.istio.io/config: '{ "holdApplicationUntilProxyStarts": true }'
+ {{- end }}
+ {{- end }}
spec:
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
@@ -51,7 +61,11 @@ spec:
lifecycle:
postStart:
exec:
- command: ["/bin/sh", "-c", "/opt/primekey/scripts/ejbca-config.sh"]
+ command:
+ - sh
+ - -c
+ - |
+ sleep 60; /opt/primekey/scripts/ejbca-config.sh
volumeMounts:
- name: "{{ include "common.fullname" . }}-volume"
mountPath: /opt/primekey/scripts/
diff --git a/kubernetes/contrib/components/ejbca/values.yaml b/kubernetes/contrib/components/ejbca/values.yaml
index 52e0e750a0..b777a7d388 100644
--- a/kubernetes/contrib/components/ejbca/values.yaml
+++ b/kubernetes/contrib/components/ejbca/values.yaml
@@ -86,14 +86,14 @@ affinity: {}
# probe configuration parameters
liveness:
path: /ejbca/publicweb/healthcheck/ejbcahealth
- port: api
- initialDelaySeconds: 30
+ port: 8443
+ initialDelaySeconds: 180
periodSeconds: 30
readiness:
path: /ejbca/publicweb/healthcheck/ejbcahealth
- port: api
- initialDelaySeconds: 30
+ port: 8443
+ initialDelaySeconds: 180
periodSeconds: 30
service:
@@ -106,7 +106,7 @@ service:
port_protocol: http
# Resource Limit flavor -By Default using small
-flavor: small
+flavor: unlimited
# Segregation for Different environment (Small and Large)
resources:
small:
diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/resources/config/base/values.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/resources/config/base/values.yaml
index 7609ba6568..99160210d0 100644
--- a/kubernetes/dcaemod/components/dcaemod-runtime-api/resources/config/base/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/resources/config/base/values.yaml
@@ -22,13 +22,6 @@ global:
nodePortPrefixExt: 304
#################################################################
-# Filebeat configuration defaults.
-#################################################################
-filebeatConfig:
- logstashServiceName: log-ls
- logstashPort: 5044
-
-#################################################################
# initContainer images.
#################################################################
tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
@@ -66,12 +59,8 @@ mongo:
# log directory where logging sidecar should look for log files
# if absent, no sidecar will be deployed
-#logDirectory: TBD #/opt/app/VESCollector/logs #DONE
-
-# Following requires manual override until fix for DCAEGEN2-3087
-# is available to switch logDirectory setting to log.path
-log:
- path: /opt/app/
+#log:
+# path: TBD #/opt/app/VESCollector/logs #DONE
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
# directory where TLS certs should be stored
diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml
index 5c50381309..64d196d908 100644
--- a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml
@@ -93,7 +93,7 @@ readiness:
# application image
-image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.3.2
+image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.3.3
# Resource Limit flavor -By Default using small
flavor: small
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml
index c49762202b..ce5e410abe 100644
--- a/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml
+++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml
@@ -32,6 +32,16 @@ spec:
metadata:
labels:
control-plane: controller-manager
+ {{- if (include "common.onServiceMesh" . | nindent 6 ) }}
+ annotations:
+ {{- if eq ( .Values.global.serviceMesh.engine ) "linkerd" }}
+ linkerd.io/inject: disabled
+ {{- end }}
+ {{- if eq ( .Values.global.serviceMesh.engine ) "istio" }}
+ traffic.sidecar.istio.io/excludeInboundPorts: "8080,8443"
+ traffic.sidecar.istio.io/includeInboundPorts: '*'
+ {{- end }}
+ {{- end }}
spec:
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml b/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml
index 8215ed949e..5f80a7dc75 100644
--- a/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml
+++ b/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml
@@ -22,6 +22,16 @@ spec:
selector: {{- include "common.selectors" . | nindent 4 }}
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ {{- if (include "common.onServiceMesh" . ) }}
+ annotations:
+ {{- if eq ( .Values.global.serviceMesh.engine ) "linkerd" }}
+ linkerd.io/inject: disabled
+ {{- end }}
+ {{- if eq ( .Values.global.serviceMesh.engine ) "istio" }}
+ traffic.sidecar.istio.io/excludeInboundPorts: "8080,8443"
+ traffic.sidecar.istio.io/includeInboundPorts: '*'
+ {{- end }}
+ {{- end }}
spec:
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"