diff options
27 files changed, 254 insertions, 198 deletions
diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties index 7254d6d64f..50c320ab30 100644 --- a/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties +++ b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties @@ -47,7 +47,6 @@ server.tomcat.max-idle-time=60000 # If you get an application startup failure that the port is already taken # If thats not it, please check if the key-store file path makes sense server.local.startpath=/opt/app/aai-graphadmin/resources/ -server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties server.port=8449 diff --git a/kubernetes/aai/components/aai-graphadmin/templates/_helpers.tpl b/kubernetes/aai/components/aai-graphadmin/templates/_helpers.tpl new file mode 100644 index 0000000000..a6c414517b --- /dev/null +++ b/kubernetes/aai/components/aai-graphadmin/templates/_helpers.tpl @@ -0,0 +1,42 @@ +{{- define "aai.waitForSchemaCreation" -}} +- name: wait-for-schema-creation + image: "{{ include "repositoryGenerator.image.curl" . }}" + imagePullPolicy: IfNotPresent + command: ["/bin/sh", "-c"] + args: + - | + URL="{{ required "URL is required" (.Values.schemaInitCheckURL | default "http://aai-graphadmin:8449/isSchemaInitialized") }}" + AUTH="{{ printf "%s:%s" (index .Values.global.config.basic.auth.users 0).username (index .Values.global.config.basic.auth.users 0).password }}" + while true; do + RESPONSE=$(curl -u $AUTH -s $URL) + if [ "$RESPONSE" = "true" ]; then + echo "Request successful. Schema is initialized." + exit 0 + else + echo "Request unsuccessful. Schema is not yet initialized. Retrying in 3 seconds..." + sleep 3 + fi + done + {{ include "common.containerSecurityContext" . | indent 2 | trim }} +{{- end -}} + +{{- define "aai.waitForSchemaService" -}} +- name: wait-for-schema-service + image: "{{ include "repositoryGenerator.image.curl" . }}" + imagePullPolicy: IfNotPresent + command: ["/bin/sh", "-c"] + args: + - | + URL="{{ required "URL is required" (.Values.schemaInitCheckURL | default "http://aai-schema-service:8452/aai/schema-service/util/echo") }}" + AUTH="{{ printf "%s:%s" (index .Values.global.config.basic.auth.users 0).username (index .Values.global.config.basic.auth.users 0).password }}" + while true; do + if curl --fail --header 'X-FromAppId: graphadmin' --header 'X-TransactionId: someTransaction' -u $AUTH -s $URL; then + echo "Request successful. Schema-service is available" + exit 0 + else + echo "Request unsuccessful. Schema-service is not available yet. Retrying in 3 seconds..." + sleep 3 + fi + done + {{ include "common.containerSecurityContext" . | indent 2 | trim }} +{{- end -}} diff --git a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml index 31566fc939..92fea15055 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml @@ -47,7 +47,64 @@ spec: terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }} {{- if .Values.global.initContainers.enabled }} initContainers: - {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.waitForWithCreateSchemaDisabled ) | indent 6 | trim }} + {{- if not .Values.createDbSchemaViaJob.enabled }} + {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.waitForCassandraService ) | indent 8 | trim }} + - name: {{ include "common.name" . }}-create-db-schema + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | nindent 10 | trim }} + command: + - sh + args: + - -c + - | + {{- if include "common.onServiceMesh" . }} + echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }} + sh docker-entrypoint.sh createDBSchema.sh; + {{ include "common.serviceMesh.killSidecar" . | indent 11 | trim }} + env: + {{- if .Values.config.debug.enabled }} + - name: JVM_OPTS + value: {{ .Values.config.debug.args | quote }} + {{- end }} + {{- if .Values.config.env }} + {{- range $key,$value := .Values.config.env }} + - name: {{ $key | upper | quote}} + value: {{ $value | quote}} + {{- end }} + {{- end }} + - name: BOOTSTRAP_SERVERS + value: {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + - name: JAAS_CONFIG + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-{{ .Values.global.aaiGraphKafkaUser }} + key: sasl.jaas.config + {{- if .Values.config.debug.enabled }} + ports: + - containerPort: {{ .Values.service.debugPort }} + name: {{ .Values.service.debugPortName }} + {{- end }} + volumeMounts: + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties + name: config + subPath: janusgraph-realtime.properties + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties + name: properties + subPath: aaiconfig.properties + - mountPath: /opt/aai/logroot/AAI-GA + name: logs + - mountPath: /opt/app/aai-graphadmin/resources/logback.xml + name: config + subPath: logback.xml + - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml + name: config + subPath: localhost-access-logback.xml + - mountPath: /opt/app/aai-graphadmin/resources/application.properties + name: properties + subPath: application.properties + resources: {{ include "common.resources" . | nindent 12 }} + {{- end }} {{- end }} {{ include "common.podSecurityContext" . | indent 6 | trim }} containers: diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml index 6c57680724..fc35966f79 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml @@ -34,6 +34,8 @@ # then it is your job to ensure that there are no connections to the database */}} +{{/* the new default is schema creation via graphadmin init container. This will be removed in the future. */}} +{{- if .Values.createDbSchemaViaJob.enabled }} {{- if and ( not .Values.global.jobs.migration.enabled ) ( .Values.global.jobs.createSchema.enabled ) }} apiVersion: batch/v1 kind: Job @@ -51,8 +53,6 @@ spec: labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "job") | nindent 8 }} name: {{ include "common.name" . }} spec: - initContainers: - {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.waitForWithCreateSchemaDisabled) | indent 6 | trim }} {{ include "common.podSecurityContext" . | indent 6 | trim }} containers: - name: {{ include "common.name" . }}-job @@ -129,3 +129,4 @@ spec: restartPolicy: Never {{- include "common.imagePullSecrets" . | nindent 6 }} {{- end }} +{{- end }} diff --git a/kubernetes/aai/components/aai-graphadmin/values.yaml b/kubernetes/aai/components/aai-graphadmin/values.yaml index 4b9067d80d..ca8cc5829c 100644 --- a/kubernetes/aai/components/aai-graphadmin/values.yaml +++ b/kubernetes/aai/components/aai-graphadmin/values.yaml @@ -84,11 +84,11 @@ global: # global defaults version: # Current version of the REST API api: - default: v29 + default: v30 # Specifies which version the depth parameter is configurable depth: v11 # List of all the supported versions of the API - list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29 + list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29,v30 # Specifies from which version related link should appear related: link: v11 @@ -226,19 +226,14 @@ actuator: echo: enabled: true +## Can be used to restore the old behaviour of having a separate job for schema creation +createDbSchemaViaJob: + enabled: false + readinessCheck: - waitForWithCreateSchemaEnabled: + waitForSchemaCreationJob: jobs: - '{{ include "common.release" . }}-aai-graphadmin-create-db-schema' - waitForWithCreateSchemaDisabled: - services: - - '{{ .Values.global.cassandra.serviceName }}' - - aai-schema-service - waitForCassandra: - containers: - - aai-schema-service - apps: - - cassandra waitForLocalCassandra: containers: - aai-schema-service diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties b/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties index 6392a8e0b0..4985a97dba 100644 --- a/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties +++ b/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties @@ -45,8 +45,8 @@ aai.global.callback.url=http://aai.{{ include "common.namespace" . }}/aai/ {{ if .Values.global.config.basic.auth.enabled }} aai.tools.enableBasicAuth=true -aai.tools.username={{ .Values.global.config.basic.auth.username }} -aai.tools.password={{ .Values.global.config.basic.auth.passwd }} +aai.tools.username={{ (index .Values.global.config.basic.auth.users 0).username }} +aai.tools.password={{ (index .Values.global.config.basic.auth.users 0).password }} {{ end }} aai.notification.current.version={{ .Values.global.config.schema.version.api.default }} diff --git a/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties b/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties deleted file mode 100644 index 738634d230..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties +++ /dev/null @@ -1,14 +0,0 @@ - -spring.autoconfigure.exclude=\ - org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,\ - org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration - -multi.tenancy.enabled={{ .Values.config.keycloak.multiTenancy.enabled }} -keycloak.auth-server-url=http://{{ .Values.config.keycloak.host }}:{{ .Values.config.keycloak.port }}/auth -keycloak.realm={{ .Values.config.keycloak.realm }} -keycloak.resource={{ .Values.config.keycloak.resource }} -keycloak.public-client=true -keycloak.principal-attribute=preferred_username - -keycloak.ssl-required=external -keycloak.bearer-only=true diff --git a/kubernetes/aai/components/aai-resources/resources/config/application.properties b/kubernetes/aai/components/aai-resources/resources/config/application.properties index 5a16ebe9ef..6c34705e8a 100644 --- a/kubernetes/aai/components/aai-resources/resources/config/application.properties +++ b/kubernetes/aai/components/aai-resources/resources/config/application.properties @@ -51,7 +51,6 @@ server.tomcat.max-idle-time=60000 # If you get an application startup failure that the port is already taken # If thats not it, please check if the key-store file path makes sense server.local.startpath=aai-resources/src/main/resources/ -server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties server.port=8447 @@ -121,3 +120,9 @@ scrape.uri.metrics=false # but doesn't show up in micrometer metrics aai.actuator.echo.enabled={{ .Values.actuator.echo.enabled }} aai.graph.properties.path=${server.local.startpath}/etc/appprops/janusgraph-realtime.properties + +aai.basic-auth.enabled={{ .Values.global.config.basic.auth.enabled }} +{{- range $index, $user := .Values.global.config.basic.auth.users }} +aai.basic-auth.users[{{ $index }}].username={{ $user.username }} +aai.basic-auth.users[{{ $index }}].password={{ $user.password }} +{{- end }} diff --git a/kubernetes/aai/components/aai-resources/resources/config/realm.properties b/kubernetes/aai/components/aai-resources/resources/config/realm.properties deleted file mode 100644 index f254d03631..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/config/realm.properties +++ /dev/null @@ -1,35 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# format : username: password[,rolename ...] -# default username/password: AAI/AAI, MSO/MSO, ModelLoader/ModelLoader... -*/ -}} -AAI:OBF:1gfr1ev31gg7,admin -MSO:OBF:1jzx1lz31k01,admin -SDNC:OBF:1itr1i0l1i151isv,admin -DCAE:OBF:1g8u1f9d1f991g8w,admin -POLICY:OBF:1mk61i171ima1im41i0j1mko,admin -ASDC:OBF:1f991j0u1j001f9d,admin -ModelLoader:OBF:1qvu1v2h1sov1sar1wfw1j7j1wg21saj1sov1v1x1qxw,admin -AaiUI:OBF:1gfr1p571unz1p4j1gg7,admin -OOF:OBF:1img1ke71ily,admin -aai@aai.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin -so@so.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin -sdnc@sdnc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin -dcae@dcae.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin -policy@policy.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin -sdc@sdc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin -oof@oof.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin -pomba@pomba.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin -vfc@vfc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin diff --git a/kubernetes/aai/components/aai-resources/templates/_helpers.tpl b/kubernetes/aai/components/aai-resources/templates/_helpers.tpl new file mode 100644 index 0000000000..003be58409 --- /dev/null +++ b/kubernetes/aai/components/aai-resources/templates/_helpers.tpl @@ -0,0 +1,21 @@ +{{- define "aai.waitForSchemaCreation" -}} +- name: wait-for-schema-creation + image: "{{ include "repositoryGenerator.image.curl" . }}" + imagePullPolicy: IfNotPresent + command: ["/bin/sh", "-c"] + args: + - | + URL="{{ required "URL is required" (.Values.schemaInitCheckURL | default "http://aai-graphadmin:8449/isSchemaInitialized") }}" + AUTH="{{ printf "%s:%s" (index .Values.global.config.basic.auth.users 0).username (index .Values.global.config.basic.auth.users 0).password }}" + while true; do + RESPONSE=$(curl -u $AUTH -s $URL) + if [ "$RESPONSE" = "true" ]; then + echo "Request successful. Schema is initialized." + exit 0 + else + echo "Request unsuccessful. Schema is not yet initialized. Retrying in 3 seconds..." + sleep 3 + fi + done + {{ include "common.containerSecurityContext" . | indent 2 | trim }} +{{- end -}} diff --git a/kubernetes/aai/components/aai-resources/templates/configmap.yaml b/kubernetes/aai/components/aai-resources/templates/configmap.yaml index acf30c831d..73723a1270 100644 --- a/kubernetes/aai/components/aai-resources/templates/configmap.yaml +++ b/kubernetes/aai/components/aai-resources/templates/configmap.yaml @@ -26,5 +26,3 @@ data: {{ tpl (.Files.Glob "resources/config/janusgraph-realtime.properties").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/aaiconfig.properties").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/application-keycloak.properties").AsConfig . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/realm.properties").AsConfig . | indent 2 }} diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml index 6b35a0f252..35378fd83c 100644 --- a/kubernetes/aai/components/aai-resources/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml @@ -49,9 +49,7 @@ spec: {{- if .Values.global.jobs.migration.enabled }} {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_migration) | nindent 8 }} {{- else if .Values.global.jobs.createSchema.enabled }} - {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_createSchema) | nindent 8 }} - {{- else }} - {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_cassandra) | nindent 8 }} + {{ include "aai.waitForSchemaCreation" . | nindent 6 }} {{- end }} containers: - name: {{ include "common.name" . }} @@ -98,15 +96,9 @@ spec: - mountPath: /opt/app/aai-resources/resources/logback.xml name: {{ include "common.fullname" . }}-config subPath: logback.xml - - mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties - name: {{ include "common.fullname" . }}-config - subPath: realm.properties - mountPath: /opt/app/aai-resources/resources/application.properties name: {{ include "common.fullname" . }}-config subPath: application.properties - - mountPath: /opt/app/aai-resources/resources/application-keycloak.properties - name: {{ include "common.fullname" . }}-config - subPath: application-keycloak.properties - mountPath: /tmp name: tmp ports: diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml index 9c7dea82ab..625267b318 100644 --- a/kubernetes/aai/components/aai-resources/values.yaml +++ b/kubernetes/aai/components/aai-resources/values.yaml @@ -47,8 +47,33 @@ global: # global defaults basic: auth: enabled: true - username: AAI - passwd: AAI + users: + - username: aai@aai.onap.org + password: demo123456! + - username: so@so.onap.org + password: demo123456! + - username: sdnc@sdnc.onap.org + password: demo123456! + - username: dcae@dcae.onap.org + password: demo123456! + - username: policy@policy.onap.org + password: demo123456! + - username: sdc@sdc.onap.org + password: demo123456! + - username: AAI + password: AAI + - username: DCAE + password: DCAE + - username: MSO + password: MSO + - username: POLICY + password: POLICY + - username: ASDC + password: ASDC + - username: ModelLoader + password: ModelLoader + - username: AaiUI + password: AaiUI # Active spring profiles for the resources microservice profiles: @@ -77,11 +102,11 @@ global: # global defaults version: # Current version of the REST API api: - default: v29 + default: v30 # Specifies which version the depth parameter is configurable depth: v11 # List of all the supported versions of the API - list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29 + list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29,v30 # Specifies from which version related link should appear related: link: v11 @@ -134,7 +159,7 @@ aai_enpoints: url: external-system # application image -image: onap/aai-resources:1.15.4 +image: onap/aai-resources:1.15.5 pullPolicy: Always restartPolicy: Always flavor: small @@ -155,19 +180,6 @@ updateStrategy: # Configuration for the resources deployment config: - # configure keycloak according to your environment. - # don't forget to add keycloak in active profiles above (global.config.profiles) - keycloak: - host: keycloak.your.domain - port: 8180 - # Specifies a set of users, credentials, roles, and groups - realm: aai-resources - # Used by any client application for enabling fine-grained authorization for their protected resources - resource: aai-resources-app - # If set to true, additional criteria will be added that match the data-owner property with the given role - # to the user in keycloak - multiTenancy: - enabled: true janusgraph: caching: # enable when running read-heavy workloads @@ -395,18 +407,6 @@ log: dbMetric: WARN logConfigMapNamePrefix: '{{ include "common.fullname" . }}' -# To make logback capping values configurable -logback: - logToFileEnabled: false - maxHistory: 7 - totalSizeCap: 1GB - queueSize: 1000 - -accessLogback: - livenessAccessLogEnabled: false # false: do not log kubernetes liveness probes - logToFileEnabled: false - maxHistory: 7 - totalSizeCap: 1GB ################################################################# # Secrets metaconfig ################################################################# diff --git a/kubernetes/aai/components/aai-schema-service/config/application.properties b/kubernetes/aai/components/aai-schema-service/config/application.properties index 5d55923021..fc7bd40892 100644 --- a/kubernetes/aai/components/aai-schema-service/config/application.properties +++ b/kubernetes/aai/components/aai-schema-service/config/application.properties @@ -23,8 +23,13 @@ info.build.version=1.1.0 spring.application.name=aai-schema-service spring.jersey.type=filter - spring.main.allow-bean-definition-overriding=true +spring.sleuth.enabled={{ .Values.tracing.enabled }} +spring.zipkin.baseUrl={{ .Values.tracing.collector.baseUrl }} +spring.sleuth.trace-id128=true +spring.sleuth.sampler.probability={{ .Values.tracing.sampling.probability }} +spring.sleuth.propagation.type=w3c, b3 +spring.sleuth.supports-join=false server.servlet.context-path=/ spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration diff --git a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml index 9fadcd7077..45130d0f54 100644 --- a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml @@ -130,9 +130,6 @@ spec: {{ include "common.log.sidecar" . | nindent 6 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - - name: aai-common-aai-auth-mount - secret: - secretName: aai-common-aai-auth - name: aai-schema-service emptyDir: sizeLimit: {{ .Values.volumes.aaiSizeLimit }} diff --git a/kubernetes/aai/components/aai-schema-service/values.yaml b/kubernetes/aai/components/aai-schema-service/values.yaml index 3763db940e..f1227835b6 100644 --- a/kubernetes/aai/components/aai-schema-service/values.yaml +++ b/kubernetes/aai/components/aai-schema-service/values.yaml @@ -41,11 +41,11 @@ global: # global defaults version: # Current version of the REST API api: - default: v29 + default: v30 # Specifies which version the depth parameter is configurable depth: v11 # List of all the supported versions of the API - list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29 + list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29,v30 # Specifies from which version related link should appear related: link: v11 @@ -60,7 +60,7 @@ global: # global defaults label: v12 # application image -image: onap/aai-schema-service:1.12.5 +image: onap/aai-schema-service:1.12.9 pullPolicy: Always restartPolicy: Always flavor: small @@ -85,7 +85,7 @@ profiling: - "-Djava.rmi.server.hostname=127.0.0.1" # number of ReplicaSets that should be retained for the Deployment -revisionHistoryLimit: 2 +revisionHistoryLimit: 1 updateStrategy: type: RollingUpdate @@ -98,11 +98,9 @@ affinity: {} # probe configuration parameters liveness: + enabled: true initialDelaySeconds: 60 periodSeconds: 60 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: false readiness: initialDelaySeconds: 60 @@ -177,6 +175,7 @@ log: path: /var/log/onap level: root: INFO + base: INFO # base package (org.onap.aai) logConfigMapNamePrefix: '{{ include "common.fullname" . }}' volumes: @@ -185,3 +184,10 @@ volumes: podAnnotations: checksum/config: '{{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}' + +tracing: + enabled: false + collector: + baseUrl: http://jaeger-collector.istio-system:9411 + sampling: + probability: 1.0 # percentage of requests that are sampled (between 0-1/0%-100%) diff --git a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml index ede5b60676..7248bb38f0 100644 --- a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml @@ -1,7 +1,7 @@ {{/* -# Copyright (c) 2017 Amdocs, Bell Canada -# Modifications Copyright (c) 2018 AT&T -# Modifications Copyright (c) 2020 Nokia +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2020 Nokia # Modifications Copyright © 2023 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -19,7 +19,7 @@ apiVersion: apps/v1 kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +metadata: {{- include "common.resourceMetadata" (dict "annotations" .Values.annotations "dot" .) | nindent 2 }} spec: selector: {{- include "common.selectors" . | nindent 4 }} {{- if .Values.debug.enabled }} @@ -116,7 +116,7 @@ spec: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} + {{- end }} readinessProbe: tcpSocket: port: {{ .Values.service.internalPort }} diff --git a/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties b/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties index c844b3d194..0c10b9462f 100644 --- a/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties +++ b/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties @@ -34,8 +34,8 @@ aai.global.callback.url=http://aai.{{ include "common.namespace" . }}/aai/ {{ if or (.Values.global.config.basic.auth.enabled) ( include "common.onServiceMesh" .) }} aai.tools.enableBasicAuth=true -aai.tools.username={{ .Values.global.config.basic.auth.username }} -aai.tools.password={{ .Values.global.config.basic.auth.passwd }} +aai.tools.username={{ (index .Values.global.config.basic.auth.users 0).username }} +aai.tools.password={{ (index .Values.global.config.basic.auth.users 0).password }} {{ end }} aai.notification.current.version={{ .Values.global.config.schema.version.api.default }} diff --git a/kubernetes/aai/components/aai-traversal/resources/config/application-keycloak.properties b/kubernetes/aai/components/aai-traversal/resources/config/application-keycloak.properties deleted file mode 100644 index dd1956b63f..0000000000 --- a/kubernetes/aai/components/aai-traversal/resources/config/application-keycloak.properties +++ /dev/null @@ -1,13 +0,0 @@ -spring.autoconfigure.exclude=\ - org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,\ - org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration - -multi.tenancy.enabled={{ .Values.config.keycloak.multiTenancy.enabled }} -keycloak.auth-server-url=http://{{ .Values.config.keycloak.host }}:{{ .Values.config.keycloak.port }}/auth -keycloak.realm={{ .Values.config.keycloak.realm }} -keycloak.resource={{ .Values.config.keycloak.resource }} -keycloak.public-client=false -keycloak.principal-attribute=preferred_username - -keycloak.ssl-required=external -keycloak.bearer-only=true diff --git a/kubernetes/aai/components/aai-traversal/resources/config/application.properties b/kubernetes/aai/components/aai-traversal/resources/config/application.properties index f0b6f7e767..f6fad88c19 100644 --- a/kubernetes/aai/components/aai-traversal/resources/config/application.properties +++ b/kubernetes/aai/components/aai-traversal/resources/config/application.properties @@ -28,7 +28,7 @@ spring.jersey.type=filter spring.main.allow-bean-definition-overriding=true server.servlet.context-path=${schema.uri.base.path} -spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,org.keycloak.adapters.springboot.KeycloakAutoConfiguration,org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration,org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration +spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration,org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration spring.profiles.active={{ .Values.global.config.profiles.active }} spring.jersey.application-path=/ @@ -52,7 +52,6 @@ server.tomcat.max-idle-time=60000 # If you get an application startup failure that the port is already taken # If thats not it, please check if the key-store file path makes sense server.local.startpath=aai-traversal/src/main/resources/ -server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties server.port=8446 @@ -126,3 +125,9 @@ scrape.uri.metrics=false # but doesn't show up in micrometer metrics aai.actuator.echo.enabled={{ .Values.actuator.echo.enabled }} aai.graph.properties.path=${server.local.startpath}/etc/appprops/janusgraph-realtime.properties + +aai.basic-auth.enabled={{ .Values.global.config.basic.auth.enabled }} +{{- range $index, $user := .Values.global.config.basic.auth.users }} +aai.basic-auth.users[{{ $index }}].username={{ $user.username }} +aai.basic-auth.users[{{ $index }}].password={{ $user.password }} +{{- end }} diff --git a/kubernetes/aai/components/aai-traversal/templates/_helpers.tpl b/kubernetes/aai/components/aai-traversal/templates/_helpers.tpl new file mode 100644 index 0000000000..003be58409 --- /dev/null +++ b/kubernetes/aai/components/aai-traversal/templates/_helpers.tpl @@ -0,0 +1,21 @@ +{{- define "aai.waitForSchemaCreation" -}} +- name: wait-for-schema-creation + image: "{{ include "repositoryGenerator.image.curl" . }}" + imagePullPolicy: IfNotPresent + command: ["/bin/sh", "-c"] + args: + - | + URL="{{ required "URL is required" (.Values.schemaInitCheckURL | default "http://aai-graphadmin:8449/isSchemaInitialized") }}" + AUTH="{{ printf "%s:%s" (index .Values.global.config.basic.auth.users 0).username (index .Values.global.config.basic.auth.users 0).password }}" + while true; do + RESPONSE=$(curl -u $AUTH -s $URL) + if [ "$RESPONSE" = "true" ]; then + echo "Request successful. Schema is initialized." + exit 0 + else + echo "Request unsuccessful. Schema is not yet initialized. Retrying in 3 seconds..." + sleep 3 + fi + done + {{ include "common.containerSecurityContext" . | indent 2 | trim }} +{{- end -}} diff --git a/kubernetes/aai/components/aai-traversal/templates/configmap.yaml b/kubernetes/aai/components/aai-traversal/templates/configmap.yaml index d3ccd84f24..5db7fb117c 100644 --- a/kubernetes/aai/components/aai-traversal/templates/configmap.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/configmap.yaml @@ -24,5 +24,3 @@ data: {{ tpl (.Files.Glob "resources/config/janusgraph-realtime.properties").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/aaiconfig.properties").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/application-keycloak.properties").AsConfig . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/realm.properties").AsConfig . | indent 2 }} diff --git a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml index 96d3a7b32a..36e1cbea78 100644 --- a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml @@ -48,7 +48,7 @@ spec: {{- if .Values.global.jobs.migration.enabled }} {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_migration) | nindent 8 }} {{- else if .Values.global.jobs.createSchema.enabled }} - {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_createSchema) | nindent 8 }} + {{ include "aai.waitForSchemaCreation" . | nindent 6 }} {{- else }} {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_cassandra) | nindent 8 }} {{- end }} @@ -109,15 +109,9 @@ spec: - mountPath: /opt/app/aai-traversal/resources/logback.xml name: {{ include "common.fullname" . }}-config subPath: logback.xml - - mountPath: /opt/app/aai-traversal/resources/etc/auth/realm.properties - name: {{ include "common.fullname" . }}-config - subPath: realm.properties - mountPath: /opt/app/aai-traversal/resources/application.properties name: {{ include "common.fullname" . }}-config subPath: application.properties - - mountPath: /opt/app/aai-traversal/resources/application-keycloak.properties - name: {{ include "common.fullname" . }}-config - subPath: application-keycloak.properties - mountPath: /tmp name: tmp ports: diff --git a/kubernetes/aai/components/aai-traversal/templates/job.yaml b/kubernetes/aai/components/aai-traversal/templates/job.yaml index 546b508166..2e51fd0a81 100644 --- a/kubernetes/aai/components/aai-traversal/templates/job.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/job.yaml @@ -38,7 +38,7 @@ spec: spec: {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: - {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_service) | nindent 6 }} + {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_traversal) | nindent 6 }} - name: {{ include "common.name" . }}-wait-for-aai-haproxy image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml index 3bd5b8caa5..81f8e668c1 100644 --- a/kubernetes/aai/components/aai-traversal/values.yaml +++ b/kubernetes/aai/components/aai-traversal/values.yaml @@ -56,8 +56,23 @@ global: # global defaults basic: auth: enabled: true - username: AAI - passwd: AAI + users: + - username: aai@aai.onap.org + password: demo123456! + - username: AAI + password: AAI + - username: DCAE + password: DCAE + - username: MSO + password: MSO + - username: POLICY + password: POLICY + - username: ASDC + password: ASDC + - username: ModelLoader + password: ModelLoader + - username: AaiUI + password: AaiUI # Active spring profiles for the resources microservice profiles: @@ -86,11 +101,11 @@ global: # global defaults version: # Current version of the REST API api: - default: v29 + default: v30 # Specifies which version the depth parameter is configurable depth: v11 # List of all the supported versions of the API - list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29 + list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29,v30 # Specifies from which version related link should appear related: link: v11 @@ -111,7 +126,7 @@ global: # global defaults someConfig: random # application image -image: onap/aai-traversal:1.15.4 +image: onap/aai-traversal:1.15.5 pullPolicy: Always restartPolicy: Always flavor: small @@ -155,20 +170,6 @@ aai_enpoints: # application configuration config: - - # configure keycloak according to your environment. - # don't forget to add keycloak in active profiles above (global.config.profiles) - keycloak: - host: keycloak.your.domain - port: 8180 - # Specifies a set of users, credentials, roles, and groups - realm: aai-traversal - # Used by any client application for enabling fine-grained authorization for their protected resources - resource: aai-traversal-app - # If set to true, additional criteria will be added into traversal query to returns all the vertices that match - # the data-owner property with the given role to the user in keycloak - multiTenancy: - enabled: true janusgraph: caching: # enable when running read-heavy workloads @@ -443,9 +444,9 @@ readinessCheck: services: - '{{ .Values.global.cassandra.serviceName }}' - aai-schema-service - wait_for_service: + wait_for_traversal: services: - - aai + - aai-traversal jobAnnotations: "helm.sh/hook": pre-upgrade,pre-rollback,post-install diff --git a/kubernetes/aai/templates/deployment.yaml b/kubernetes/aai/templates/deployment.yaml index a743592036..160d8cf823 100644 --- a/kubernetes/aai/templates/deployment.yaml +++ b/kubernetes/aai/templates/deployment.yaml @@ -18,7 +18,7 @@ apiVersion: apps/v1 kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +metadata: {{- include "common.resourceMetadata" (dict "annotations" .Values.annotations "dot" .) | nindent 2 }} spec: selector: matchLabels: @@ -38,7 +38,6 @@ spec: terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }} {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: - {{ include "common.readinessCheck.waitFor" . | indent 6 | trim}} - command: ["/bin/sh","-c"] args: ['cp -R /usr/local/etc/haproxy /usr/local/etc/haproxy_rw/'] image: '{{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}' @@ -94,21 +93,8 @@ spec: readinessProbe: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - httpGet: - path: /aai/util/echo + tcpSocket: port: {{ .Values.service.internalPort }} - scheme: HTTP - httpHeaders: - - name: X-FromAppId - value: OOM_ReadinessCheck - {{ if .Values.global.installSidecarSecurity }} - - name: Authorization - value: Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ== - {{ end }} - - name: X-TransactionId - value: OOM_ReadinessCheck_TID - - name: Accept - value: application/json {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 8 }} diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml index 11616b96f9..f2363b7915 100644 --- a/kubernetes/aai/values.yaml +++ b/kubernetes/aai/values.yaml @@ -245,11 +245,11 @@ global: # global defaults version: # Current version of the REST API api: - default: v29 + default: v30 # Specifies which version the depth parameter is configurable depth: v11 # List of all the supported versions of the API - list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29 + list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29,v30 # Specifies from which version related link should appear related: link: v11 @@ -323,6 +323,8 @@ config: # IP address of name server is needed in nginx configuration. The secure endpoint for logging with Keycloak need the ip address in the config file. # You can find this ip address in the /etc/resolv.conf This file is generated by k8s. The name server ip address is in all k8s cluster the same. NAME_SERVER: coredns.kube-system + # hold interval in seconds + DNS_REFRESH_INTERVAL: 5 # default number of instances replicaCount: 1 @@ -482,13 +484,6 @@ securityContext: user_id: 99 group_id: 99 -readinessCheck: - wait_for: - services: - - aai-resources - - aai-traversal - - aai-graphadmin - volumes: haProxySizeLimit: 20Mi |