diff options
-rw-r--r-- | kubernetes/cli/Chart.yaml | 3 | ||||
-rw-r--r-- | kubernetes/cli/resources/configuration/lighttpd.conf | 17 | ||||
-rw-r--r-- | kubernetes/cli/templates/NOTES.txt | 33 | ||||
-rw-r--r-- | kubernetes/cli/templates/configmap.yaml | 12 | ||||
-rw-r--r-- | kubernetes/cli/templates/deployment.yaml | 43 | ||||
-rw-r--r-- | kubernetes/cli/templates/ingress.yaml | 15 | ||||
-rw-r--r-- | kubernetes/cli/templates/service.yaml | 35 | ||||
-rw-r--r-- | kubernetes/cli/values.yaml | 98 | ||||
-rw-r--r-- | kubernetes/robot/resources/config/eteshare/config/robot_properties.py | 4 |
9 files changed, 71 insertions, 189 deletions
diff --git a/kubernetes/cli/Chart.yaml b/kubernetes/cli/Chart.yaml index 16885d96a3..884ee004ab 100644 --- a/kubernetes/cli/Chart.yaml +++ b/kubernetes/cli/Chart.yaml @@ -26,9 +26,6 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' - - name: certInitializer - version: ~12.x-0 - repository: '@local' - name: repositoryGenerator version: ~12.x-0 repository: '@local' diff --git a/kubernetes/cli/resources/configuration/lighttpd.conf b/kubernetes/cli/resources/configuration/lighttpd.conf index 0809868b35..f1735a1e5d 100644 --- a/kubernetes/cli/resources/configuration/lighttpd.conf +++ b/kubernetes/cli/resources/configuration/lighttpd.conf @@ -1,6 +1,7 @@ {{/* # Copyright 2018 Huawei Technologies Co., Ltd. # Copyright 2021 Huawei Technologies Co., Ltd. +# Modifications Copyright © 2023 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,9 +19,7 @@ server.document-root = "/var/www-data/servers/open-cli/" server.username = "www-data" server.groupname = "www-data" -server.port = 443 -ssl.engine = "enable" -ssl.pemfile = "{{ .Values.certInitializer.credsPath }}/certs/fullchain.pem" +server.port = {{ .Values.containerPort }} mimetype.assign = ( ".html" => "text/html", @@ -38,18 +37,8 @@ server.modules = ( "mod_proxy", "mod_alias", "mod_compress", - "mod_redirect", -# "mod_rewrite", + "mod_redirect" ) -#server.upload-dirs = ( "/var/cache/lighttpd/uploads" ) server.errorlog = "/var/log/lighttpd/error.log" server.pid-file = "/var/run/lighttpd.pid" -#compress.cache-dir = "/var/cache/lighttpd/compress/" -#compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" ) - -# default listening port for IPv6 falls back to the IPv4 port -## Use ipv6 if available -#include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port -#include_shell "/usr/share/lighttpd/create-mime.assign.pl" -#include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
\ No newline at end of file diff --git a/kubernetes/cli/templates/NOTES.txt b/kubernetes/cli/templates/NOTES.txt deleted file mode 100644 index f3fe9c9d55..0000000000 --- a/kubernetes/cli/templates/NOTES.txt +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/cli/templates/configmap.yaml b/kubernetes/cli/templates/configmap.yaml index ae515a0ec5..a4c636f0e4 100644 --- a/kubernetes/cli/templates/configmap.yaml +++ b/kubernetes/cli/templates/configmap.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2021 Orange +# Modifications Copyright © 2023 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,13 +17,6 @@ apiVersion: v1 kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-lighttpd - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} data: -{{ tpl (.Files.Glob "resources/configuration/*").AsConfig . | indent 2 }}
\ No newline at end of file +{{ tpl (.Files.Glob "resources/configuration/*").AsConfig . | indent 2 }} diff --git a/kubernetes/cli/templates/deployment.yaml b/kubernetes/cli/templates/deployment.yaml index 0a3f967eee..06a5168bcc 100644 --- a/kubernetes/cli/templates/deployment.yaml +++ b/kubernetes/cli/templates/deployment.yaml @@ -16,50 +16,35 @@ apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ include "common.name" . }} + selector: {{- include "common.selectors" . | nindent 4 }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: - initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - - containerPort: {{ .Values.service.internalPort1 }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container + ports: {{ include "common.containerPorts" . | nindent 12 }} {{- if eq .Values.liveness.enabled true }} livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} + httpGet: + port: {{ .Values.liveness.port }} + path: {{ .Values.liveness.path }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} + httpGet: + port: {{ .Values.readiness.port }} + path: {{ .Values.readiness.path }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: {{- include "common.certInitializer.volumeMount" . | nindent 10 }} + volumeMounts: - name: lighttpd - mountPath: "/etc/lighttpd/lighttpd.conf" + mountPath: /etc/lighttpd/lighttpd.conf subPath: lighttpd.conf readOnly: true env: @@ -76,9 +61,9 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} + volumes: - name: lighttpd configMap: - name: {{ include "common.fullname" . }}-lighttpd + name: {{ include "common.fullname" . }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/cli/templates/ingress.yaml b/kubernetes/cli/templates/ingress.yaml index 8f87c68f1e..0deb6ce481 100644 --- a/kubernetes/cli/templates/ingress.yaml +++ b/kubernetes/cli/templates/ingress.yaml @@ -1 +1,16 @@ +{{/* +# Modifications Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} {{ include "common.ingress" . }} diff --git a/kubernetes/cli/templates/service.yaml b/kubernetes/cli/templates/service.yaml index eaa85086b3..b33db211f9 100644 --- a/kubernetes/cli/templates/service.yaml +++ b/kubernetes/cli/templates/service.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2023 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,36 +15,4 @@ # limitations under the License. */}} -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.name }}{{ .Values.service.externalPort }} - - port: {{ .Values.service.externalPort1 }} - targetPort: {{ .Values.service.internalPort1 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort1 }} - name: {{ .Values.service.name }}{{ .Values.service.externalPort1 }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.name }}{{ .Values.service.externalPort }} - - port: {{ .Values.service.externalPort1 }} - targetPort: {{ .Values.service.internalPort1 }} - name: {{ .Values.service.name }}{{ .Values.service.externalPort1 }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} +{{ include "common.service" . }} diff --git a/kubernetes/cli/values.yaml b/kubernetes/cli/values.yaml index db36661383..437e04ac9d 100644 --- a/kubernetes/cli/values.yaml +++ b/kubernetes/cli/values.yaml @@ -1,4 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2023 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,63 +17,45 @@ # Global configuration defaults. ################################################################# global: - nodePortPrefix: 302 - -################################################################# -# Certificate configuration -################################################################# -certInitializer: - nameOverride: cli-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - # aafDeployCredsExternalSecret: some secret - fqdn: "cli" - app_ns: "org.osaaf.aaf" - fqi_namespace: "org.onap.cli" - fqi: "cli@cli.onap.org" - public_fqdn: "aaf.osaaf.org" - cadi_longitude: "0.0" - cadi_latitude: "0.0" - credsPath: /opt/app/osaaf/local - aaf_add_config: | - echo "*** transform AAF certs into pem files" - mkdir -p {{ .Values.credsPath }}/certs - keytool -exportcert -rfc -file {{ .Values.credsPath }}/certs/cacert.pem \ - -keystore {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.trust.jks \ - -alias ca_local_0 \ - -storepass $cadi_truststore_password - openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \ - -nokeys -out {{ .Values.credsPath }}/certs/cert.pem \ - -passin pass:$cadi_keystore_password_p12 \ - -passout pass:$cadi_keystore_password_p12 - echo "*** generating needed file" - cat {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key \ - {{ .Values.credsPath }}/certs/cert.pem \ - {{ .Values.credsPath }}/certs/cacert.pem \ - > {{ .Values.credsPath }}/certs/fullchain.pem; - cat {{ .Values.credsPath }}/certs/fullchain.pem - echo "*** change ownership of certificates to targeted user" - chown -R 33 {{ .Values.credsPath }} - - + persistence: {} ################################################################# # Application configuration defaults. ################################################################# # application image image: onap/cli:6.0.1 -pullPolicy: Always +pullPolicy: IfNotPresent + +# flag to enable debugging - application support required +debugEnabled: false + +nodeSelector: {} +affinity: {} + +# Resource Limit flavor -By Default using small flavor: small +# default number of instances +replicaCount: 1 # application configuration config: climode: daemon -# default number of instances -replicaCount: 1 - -nodeSelector: {} +containerPort: &svc_port 8080 +service: + type: ClusterIP + name: cli + ports: + - name: http + port: *svc_port + targetPort: *svc_port -affinity: {} +ingress: + enabled: true + service: + - baseaddr: "cli-api" + path: "/" + name: "cps" + port: *svc_port # probe configuration parameters liveness: @@ -81,32 +64,15 @@ liveness: # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true + port: *svc_port + path: / readiness: initialDelaySeconds: 10 periodSeconds: 10 + port: *svc_port + path: / -service: - type: NodePort - name: cli - externalPort: 443 - externalPort1: 9443 - internalPort: "443" - internalPort1: 9443 - nodePort: "60" - nodePort1: "71" - -ingress: - enabled: false - service: - - baseaddr: "cli-api" - name: "cli" - port: 443 - - baseaddr: "cli2-api" - name: cli - port: 9443 - config: - ssl: "redirect" # Configure resource requests and limits # ref: http://kubernetes.io/docs/user-guide/compute-resources/ diff --git a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py index c57685a37e..ff977554b3 100644 --- a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py +++ b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py @@ -143,8 +143,8 @@ GLOBAL_CLAMP_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostn GLOBAL_NBI_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}' GLOBAL_NBI_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "nbi" "port" ( ternary 8443 8080 (eq "true" (include "common.needTLS" . )))) }}' # cli info - everything is from the private oam network (also called onap private network) -GLOBAL_CLI_SERVER_PROTOCOL = "https" -GLOBAL_CLI_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "cli" "port" 443) }}' +GLOBAL_CLI_SERVER_PROTOCOL = "http" +GLOBAL_CLI_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "cli" "port" 8080) }}' # dcae info - everything is from the private oam network (also called onap private network) GLOBAL_DCAE_SERVER_PROTOCOL = "http" GLOBAL_DCAE_HEALTH_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcae-healthcheck" "port" 80) }}' |