diff options
16 files changed, 93 insertions, 26 deletions
diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml index f23955db2e..ddad8d7360 100644 --- a/kubernetes/common/dgbuilder/values.yaml +++ b/kubernetes/common/dgbuilder/values.yaml @@ -130,7 +130,7 @@ readiness: service: type: NodePort name: dgbuilder - portName: dgbuilder + portName: http externalPort: 3000 internalPort: 3100 nodePort: 28 diff --git a/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml index ea805c1813..a7278ba104 100644 --- a/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml +++ b/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml @@ -111,6 +111,12 @@ spec: value: "yes" - name: ELASTICSEARCH_NODE_TYPE value: "data" + - name: network.bind_host + value: 127.0.0.1 + - name: network.publish_host + valueFrom: + fieldRef: + fieldPath: status.podIP ports: {{- include "common.containerPorts" . |indent 12 }} {{- if .Values.livenessProbe.enabled }} livenessProbe: diff --git a/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml index a35b4bf741..85ea2bbc54 100644 --- a/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml +++ b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml @@ -115,6 +115,12 @@ spec: value: {{ .Values.dedicatednode | quote }} - name: ELASTICSEARCH_NODE_TYPE value: "master" + - name: network.bind_host + value: 127.0.0.1 + - name: network.publish_host + valueFrom: + fieldRef: + fieldPath: status.podIP ports: {{- include "common.containerPorts" . |indent 12 }} {{- if .Values.livenessProbe.enabled }} livenessProbe: diff --git a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml index 22de4dbf37..05e09cb696 100644 --- a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml +++ b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml @@ -113,6 +113,12 @@ spec: value: "coordinating" - name: ELASTICSEARCH_PORT_NUMBER value: "9000" + - name: network.bind_host + value: 127.0.0.1 + - name: network.publish_host + valueFrom: + fieldRef: + fieldPath: status.podIP {{/*ports: {{- include "common.containerPorts" . | indent 12 -}} */}} {{- if .Values.livenessProbe.enabled }} livenessProbe: diff --git a/kubernetes/common/etcd-init/templates/job.yaml b/kubernetes/common/etcd-init/templates/job.yaml index 69bcfaaf99..9d7dcc26da 100644 --- a/kubernetes/common/etcd-init/templates/job.yaml +++ b/kubernetes/common/etcd-init/templates/job.yaml @@ -55,6 +55,8 @@ spec: - /bin/sh - -ec - | + {{- if include "common.onServiceMesh" . }} + echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }} # Create users export ETCDCTL_ENDPOINTS=http://${ETCD_HOST}:${ETCD_PORT} export ETCDCTL_API=3 @@ -89,6 +91,7 @@ spec: name: localtime readOnly: true resources: {{ include "common.resources" . | nindent 12 }} + {{ include "common.waitForJobContainer" . | indent 6 | trim }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} {{- end -}} diff --git a/kubernetes/common/etcd-init/values.yaml b/kubernetes/common/etcd-init/values.yaml index c99c9f1e5b..6ccfb3e5d7 100644 --- a/kubernetes/common/etcd-init/values.yaml +++ b/kubernetes/common/etcd-init/values.yaml @@ -72,3 +72,7 @@ resources: cpu: 20m memory: 20Mi unlimited: {} + +wait_for_job_container: + containers: + - '{{ include "common.name" . }}' diff --git a/kubernetes/common/network-name-gen/templates/deployment.yaml b/kubernetes/common/network-name-gen/templates/deployment.yaml index 9bdf19c7ec..97fece8a54 100644 --- a/kubernetes/common/network-name-gen/templates/deployment.yaml +++ b/kubernetes/common/network-name-gen/templates/deployment.yaml @@ -80,7 +80,11 @@ spec: - name: POL_BASIC_AUTH_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pol-basic-auth-secret" "key" "password") | indent 10}} - name: POL_URL - value: "{{ .Values.config.polUrl }}" + {{- if (include "common.needTLS" .) }} + value: "{{ .Values.config.polUrl.https }}" + {{- else }} + value: "{{ .Values.config.polUrl.http }}" + {{- end }} - name: POL_ENV value: "{{ .Values.config.polEnv }}" - name: POL_REQ_ID @@ -90,7 +94,11 @@ spec: - name: AAI_CERT_PATH value: "{{ .Values.config.aaiCertPath }}" - name: AAI_URI - value: "{{ .Values.config.aaiUri }}" + {{- if (include "common.needTLS" .) }} + value: "{{ .Values.config.aaiUri.https }}" + {{- else }} + value: "{{ .Values.config.aaiUri.http }}" + {{- end }} - name: AAI_AUTH value: "{{ .Values.config.aaiAuth }}" - name: DISABLE_HOST_VERIFICATION diff --git a/kubernetes/common/network-name-gen/values.yaml b/kubernetes/common/network-name-gen/values.yaml index 5f864a6555..e5e2a7a338 100644 --- a/kubernetes/common/network-name-gen/values.yaml +++ b/kubernetes/common/network-name-gen/values.yaml @@ -87,14 +87,18 @@ config: polClientAuth: cHl0aG9uOnRlc3Q= polBasicAuthUser: healthcheck polBasicAuthPassword: zb!XztG34 - polUrl: https://policy-xacml-pdp:6969/policy/pdpx/v1/decision + polUrl: + https: https://policy-xacml-pdp:6969/policy/pdpx/v1/decision + http: http://policy-xacml-pdp:8080/policy/pdpx/v1/decision polEnv: TEST polReqId: xx disableHostVerification: true aaiCertPass: changeit aaiCertPath: /opt/etc/config/aai_keystore aaiAuth: QUFJOkFBSQ== - aaiUri: https://aai:8443/aai/v14/ + aaiUri: + https: https://aai:8443/aai/v14/ + http: http://aai:8080/aai/v14/ # default number of instances replicaCount: 1 @@ -118,7 +122,7 @@ readiness: service: type: ClusterIP name: neng-serv - portName: neng-serv-port + portName: http internalPort: 8080 externalPort: 8080 diff --git a/kubernetes/common/postgres-init/templates/job.yaml b/kubernetes/common/postgres-init/templates/job.yaml index 01151bb4a9..d9a7386f83 100644 --- a/kubernetes/common/postgres-init/templates/job.yaml +++ b/kubernetes/common/postgres-init/templates/job.yaml @@ -59,6 +59,8 @@ spec: } export PG_PASSWORD=`prepare_password $PG_PASSWORD_INPUT`; export PG_ROOT_PASSWORD=`prepare_password $PG_ROOT_PASSWORD_INPUT`; + {{- if include "common.onServiceMesh" . }} + echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }} cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done; psql "postgresql://postgres:$PG_ROOT_PASSWORD@$PG_HOST" < /config/setup.sql env: @@ -98,6 +100,7 @@ spec: name: pgconf resources: {{ include "common.resources" . | indent 12 }} + {{ include "common.waitForJobContainer" . | indent 6 | trim }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} diff --git a/kubernetes/common/postgres-init/values.yaml b/kubernetes/common/postgres-init/values.yaml index 7bcd8e23b4..d6d51f0b51 100644 --- a/kubernetes/common/postgres-init/values.yaml +++ b/kubernetes/common/postgres-init/values.yaml @@ -89,3 +89,7 @@ resources: cpu: 1 memory: 2Gi unlimited: {} + +wait_for_job_container: + containers: + - '{{ include "common.name" . }}-update-config'
\ No newline at end of file diff --git a/kubernetes/contrib/components/ejbca/templates/deployment.yaml b/kubernetes/contrib/components/ejbca/templates/deployment.yaml index 6bd5b259ea..a36dcacb23 100644 --- a/kubernetes/contrib/components/ejbca/templates/deployment.yaml +++ b/kubernetes/contrib/components/ejbca/templates/deployment.yaml @@ -22,6 +22,16 @@ spec: selector: {{- include "common.selectors" . | nindent 4 }} template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} + {{- if (include "common.onServiceMesh" . ) }} + annotations: + {{- if eq ( .Values.global.serviceMesh.engine ) "linkerd" }} + linkerd.io/inject: disabled + {{- end }} + {{- if eq ( .Values.global.serviceMesh.engine ) "istio" }} + sidecar.istio.io/rewriteAppHTTPProbers: "false" + proxy.istio.io/config: '{ "holdApplicationUntilProxyStarts": true }' + {{- end }} + {{- end }} spec: imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" @@ -51,7 +61,11 @@ spec: lifecycle: postStart: exec: - command: ["/bin/sh", "-c", "/opt/primekey/scripts/ejbca-config.sh"] + command: + - sh + - -c + - | + sleep 60; /opt/primekey/scripts/ejbca-config.sh volumeMounts: - name: "{{ include "common.fullname" . }}-volume" mountPath: /opt/primekey/scripts/ diff --git a/kubernetes/contrib/components/ejbca/values.yaml b/kubernetes/contrib/components/ejbca/values.yaml index 52e0e750a0..b777a7d388 100644 --- a/kubernetes/contrib/components/ejbca/values.yaml +++ b/kubernetes/contrib/components/ejbca/values.yaml @@ -86,14 +86,14 @@ affinity: {} # probe configuration parameters liveness: path: /ejbca/publicweb/healthcheck/ejbcahealth - port: api - initialDelaySeconds: 30 + port: 8443 + initialDelaySeconds: 180 periodSeconds: 30 readiness: path: /ejbca/publicweb/healthcheck/ejbcahealth - port: api - initialDelaySeconds: 30 + port: 8443 + initialDelaySeconds: 180 periodSeconds: 30 service: @@ -106,7 +106,7 @@ service: port_protocol: http # Resource Limit flavor -By Default using small -flavor: small +flavor: unlimited # Segregation for Different environment (Small and Large) resources: small: diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/resources/config/base/values.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/resources/config/base/values.yaml index 7609ba6568..99160210d0 100644 --- a/kubernetes/dcaemod/components/dcaemod-runtime-api/resources/config/base/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/resources/config/base/values.yaml @@ -22,13 +22,6 @@ global: nodePortPrefixExt: 304 ################################################################# -# Filebeat configuration defaults. -################################################################# -filebeatConfig: - logstashServiceName: log-ls - logstashPort: 5044 - -################################################################# # initContainer images. ################################################################# tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 @@ -66,12 +59,8 @@ mongo: # log directory where logging sidecar should look for log files # if absent, no sidecar will be deployed -#logDirectory: TBD #/opt/app/VESCollector/logs #DONE - -# Following requires manual override until fix for DCAEGEN2-3087 -# is available to switch logDirectory setting to log.path -log: - path: /opt/app/ +#log: +# path: TBD #/opt/app/VESCollector/logs #DONE logConfigMapNamePrefix: '{{ include "common.fullname" . }}' # directory where TLS certs should be stored diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml index 5c50381309..64d196d908 100644 --- a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml @@ -93,7 +93,7 @@ readiness: # application image -image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.3.2 +image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.3.3 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml index c49762202b..ce5e410abe 100644 --- a/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml +++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml @@ -32,6 +32,16 @@ spec: metadata: labels: control-plane: controller-manager + {{- if (include "common.onServiceMesh" . | nindent 6 ) }} + annotations: + {{- if eq ( .Values.global.serviceMesh.engine ) "linkerd" }} + linkerd.io/inject: disabled + {{- end }} + {{- if eq ( .Values.global.serviceMesh.engine ) "istio" }} + traffic.sidecar.istio.io/excludeInboundPorts: "8080,8443" + traffic.sidecar.istio.io/includeInboundPorts: '*' + {{- end }} + {{- end }} spec: imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml b/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml index 8215ed949e..5f80a7dc75 100644 --- a/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml +++ b/kubernetes/platform/components/oom-cert-service/templates/deployment.yaml @@ -22,6 +22,16 @@ spec: selector: {{- include "common.selectors" . | nindent 4 }} template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} + {{- if (include "common.onServiceMesh" . ) }} + annotations: + {{- if eq ( .Values.global.serviceMesh.engine ) "linkerd" }} + linkerd.io/inject: disabled + {{- end }} + {{- if eq ( .Values.global.serviceMesh.engine ) "istio" }} + traffic.sidecar.istio.io/excludeInboundPorts: "8080,8443" + traffic.sidecar.istio.io/includeInboundPorts: '*' + {{- end }} + {{- end }} spec: imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" |