diff options
| -rw-r--r-- | docs/sections/guides/deployment_guides/oom_customize_overrides.rst | 14 | ||||
| -rw-r--r-- | docs/sections/guides/infra_guides/oom_base_optional_addons.rst | 2 | ||||
| -rw-r--r-- | kubernetes/common/common/templates/_ingress.tpl | 86 | ||||
| -rw-r--r-- | kubernetes/common/network-name-gen/values.yaml | 4 | ||||
| -rw-r--r-- | kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml | 4 | ||||
| -rw-r--r-- | kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml | 10 | ||||
| -rwxr-xr-x | kubernetes/onap/values.yaml | 18 | ||||
| -rwxr-xr-x | kubernetes/policy/resources/config/db.sh | 6 | ||||
| -rwxr-xr-x | kubernetes/policy/templates/job.yaml | 12 | ||||
| -rwxr-xr-x | kubernetes/policy/values.yaml | 6 |
10 files changed, 115 insertions, 47 deletions
diff --git a/docs/sections/guides/deployment_guides/oom_customize_overrides.rst b/docs/sections/guides/deployment_guides/oom_customize_overrides.rst index a49543cc0c..90a20613fa 100644 --- a/docs/sections/guides/deployment_guides/oom_customize_overrides.rst +++ b/docs/sections/guides/deployment_guides/oom_customize_overrides.rst @@ -60,9 +60,17 @@ Global settings relevant for ServiceMesh: # enable all component's Ingress interfaces enable_all: false # default Ingress base URL - # can be overwritten in component by setting ingress.baseurlOverride + # All http requests via ingress will be redirected virtualhost: + # Default Ingress base URL + # can be overwritten in component by setting ingress.baseurlOverride baseurl: "simpledemo.onap.org" + # prefix for baseaddr + # can be overwritten in component by setting ingress.preaddrOverride + preaddr: "" + # postfix for baseaddr + # can be overwritten in component by setting ingress.postaddrOverride + postaddr: "" # All http requests via ingress will be redirected on Ingress controller # only valid for Istio Gateway (ServiceMesh enabled) config: @@ -101,6 +109,10 @@ Ingress settings: - enable_all: true → enables Ingress configuration in each component - virtualhost.baseurl: "simpledemo.onap.org" → sets globally the URL for all Interfaces set by the components, resulting in e.g. "aai-api.simpledemo.onap.org", can be overwritten in the component via: ingress.baseurlOverride +- virtualhost.preaddr: "pre-" → sets globally a prefix for the Application name for all Interfaces set by the components, + resulting in e.g. "pre-aai-api.simpledemo.onap.org", can be overwritten in the component via: ingress.preaddrOverride +- virtualhost.postaddr: "-post" → sets globally a postfix for the Application name for all Interfaces set by the components, + resulting in e.g. "aai-api-post.simpledemo.onap.org", can be overwritten in the component via: ingress.postaddrOverride - config.ssl: redirect → sets in the Ingress globally the redirection of all Interfaces from http (port 80) to https (port 443) - config.tls.secret: "..." → (optional) overrides the default selfsigned SSL certificate with a certificate stored in the specified secret - namespace: istio-ingress → (optional) overrides the namespace of the ingress gateway which is used for the created SSL certificate diff --git a/docs/sections/guides/infra_guides/oom_base_optional_addons.rst b/docs/sections/guides/infra_guides/oom_base_optional_addons.rst index 5f81a363e9..b424c65c7d 100644 --- a/docs/sections/guides/infra_guides/oom_base_optional_addons.rst +++ b/docs/sections/guides/infra_guides/oom_base_optional_addons.rst @@ -128,7 +128,7 @@ Install Istio Gateway <recommended-istio-version> with the version defined in the :ref:`versions_table` table:: - > helm upgrade -i istio-ingressgateway istio/gateway -n istio-ingress + > helm upgrade -i istio-ingress istio/gateway -n istio-ingress --version <recommended-istio-version> --wait Kiali Installation diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl index d8a944712a..7065338cf9 100644 --- a/kubernetes/common/common/templates/_ingress.tpl +++ b/kubernetes/common/common/templates/_ingress.tpl @@ -23,45 +23,87 @@ {{- define "ingress.config.host" -}} {{- $dot := default . .dot -}} {{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}} +{{- $preaddr := default "" $dot.Values.global.ingress.virtualhost.preaddr -}} +{{- $preaddr := include "common.ingress._overrideIfDefined" (dict "currVal" $preaddr "parent" (default (dict) $dot.Values.ingress) "var" "preaddrOverride") -}} +{{- $postaddr := default "" $dot.Values.global.ingress.virtualhost.postaddr -}} +{{- $postaddr := include "common.ingress._overrideIfDefined" (dict "currVal" $postaddr "parent" (default (dict) $dot.Values.ingress) "var" "postaddrOverride") -}} {{- $burl := (required "'baseurl' param, set to the generic part of the fqdn, is required." $dot.Values.global.ingress.virtualhost.baseurl) -}} {{- $burl := include "common.ingress._overrideIfDefined" (dict "currVal" $burl "parent" (default (dict) $dot.Values.ingress) "var" "baseurlOverride") -}} -{{ printf "%s.%s" $baseaddr $burl }} +{{ printf "%s%s%s.%s" $preaddr $baseaddr $postaddr $burl }} {{- end -}} {{/* - Helper function to add the tls route + Istio Helper function to add the tls route */}} -{{- define "ingress.config.tls" -}} +{{- define "istio.config.tls_simple" -}} {{- $dot := default . .dot -}} -{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}} + tls: {{- if $dot.Values.global.ingress.config }} -{{- if $dot.Values.global.ingress.config.ssl }} -{{- if eq $dot.Values.global.ingress.config.ssl "redirect" }} +{{- if $dot.Values.global.ingress.config.tls }} + credentialName: {{ default "ingress-tls-secret" $dot.Values.global.ingress.config.tls.secret }} +{{- else }} + credentialName: "ingress-tls-secret" +{{- end }} +{{- else }} + credentialName: "ingress-tls-secret" +{{- end }} + mode: SIMPLE +{{- end -}} + +{{/* + Istio Helper function to add the tls route +*/}} +{{- define "istio.config.tls" -}} +{{- $dot := default . .dot -}} +{{- $service := (required "'service' param, set to the specific service, is required." .service) -}} +{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}} +{{- if $service.exposedPort }} +{{- if $service.exposedProtocol }} +{{- if eq $service.exposedProtocol "TLS" }} + {{ include "istio.config.tls_simple" (dict "dot" $dot ) }} +{{- end }} +{{- end }} +{{- else }} +{{- if $dot.Values.global.ingress.config }} +{{- if $dot.Values.global.ingress.config.ssl }} +{{- if eq $dot.Values.global.ingress.config.ssl "redirect" }} tls: httpsRedirect: true - port: number: 443 name: https protocol: HTTPS - tls: -{{- if $dot.Values.global.ingress.config }} -{{- if $dot.Values.global.ingress.config.tls }} - credentialName: {{ default "ingress-tls-secret" $dot.Values.global.ingress.config.tls.secret }} -{{- else }} - credentialName: "ingress-tls-secret" -{{- end }} -{{- else }} - credentialName: "ingress-tls-secret" -{{- end }} - mode: SIMPLE + {{ include "istio.config.tls_simple" (dict "dot" $dot ) }} hosts: - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} +{{- end }} {{- end }} {{- end }} {{- end }} {{- end -}} {{/* + Istio Helper function to add the external port of the service +*/}} +{{- define "istio.config.port" -}} +{{- $dot := default . .dot -}} +{{- if .exposedPort }} + number: {{ .exposedPort }} +{{- if .exposedProtocol }} + name: {{ .baseaddr }} + protocol: {{ .exposedProtocol }} +{{- else }} + name: http + protocol: HTTP +{{- end -}} +{{- else }} + number: 80 + name: http + protocol: HTTP +{{- end -}} +{{- end -}} + +{{/* Helper function to add the route to the service */}} {{- define "ingress.config.port" -}} @@ -88,7 +130,7 @@ {{- end -}} {{/* - Helper function to add the route to the service + Istio Helper function to add the route to the service */}} {{- define "istio.config.route" -}} {{- $dot := default . .dot -}} @@ -196,15 +238,13 @@ metadata: name: {{ $baseaddr }}-gateway spec: selector: - istio: ingressgateway # use Istio default gateway implementation + istio: ingress # use Istio default gateway implementation servers: - port: - number: 80 - name: http - protocol: HTTP + {{- include "istio.config.port" . }} hosts: - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} - {{ include "ingress.config.tls" (dict "dot" $dot "baseaddr" $baseaddr) }} + {{- include "istio.config.tls" (dict "dot" $dot "service" . "baseaddr" $baseaddr) }} --- apiVersion: networking.istio.io/v1beta1 kind: VirtualService diff --git a/kubernetes/common/network-name-gen/values.yaml b/kubernetes/common/network-name-gen/values.yaml index bfa5637275..dcf85fee39 100644 --- a/kubernetes/common/network-name-gen/values.yaml +++ b/kubernetes/common/network-name-gen/values.yaml @@ -89,7 +89,7 @@ config: polBasicAuthPassword: zb!XztG34 polUrl: https: https://policy-xacml-pdp:6969/policy/pdpx/v1/decision - http: http://policy-xacml-pdp:8080/policy/pdpx/v1/decision + http: http://policy-xacml-pdp:6969/policy/pdpx/v1/decision polEnv: TEST polReqId: xx disableHostVerification: true @@ -98,7 +98,7 @@ config: aaiAuth: QUFJOkFBSQ== aaiUri: https: https://aai:8443/aai/v14/ - http: http://aai:8080/aai/v14/ + http: http://aai:80/aai/v14/ # default number of instances replicaCount: 1 diff --git a/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml b/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml index 0198a7ddbd..83acd545c8 100644 --- a/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml @@ -1,6 +1,6 @@ # ================================ LICENSE_START ============================= # ============================================================================ -# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2021-2023 AT&T Intellectual Property. All rights reserved. # Copyright (c) 2022 J. F. Lucas. All rights reserved. # ============================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -57,7 +57,7 @@ tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 # Application Configuration Defaults. ################################################################# # Application Image -image: onap/org.onap.dcaegen2.services.heartbeat:2.5.0 +image: onap/org.onap.dcaegen2.services.heartbeat:2.6.0 pullPolicy: Always # Log directory where logging sidecar should look for log files diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml index 6e156023ee..2dfab060ff 100644 --- a/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml +++ b/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml @@ -22,6 +22,16 @@ global: # enable all component's Ingress interfaces enable_all: true # All http requests via ingress will be redirected + virtualhost: + # Default Ingress base URL + # can be overwritten in component by setting ingress.baseurlOverride + baseurl: "simpledemo.onap.org" + # prefix for baseaddr + # can be overwritten in component by setting ingress.preaddrOverride + preaddr: "" + # postfix for baseaddr + # can be overwritten in component by setting ingress.postaddrOverride + postaddr: "" config: ssl: "redirect" # you can set an own Secret containing a certificate diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 15097edcf2..fe14c032d6 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -150,11 +150,23 @@ global: enabled: false # enable all component's Ingress interfaces enable_all: false - # default Ingress base URL - # can be overwritten in component vy setting ingress.baseurlOverride + + # default Ingress base URL and preAddr- and postAddr settings + # Ingress URLs result: + # <preaddr><component.ingress.service.baseaddr><postaddr>.<baseurl> virtualhost: + # Default Ingress base URL + # can be overwritten in component by setting ingress.baseurlOverride baseurl: "simpledemo.onap.org" - # All http requests via ingress will be redirected on Ingress controller + # prefix for baseaddr + # can be overwritten in component by setting ingress.preaddrOverride + preaddr: "" + # postfix for baseaddr + # can be overwritten in component by setting ingress.postaddrOverride + postaddr: "" + + # All http (port 80) requests via ingress will be redirected + # to port 443 on Ingress controller # only valid for Istio Gateway (ServiceMesh enabled) config: ssl: "redirect" diff --git a/kubernetes/policy/resources/config/db.sh b/kubernetes/policy/resources/config/db.sh index 866d422c14..36574bc1ad 100755 --- a/kubernetes/policy/resources/config/db.sh +++ b/kubernetes/policy/resources/config/db.sh @@ -17,12 +17,12 @@ # limitations under the License. */}} -mysql() { /usr/bin/mysql -h ${MYSQL_HOST} -P ${MYSQL_USER} "$@"; }; +mysqlcmd() { mysql -h ${MYSQL_HOST} -P ${MYSQL_USER} "$@"; }; for db in migration pooling policyadmin policyclamp operationshistory clampacm do - mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};" - mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;" + mysqlcmd -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};" + mysqlcmd -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;" done mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "FLUSH PRIVILEGES;" diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml index 0df26568e5..eb5968a7ff 100755 --- a/kubernetes/policy/templates/job.yaml +++ b/kubernetes/policy/templates/job.yaml @@ -50,7 +50,7 @@ spec: fieldPath: metadata.namespace containers: - name: {{ include "common.name" . }}-galera-config - image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.mariadb.image }} + image: {{ include "repositoryGenerator.image.mariadb" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: /dbcmd-config/db.sh @@ -76,7 +76,7 @@ spec: {{ include "common.resources" . }} {{- if (include "common.onServiceMesh" .) }} - name: policy-service-mesh-wait-for-job-container - image: nexus3.onap.org:10001/onap/oom/readiness:4.1.0 + image: {{ include "repositoryGenerator.image.quitQuit" . }} imagePullPolicy: Always command: - /bin/sh @@ -125,7 +125,7 @@ spec: initContainers: {{ if .Values.global.postgres.localCluster }}{{ include "common.readinessCheck.waitFor" . | nindent 6 }}{{ end }} containers: - name: {{ include "common.name" . }}-pg-config - image: {{ .Values.repository }}/{{ .Values.postgresImage }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.postgresImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: /docker-entrypoint-initdb.d/db-pg.sh @@ -153,7 +153,7 @@ spec: {{ include "common.resources" . }} {{- if (include "common.onServiceMesh" .) }} - name: policy-service-mesh-wait-for-job-container - image: nexus3.onap.org:10001/onap/oom/readiness:4.1.0 + image: {{ include "repositoryGenerator.image.quitQuit" . }} imagePullPolicy: Always command: - /bin/sh @@ -246,7 +246,7 @@ spec: {{ include "common.resources" . }} {{- if (include "common.onServiceMesh" .) }} - name: policy-service-mesh-wait-for-job-container - image: nexus3.onap.org:10001/onap/oom/readiness:4.1.0 + image: {{ include "repositoryGenerator.image.quitQuit" . }} imagePullPolicy: Always command: - /bin/sh @@ -341,7 +341,7 @@ spec: {{ include "common.resources" . }} {{- if (include "common.onServiceMesh" .) }} - name: policy-service-mesh-wait-for-job-container - image: nexus3.onap.org:10001/onap/oom/readiness:4.1.0 + image: {{ include "repositoryGenerator.image.quitQuit" . }} imagePullPolicy: Always command: - /bin/sh diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index c9e236a65c..1ee31c2c7c 100755 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -168,12 +168,6 @@ policy-gui: # DB configuration defaults. ################################################################# -repository: nexus3.onap.org:10001 -pullPolicy: Always - -mariadb: - image: mariadb:10.5.8 - dbmigrator: image: onap/policy-db-migrator:2.5.1 schema: policyadmin |