diff options
24 files changed, 411 insertions, 296 deletions
diff --git a/kubernetes/sdc/Chart.yaml b/kubernetes/sdc/Chart.yaml index d2dc711b00..7ed46edfae 100644 --- a/kubernetes/sdc/Chart.yaml +++ b/kubernetes/sdc/Chart.yaml @@ -2,6 +2,7 @@ # Modifications Copyright © 2018 ZTE # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021 Nordix Foundation +# Modifications Copyright © 2025 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,7 +19,7 @@ apiVersion: v2 description: Service Design and Creation Umbrella Helm charts name: sdc -version: 13.0.5 +version: 13.0.6 dependencies: - name: common diff --git a/kubernetes/sdc/components/sdc-be/Chart.yaml b/kubernetes/sdc/components/sdc-be/Chart.yaml index 5c6c0af0c7..eec4106067 100644 --- a/kubernetes/sdc/components/sdc-be/Chart.yaml +++ b/kubernetes/sdc/components/sdc-be/Chart.yaml @@ -2,6 +2,7 @@ # Modifications Copyright © 2018 AT&T, ZTE # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021 Nordix Foundation +# Modifications Copyright © 2025 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,7 +19,7 @@ apiVersion: v2 description: ONAP Service Design and Creation Backend API name: sdc-be -version: 13.0.4 +version: 13.0.5 dependencies: - name: common @@ -29,4 +30,7 @@ dependencies: repository: '@local' - name: serviceAccount version: ~13.x-0 - repository: '@local'
\ No newline at end of file + repository: '@local' + - name: readinessCheck + version: ~13.x-0 + repository: '@local' diff --git a/kubernetes/sdc/components/sdc-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml index 7854175623..ad635a119d 100644 --- a/kubernetes/sdc/components/sdc-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml @@ -34,61 +34,33 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - - name: {{ include "common.name" . }}-readiness - command: - - /app/ready.py - args: - - --service-name - - sdc-onboarding-be - {{- if not .Values.global.kafka.useKafka }} - - --service-name - - message-router - {{- end }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" - - name: {{ include "common.name" . }}-job-completion - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}" - command: - - /app/ready.py - args: - - --job-name - - {{ include "common.release" . }}-sdc-onboarding-be - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" + {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_service) | nindent 8 }} + - name: {{ include "common.name" . }}-copy-jetty + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["/bin/sh","-c"] + args: ['cp -a /app/jetty/ /app/jetty_rw/; mkdir /app/jetty_rw/jetty/ruby_temp'] + resources: + limits: + cpu: 400m + memory: 400Mi + requests: + cpu: 30m + memory: 200Mi + {{ include "common.containerSecurityContext" . | indent 10 | trim }} + volumeMounts: + - name: {{ include "common.fullname" . }}-jetty + mountPath: /app/jetty_rw containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: {{ include "common.containerPorts" . | nindent 12 }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} {{ if eq .Values.liveness.enabled true }} livenessProbe: httpGet: - path: /sdc2/rest/healthCheck + path: {{ .Values.liveness.path }} port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} @@ -98,7 +70,7 @@ spec: {{ end }} readinessProbe: httpGet: - path: /sdc2/rest/healthCheck + path: {{ .Values.readiness.path }} port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} @@ -107,7 +79,7 @@ spec: failureThreshold: {{ .Values.readiness.failureThreshold }} startupProbe: httpGet: - path: /sdc2/rest/healthCheck + path: {{ .Values.startup.path }} port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }} periodSeconds: {{ .Values.startup.periodSeconds }} @@ -116,6 +88,8 @@ spec: failureThreshold: {{ .Values.startup.failureThreshold }} resources: {{ include "common.resources" . | nindent 12 }} env: + - name: TMPDIR + value: '/app/jetty/ruby_temp' - name: JAVA_OPTIONS value: {{ .Values.config.javaOptions }} - name: cassandra_ssl_enabled @@ -150,8 +124,13 @@ spec: value: {{ .Values.global.kafka.useKafka | quote }} {{- end }} volumeMounts: - - name: logs + - name: {{ include "common.fullname" . }}-jetty + mountPath: /app/jetty + subPath: jetty + - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap + - name: {{ include "common.fullname" . }}-tmp + mountPath: /tmp - name: logback mountPath: /tmp/logback.xml subPath: logback.xml @@ -190,13 +169,21 @@ spec: # side car containers {{ include "common.log.sidecar" . | nindent 8 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} + {{ include "common.podSecurityContext" . | indent 6 | trim }} volumes: {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: logback configMap: name : {{ include "common.fullname" . }}-logging-configmap - - name: logs - emptyDir: {} + - name: {{ include "common.fullname" . }}-logs + emptyDir: + sizeLimit: {{ .Values.volumes.logSizeLimit }} + - name: {{ include "common.fullname" . }}-tmp + emptyDir: + sizeLimit: {{ .Values.volumes.tmpSizeLimit }} + - name: {{ include "common.fullname" . }}-jetty + emptyDir: + sizeLimit: {{ .Values.volumes.jettySizeLimit }} - name: http-config configMap: name: {{ include "common.release" . }}-sdc-http-be-configmap diff --git a/kubernetes/sdc/components/sdc-be/templates/job.yaml b/kubernetes/sdc/components/sdc-be/templates/job.yaml index c9fb2e8337..c14de0b6e1 100644 --- a/kubernetes/sdc/components/sdc-be/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/job.yaml @@ -1,6 +1,7 @@ {{/* # Copyright © 2017 Amdocs, AT&T, Bell Canada # Modifications Copyright © 2018 ZTE +# Modifications Copyright © 2025 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -37,34 +38,15 @@ spec: app.kubernetes.io/managed-by: {{ .Release.Service }} spec: restartPolicy: Never + securityContext: + {{- toYaml .Values.jobPodSecurityContext | nindent 8 }} initContainers: - - name: {{ include "common.name" . }}-init-readiness - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /app/ready.py - args: - - --service-name - - sdc-be - - "-t" - - "35" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" + {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.job_wait_for) | nindent 8 }} containers: - name: {{ include "common.name" . }}-job image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.backendInitImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} command: - /bin/sh - -c @@ -75,9 +57,15 @@ spec: volumeMounts: - name: {{ include "common.fullname" . }}-environments mountPath: /home/onap/chef-solo/environments/ - - name: sdc-logs + - name: {{ include "common.fullname" . }}-logs mountPath: /home/onap/logs + - name: {{ include "common.fullname" . }}-tmp + mountPath: /tmp + - name: {{ include "common.fullname" . }}-var-tmp + mountPath: /var/tmp env: + - name: TMPDIR + value: '/home/onap/chef-solo/ruby_temp' - name: ENVNAME value: {{ .Values.env.name }} - name: HOST_IP @@ -107,12 +95,7 @@ spec: - name: BASIC_AUTH_PASS value: {{ .Values.basicAuth.userPass }} resources: - limits: - cpu: "800m" - memory: "1Gi" - requests: - cpu: "200m" - memory: "200Mi" + {{- toYaml .Values.resources_initContainer | nindent 12 }} {{ include "common.waitForJobContainer" . | indent 6 | trim }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: @@ -120,6 +103,13 @@ spec: configMap: name: {{ include "common.release" . }}-sdc-environments-configmap defaultMode: 0755 - - name: sdc-logs - emptyDir: {} + - name: {{ include "common.fullname" . }}-logs + emptyDir: + sizeLimit: {{ .Values.volumes.logSizeLimit }} + - name: {{ include "common.fullname" . }}-tmp + emptyDir: + sizeLimit: {{ .Values.volumes.tmpSizeLimit }} + - name: {{ include "common.fullname" . }}-var-tmp + emptyDir: + sizeLimit: {{ .Values.volumes.varTmpSizeLimit }} {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml index 637ef50e03..238613f043 100644 --- a/kubernetes/sdc/components/sdc-be/values.yaml +++ b/kubernetes/sdc/components/sdc-be/values.yaml @@ -1,6 +1,7 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T, ZTE # Modifications Copyright © 2022 Nordix Foundation +# Modifications Copyright © 2025 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -80,6 +81,7 @@ affinity: {} # probe configuration parameters liveness: + path: /sdc2/rest/healthCheck initialDelaySeconds: 1 periodSeconds: 10 timeoutSeconds: 180 @@ -90,6 +92,7 @@ liveness: enabled: true readiness: + path: /sdc2/rest/healthCheck initialDelaySeconds: 1 periodSeconds: 10 timeoutSeconds: 180 @@ -97,6 +100,7 @@ readiness: failureThreshold: 3 startup: + path: /sdc2/rest/healthCheck initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 180 @@ -112,19 +116,6 @@ service: port: 8080 port_protocol: http nodePort: '04' - annotations: - msb.onap.org/service-info: | - {{ if .Values.global.msbEnabled -}}[ - { - "serviceName": "sdc-be", - "version": "v1", - "url": "/sdc/v1", - "path":"/sdc/v1", - "protocol": "REST", - "visualRange":"1", - "port": "{{ .Values.service.internalPort }}", - } - ]{{ end }} ingress: enabled: false @@ -138,12 +129,7 @@ ingress: serviceMesh: authorizationPolicy: authorizedPrincipals: - - serviceAccount: consul-read - - serviceAccount: consul-server-read - - serviceAccount: modeling-etsicatalog-read - serviceAccount: nbi-read - - serviceAccount: oof-has-read - - serviceAccount: portal-db-read - serviceAccount: so-cnfm-lcm-read - serviceAccount: so-etsi-sol003-adapter-read - serviceAccount: so-read @@ -184,6 +170,15 @@ serviceAccount: roles: - read +readinessCheck: + wait_for_service: + name: "services" + services: + - sdc-onboarding-be + job_wait_for: + services: + - sdc-be + wait_for_job_container: containers: - '{{ include "common.name" . }}-job' @@ -193,11 +188,36 @@ log: path: /var/log/onap logConfigMapNamePrefix: '{{ include "common.fullname" . }}' +securityContext: + user_id: 1000 + group_id: 101 + +jobPodSecurityContext: + fsGroup: 101 + runAsGroup: 101 + runAsNonRoot: true + runAsUser: 101 + seccompProfile: + type: RuntimeDefault + +volumes: + logSizeLimit: 300Mi + jettySizeLimit: 400Mi + tmpSizeLimit: 500Mi + varTmpSizeLimit: 100Mi + +resources_initContainer: + limits: + cpu: "2000m" + memory: "2Gi" + requests: + cpu: "1000m" + memory: "600Mi" + ####### ####### pairEnvName: "" - cassandra: hostname: cassandra-dc1-service.onap port: 9042 diff --git a/kubernetes/sdc/components/sdc-cs/Chart.yaml b/kubernetes/sdc/components/sdc-cs/Chart.yaml index 2a79e80f7d..f04d09d8be 100644 --- a/kubernetes/sdc/components/sdc-cs/Chart.yaml +++ b/kubernetes/sdc/components/sdc-cs/Chart.yaml @@ -2,6 +2,7 @@ # Modifications Copyright © 2018 AT&T, ZTE # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021 Nordix Foundation +# Modifications Copyright © 2025 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,7 +19,7 @@ apiVersion: v2 description: ONAP Service Design and Creation Cassandra name: sdc-cs -version: 13.0.3 +version: 13.0.4 dependencies: - name: common @@ -37,3 +38,6 @@ dependencies: # be published independently to a repo (at this point) repository: '@local' condition: global.sdc_cassandra.localCluster + - name: readinessCheck + version: ~13.x-0 + repository: '@local' diff --git a/kubernetes/sdc/components/sdc-cs/templates/job.yaml b/kubernetes/sdc/components/sdc-cs/templates/job.yaml index 57e7cc7e3a..ed4fbe63a2 100644 --- a/kubernetes/sdc/components/sdc-cs/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-cs/templates/job.yaml @@ -1,6 +1,7 @@ {{/* # Copyright © 2017 Amdocs, AT&T, Bell Canada # Modifications Copyright © 2018 ZTE +# Modifications Copyright © 2025 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -35,30 +36,9 @@ spec: release: {{ include "common.release" . }} spec: restartPolicy: Never + {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: - - name: {{ include "common.name" . }}-init-readiness - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /app/ready.py - args: - - --service-name - - {{ .Values.global.sdc_cassandra.serviceName }} - - "-t" - - "15" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" + {{ include "common.readinessCheck.waitFor" . | nindent 8 }} containers: - name: {{ include "common.name" . }}-job image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.cassandraInitImage }} @@ -97,13 +77,28 @@ spec: valueFrom: fieldRef: fieldPath: status.podIP - resources: - limits: - cpu: "800m" - memory: "1Gi" - requests: - cpu: "200m" - memory: "300Mi" + {{ if eq .Values.liveness.enabled true }} + livenessProbe: + httpGet: + path: /healthz + port: {{ .Values.service.jobPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} + successThreshold: {{ .Values.liveness.successThreshold }} + failureThreshold: {{ .Values.liveness.failureThreshold }} + {{ end }} + readinessProbe: + httpGet: + path: /healthz + port: {{ .Values.service.jobPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} + successThreshold: {{ .Values.readiness.successThreshold }} + failureThreshold: {{ .Values.readiness.failureThreshold }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} + resources: {{ include "common.resources" . | nindent 12 }} {{ include "common.waitForJobContainer" . | indent 6 | trim }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: diff --git a/kubernetes/sdc/components/sdc-cs/values.yaml b/kubernetes/sdc/components/sdc-cs/values.yaml index 05f8b68abf..c4e6945a8b 100644 --- a/kubernetes/sdc/components/sdc-cs/values.yaml +++ b/kubernetes/sdc/components/sdc-cs/values.yaml @@ -166,7 +166,7 @@ service: portName: sdc-cs externalPort: 9042 internalPort: 9042 - + jobPort: 8080 ## Persist data to a persitent volume persistence: @@ -204,7 +204,44 @@ wait_for_job_container: containers: - '{{ include "common.name" . }}-job' +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + cpu: 1200m + memory: 2Gi + requests: + cpu: 300m + memory: 500Mi + large: + limits: + cpu: 1600m + memory: "2Gi" + requests: + cpu: 400m + memory: 600Mi + unlimited: {} + +securityContext: + user_id: 1000 + group_id: 1000 + volumes: importConfTmpSizeLimit: 100Mi writableScriptsSizeLimit: 1.2Gi cassandraConfigSizeLimit: 100Mi + +resources_initContainer: + limits: + cpu: "100m" + memory: "500Mi" + requests: + cpu: "3m" + memory: "20Mi" + +readinessCheck: + wait_for: + services: + - '{{ .Values.global.sdc_cassandra.serviceName }}' diff --git a/kubernetes/sdc/components/sdc-fe/Chart.yaml b/kubernetes/sdc/components/sdc-fe/Chart.yaml index b393ab4825..b7bb91e4b9 100644 --- a/kubernetes/sdc/components/sdc-fe/Chart.yaml +++ b/kubernetes/sdc/components/sdc-fe/Chart.yaml @@ -2,6 +2,7 @@ # Modifications Copyright © 2018 AT&T, ZTE # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021 Nordix Foundation +# Modifications Copyright © 2025 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,9 +22,15 @@ name: sdc-fe version: 13.0.4 dependencies: + - name: common + version: ~13.x-0 + repository: '@local' - name: repositoryGenerator version: ~13.x-0 repository: '@local' - name: serviceAccount version: ~13.x-0 repository: '@local' + - name: readinessCheck + version: ~13.x-0 + repository: '@local' diff --git a/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml index b03dd2eabe..7a15fffa17 100644 --- a/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml @@ -1,7 +1,7 @@ {{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T, ZTE -# Modifications Copyright © 2023 Deutsche Telekom +# Modifications Copyright © 2023,2025 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -35,29 +35,23 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - - name: {{ include "common.name" . }}-job-completion - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}" - command: - - /app/ready.py - args: - - --job-name - - {{ include "common.release" . }}-sdc-be - - "-t" - - "35" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" + {{ include "common.readinessCheck.waitFor" . | nindent 8 }} + - name: {{ include "common.name" . }}-copy-jetty + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["/bin/sh","-c"] + args: ['cp -a /app/jetty/ /app/jetty_rw/; mkdir /app/jetty_rw/jetty/ruby_temp'] + resources: + limits: + cpu: 400m + memory: 400Mi + requests: + cpu: 30m + memory: 200Mi + {{ include "common.containerSecurityContext" . | indent 10 | trim }} + volumeMounts: + - name: {{ include "common.fullname" . }}-jetty + mountPath: /app/jetty_rw containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} @@ -102,7 +96,10 @@ spec: successThreshold: {{ .Values.startup.successThreshold }} failureThreshold: {{ .Values.startup.failureThreshold }} resources: {{ include "common.resources" . | nindent 12 }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} env: + - name: TMPDIR + value: '/app/jetty/ruby_temp' - name: ENVNAME value: {{ .Values.env.name }} - name: HOST_IP @@ -112,8 +109,13 @@ spec: - name: JAVA_OPTIONS value: {{ .Values.config.javaOptions }} volumeMounts: - - name: logs + - name: {{ include "common.fullname" . }}-jetty + mountPath: /app/jetty + subPath: jetty + - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap + - name: {{ include "common.fullname" . }}-tmp + mountPath: /tmp - name: configs mountPath: /app/jetty/config/catalog-fe/plugins-configuration.yaml subPath: plugins-configuration.yaml @@ -156,9 +158,10 @@ spec: lifecycle: postStart: exec: - command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/app/jetty/config/catalog-fe/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"] + command: ["/bin/sh", "-c", "export LOG=/tmp/wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/app/jetty/config/catalog-fe/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"] # side car containers {{ include "common.log.sidecar" . | nindent 8 }} + {{ include "common.podSecurityContext" . | indent 6 | trim }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 8 }} @@ -174,8 +177,15 @@ spec: configMap: name: {{ include "common.release" . }}-sdc-environments-configmap defaultMode: 0755 - - name: logs - emptyDir: {} + - name: {{ include "common.fullname" . }}-logs + emptyDir: + sizeLimit: {{ .Values.volumes.logSizeLimit }} + - name: {{ include "common.fullname" . }}-tmp + emptyDir: + sizeLimit: {{ .Values.volumes.tmpSizeLimit }} + - name: {{ include "common.fullname" . }}-jetty + emptyDir: + sizeLimit: {{ .Values.volumes.jettySizeLimit }} - name: {{ include "common.fullname" . }}-ready-probe-script configMap: name: {{ include "common.release" . }}-ready-probe-script diff --git a/kubernetes/sdc/components/sdc-fe/values.yaml b/kubernetes/sdc/components/sdc-fe/values.yaml index e9cac845b3..4c93bfd76a 100644 --- a/kubernetes/sdc/components/sdc-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-fe/values.yaml @@ -1,5 +1,6 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T, ZTE +# Modifications Copyright © 2025 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -86,18 +87,6 @@ service: - name: http port: 8181 nodePort: '07' - annotations: - msb.onap.org/service-info: | - {{ if .Values.global.msbEnabled -}}[ - { - "serviceName": "sdc-ui", - "version": "v1", - "url": "/sdc1", - "protocol": "UI", - "visualRange":"0|1", - "port": "{{ .Values.service.internalPort }}", - } - ]{{ end }} ingress: enabled: false @@ -111,8 +100,6 @@ ingress: serviceMesh: authorizationPolicy: authorizedPrincipals: - - serviceAccount: consul-read - - serviceAccount: consul-server-read - serviceAccount: istio-ingress namespace: istio-ingress @@ -142,11 +129,25 @@ serviceAccount: roles: - read +readinessCheck: + wait_for: + jobs: + - '{{ include "common.release" . }}-sdc-be' + #Log configuration log: path: /var/log/onap logConfigMapNamePrefix: '{{ include "common.fullname" . }}' +securityContext: + user_id: 1000 + group_id: 101 + +volumes: + logSizeLimit: 64Mi + jettySizeLimit: 400Mi + tmpSizeLimit: 500Mi + autoscaling: enabled: true minReplicas: 1 diff --git a/kubernetes/sdc/components/sdc-helm-validator/Chart.yaml b/kubernetes/sdc/components/sdc-helm-validator/Chart.yaml index d114dc892e..4efd7f6ba1 100644 --- a/kubernetes/sdc/components/sdc-helm-validator/Chart.yaml +++ b/kubernetes/sdc/components/sdc-helm-validator/Chart.yaml @@ -2,6 +2,7 @@ # Copyright (c) 2021 Nokia. All rights reserved. # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021 Nordix Foundation +# Modifications Copyright © 2025 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,12 +20,12 @@ apiVersion: v2 description: ONAP Service Design and Creation Helm Validator name: sdc-helm-validator -version: 13.0.0 +version: 13.0.1 dependencies: - - name: repositoryGenerator + - name: common version: ~13.x-0 repository: '@local' - - name: common + - name: repositoryGenerator version: ~13.x-0 repository: '@local' diff --git a/kubernetes/sdc/components/sdc-helm-validator/templates/deployment.yaml b/kubernetes/sdc/components/sdc-helm-validator/templates/deployment.yaml index f3572ca902..ef006d8071 100644 --- a/kubernetes/sdc/components/sdc-helm-validator/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-helm-validator/templates/deployment.yaml @@ -1,6 +1,7 @@ {{/* # ===========LICENSE_START======================================================== # Copyright (c) 2021 Nokia. All rights reserved. +# Modifications Copyright © 2025 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -25,12 +26,14 @@ spec: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: + {{ include "common.podSecurityContext" . | indent 6 | trim }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} resources: {{ include "common.resources" . | nindent 12 }} ports: {{ include "common.containerPorts" . | nindent 12 }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} env: - name: LOG_LEVEL value: {{ .Values.config.loggingLevel }} @@ -42,6 +45,14 @@ spec: periodSeconds: {{ .Values.liveness.periodSeconds }} successThreshold: {{ .Values.liveness.successThreshold }} failureThreshold: {{ .Values.liveness.failureThreshold }} + readinessProbe: + httpGet: + path: {{ .Values.readiness.path }} + port: {{ .Values.readiness.port }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + successThreshold: {{ .Values.readiness.successThreshold }} + failureThreshold: {{ .Values.readiness.failureThreshold }} startupProbe: httpGet: path: {{ .Values.startup.path }} @@ -50,4 +61,11 @@ spec: periodSeconds: {{ .Values.startup.periodSeconds }} successThreshold: {{ .Values.startup.successThreshold }} failureThreshold: {{ .Values.startup.failureThreshold }} + volumeMounts: + - mountPath: /tmp + name: tmp + volumes: + - name: tmp + emptyDir: + sizeLimit: {{ .Values.volumes.tmpSizeLimit }} {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/sdc/components/sdc-helm-validator/values.yaml b/kubernetes/sdc/components/sdc-helm-validator/values.yaml index ec947dc2d5..7d3883cd91 100644 --- a/kubernetes/sdc/components/sdc-helm-validator/values.yaml +++ b/kubernetes/sdc/components/sdc-helm-validator/values.yaml @@ -1,5 +1,6 @@ # ===========LICENSE_START======================================================== # Copyright (c) 2021 Nokia. All rights reserved. +# Modifications Copyright © 2025 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -46,6 +47,15 @@ liveness: # in debugger so K8s doesn't restart unresponsive container enabled: true +readiness: + port: *port + path: /actuator/health + initialDelaySeconds: 1 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + startup: initialDelaySeconds: 10 periodSeconds: 10 @@ -71,3 +81,10 @@ resources: cpu: "1" memory: "1Gi" unlimited: {} + +securityContext: + user_id: 1000 + group_id: 65533 + +volumes: + tmpSizeLimit: 200Mi diff --git a/kubernetes/sdc/components/sdc-onboarding-be/Chart.yaml b/kubernetes/sdc/components/sdc-onboarding-be/Chart.yaml index 30cced108c..10c8b1174f 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/Chart.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/Chart.yaml @@ -2,6 +2,7 @@ # Modifications Copyright © 2018 AT&T, ZTE # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021 Nordix Foundation +# Modifications Copyright © 2025 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,12 +19,18 @@ apiVersion: v2 description: ONAP Service Design and Creation Onboarding API name: sdc-onboarding-be -version: 13.0.4 +version: 13.0.5 dependencies: + - name: common + version: ~13.x-0 + repository: '@local' - name: repositoryGenerator version: ~13.x-0 repository: '@local' - name: serviceAccount version: ~13.x-0 repository: '@local' + - name: readinessCheck + version: ~13.x-0 + repository: '@local' diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml index 744869736c..90664a82b6 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml @@ -35,27 +35,23 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - - name: {{ include "common.name" . }}-job-completion - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}" - command: - - /app/ready.py - args: - - --job-name - - {{ include "common.release" . }}-sdc-onboarding-be - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" + {{ include "common.readinessCheck.waitFor" . | nindent 8 }} + - name: {{ include "common.name" . }}-copy-jetty + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["/bin/sh","-c"] + args: ['cp -a /app/jetty/ /app/jetty_rw/; mkdir /app/jetty_rw/jetty/ruby_temp'] + resources: + limits: + cpu: 400m + memory: 400Mi + requests: + cpu: 30m + memory: 200Mi + {{ include "common.containerSecurityContext" . | indent 10 | trim }} + volumeMounts: + - name: {{ include "common.fullname" . }}-jetty + mountPath: /app/jetty_rw containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} @@ -64,7 +60,7 @@ spec: {{ if eq .Values.liveness.enabled true }} livenessProbe: httpGet: - path: /onboarding-api/v1.0/healthcheck + path: {{ .Values.liveness.path }} port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} @@ -74,7 +70,7 @@ spec: {{ end }} readinessProbe: httpGet: - path: /onboarding-api/v1.0/healthcheck + path: {{ .Values.readiness.path }} port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} @@ -83,15 +79,18 @@ spec: failureThreshold: {{ .Values.readiness.failureThreshold }} startupProbe: httpGet: - path: /onboarding-api/v1.0/healthcheck + path: {{ .Values.startup.path }} port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }} periodSeconds: {{ .Values.startup.periodSeconds }} timeoutSeconds: {{ .Values.startup.timeoutSeconds }} successThreshold: {{ .Values.startup.successThreshold }} failureThreshold: {{ .Values.startup.failureThreshold }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} resources: {{ include "common.resources" . | nindent 12 }} env: + - name: TMPDIR + value: '/app/jetty/ruby_temp' - name: ENVNAME value: {{ .Values.env.name }} - name: JAVA_OPTIONS @@ -113,8 +112,13 @@ spec: - name: SDC_CERT_DIR value: "" volumeMounts: - - name: logs + - name: {{ include "common.fullname" . }}-jetty + mountPath: /app/jetty + subPath: jetty + - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap + - name: {{ include "common.fullname" . }}-tmp + mountPath: /tmp - name: logback mountPath: /tmp/logback.xml subPath: logback.xml @@ -148,10 +152,11 @@ spec: lifecycle: postStart: exec: - command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/app/jetty/config/onboarding-be/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"] + command: ["/bin/sh", "-c", "export LOG=/tmp/wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/app/jetty/config/onboarding-be/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"] # side car containers {{ include "common.log.sidecar" . | nindent 8 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} + {{ include "common.podSecurityContext" . | indent 6 | trim }} volumes: {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: logback @@ -177,7 +182,14 @@ spec: configMap: name: {{ include "common.release" . }}-sdc-ready-probe-configmap defaultMode: 0755 - - name: logs - emptyDir: {} + - name: {{ include "common.fullname" . }}-logs + emptyDir: + sizeLimit: {{ .Values.volumes.logSizeLimit }} + - name: {{ include "common.fullname" . }}-tmp + emptyDir: + sizeLimit: {{ .Values.volumes.tmpSizeLimit }} + - name: {{ include "common.fullname" . }}-jetty + emptyDir: + sizeLimit: {{ .Values.volumes.jettySizeLimit }} {{- include "common.imagePullSecrets" . | nindent 6 }} diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml index 6a6a9781d1..7ff54e87dc 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml @@ -1,6 +1,7 @@ {{/* # Copyright © 2017 Amdocs, AT&T, Bell Canada # Modifications Copyright © 2018 ZTE +# Modifications Copyright © 2025 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -35,30 +36,10 @@ spec: release: {{ include "common.release" . }} spec: restartPolicy: Never + securityContext: + {{- toYaml .Values.jobPodSecurityContext | nindent 8 }} initContainers: - - name: {{ include "common.name" . }}-job-completion - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}" - command: - - /app/ready.py - args: - - --job-name - - {{ include "common.release" . }}-sdc-cs - - "-t" - - "20" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" + {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.job_wait_for) | nindent 8 }} containers: - name: {{ include "common.name" . }}-job image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.onboardingInitImage }} @@ -100,6 +81,27 @@ spec: requests: cpu: "200m" memory: "200Mi" + {{ if eq .Values.liveness.enabled true }} + livenessProbe: + httpGet: + path: /healthz + port: {{ .Values.service.jobPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} + successThreshold: {{ .Values.liveness.successThreshold }} + failureThreshold: {{ .Values.liveness.failureThreshold }} + {{ end }} + readinessProbe: + httpGet: + path: /healthz + port: {{ .Values.service.jobPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} + successThreshold: {{ .Values.readiness.successThreshold }} + failureThreshold: {{ .Values.readiness.failureThreshold }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} {{ include "common.waitForJobContainer" . | indent 6 | trim }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: diff --git a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml index 566267aa9d..8008c4a53a 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml @@ -1,5 +1,6 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T, ZTE +# Modifications Copyright © 2025 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -59,6 +60,7 @@ affinity: {} # probe configuration parameters liveness: + path: /onboarding-api/v1.0/healthcheck initialDelaySeconds: 1 periodSeconds: 10 timeoutSeconds: 15 @@ -69,6 +71,7 @@ liveness: enabled: true readiness: + path: /onboarding-api/v1.0/healthcheck initialDelaySeconds: 1 periodSeconds: 10 timeoutSeconds: 15 @@ -76,6 +79,7 @@ readiness: failureThreshold: 3 startup: + path: /onboarding-api/v1.0/healthcheck initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 15 @@ -86,6 +90,7 @@ service: type: ClusterIP name: sdc-onboarding-be internalPort: 8081 + jobPort: 8080 ports: - name: http port: 8081 @@ -118,10 +123,6 @@ persistence: mountPath: /dockerdata-nfs mountSubPath: /sdc/sdc-cs/CS -securityContext: - fsGroup: 35953 - runAsUser: 352070 - ingress: enabled: false @@ -155,11 +156,44 @@ wait_for_job_container: containers: - '{{ include "common.name" . }}-job' +readinessCheck: + wait_for: + jobs: + - '{{ include "common.release" . }}-sdc-onboarding-be' + job_wait_for: + jobs: + - '{{ include "common.release" . }}-sdc-cs' + #Log configuration log: path: /var/log/onap logConfigMapNamePrefix: '{{ include "common.fullname" . }}' +securityContext: + user_id: 1000 + group_id: 101 + +volumes: + logSizeLimit: 300Mi + jettySizeLimit: 400Mi + tmpSizeLimit: 500Mi + +resources_initContainer: + limits: + cpu: "100m" + memory: "500Mi" + requests: + cpu: "3m" + memory: "20Mi" + +jobPodSecurityContext: + fsGroup: 1000 + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + ################################################################# # Settings from Default.rb ################################################################# diff --git a/kubernetes/sdc/components/sdc-wfd-be/Chart.yaml b/kubernetes/sdc/components/sdc-wfd-be/Chart.yaml index 725104fc63..7b0dfc4091 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/Chart.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/Chart.yaml @@ -1,6 +1,7 @@ # Copyright © 2018 Amdocs, Bell Canada # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021 Nordix Foundation +# Modifications Copyright © 2025 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,7 +18,7 @@ apiVersion: v2 description: ONAP Service Design and Creation Workflow Designer backend name: sdc-wfd-be -version: 13.0.2 +version: 13.0.3 dependencies: - name: repositoryGenerator @@ -26,3 +27,6 @@ dependencies: - name: serviceAccount version: ~13.x-0 repository: '@local' + - name: readinessCheck + version: ~13.x-0 + repository: '@local' diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml index cbbfe21a6d..9830cbb706 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml @@ -1,7 +1,7 @@ {{/* # Copyright © 2017 Amdocs, AT&T, Bell Canada # Modifications Copyright © 2018 ZTE -# Modifications Copyright © 2023 Deutsche Telekom +# Modifications Copyright © 2023,2025 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -36,27 +36,7 @@ spec: spec: initContainers: {{- if .Values.initJob.enabled }} - - name: {{ include "common.name" . }}-job-completion - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}" - command: - - /app/ready.py - args: - - --job-name - - {{ include "common.fullname" . }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" + {{ include "common.readinessCheck.waitFor" . | nindent 8 }} {{ end }} containers: - name: {{ include "common.name" . }} diff --git a/kubernetes/sdc/components/sdc-wfd-be/values.yaml b/kubernetes/sdc/components/sdc-wfd-be/values.yaml index 6097d0bb3f..83ca8d2a90 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/values.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/values.yaml @@ -1,5 +1,6 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T, ZTE +# Modifications Copyright © 2025 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -154,6 +155,11 @@ wait_for_job_container: containers: - '{{ include "common.name" . }}-job' +readinessCheck: + wait_for: + jobs: + - '{{ include "common.fullname" . }}' + autoscaling: enabled: false minReplicas: 1 diff --git a/kubernetes/sdc/components/sdc-wfd-fe/Chart.yaml b/kubernetes/sdc/components/sdc-wfd-fe/Chart.yaml index 6aeee841e1..421443ce0a 100644 --- a/kubernetes/sdc/components/sdc-wfd-fe/Chart.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/Chart.yaml @@ -1,6 +1,7 @@ # Copyright © 2018 Amdocs, Bell Canada # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021 Nordix Foundation +# Modifications Copyright © 2025 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,7 +18,7 @@ apiVersion: v2 description: ONAP Service Design and Creation Workflow Designer frontend name: sdc-wfd-fe -version: 13.0.1 +version: 13.0.2 dependencies: - name: repositoryGenerator @@ -26,3 +27,6 @@ dependencies: - name: serviceAccount version: ~13.x-0 repository: '@local' + - name: readinessCheck + version: ~13.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml index fcf1398d02..54a99e4e1f 100644 --- a/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml @@ -33,27 +33,7 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - - name: {{ include "common.name" . }}-readiness - command: - - /app/ready.py - args: - - --service-name - - sdc-wfd-be - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" + {{ include "common.readinessCheck.waitFor" . | nindent 8 }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} diff --git a/kubernetes/sdc/components/sdc-wfd-fe/values.yaml b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml index e82e1d9a9b..6d66f32381 100644 --- a/kubernetes/sdc/components/sdc-wfd-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 Amdocs, Bell Canada +# Modifications Copyright © 2025 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -81,18 +82,6 @@ service: port: 8080 port_protocol: http nodePort: '56' - annotations: - msb.onap.org/service-info: | - {{ if .Values.global.msbEnabled -}}[ - { - "serviceName": "wf-gui", - "version": "v1", - "url": "/", - "protocol": "UI", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"0|1" - } - ]{{ end }} ingress: enabled: false @@ -139,6 +128,11 @@ log: path: /var/log/onap logConfigMapNamePrefix: '{{ include "common.fullname" . }}' +readinessCheck: + wait_for: + services: + - sdc-wfd-be + autoscaling: enabled: false minReplicas: 1 |