diff options
Diffstat (limited to 'kubernetes/aai/charts')
31 files changed, 963 insertions, 456 deletions
diff --git a/kubernetes/aai/charts/aai-data-router/values.yaml b/kubernetes/aai/charts/aai-data-router/values.yaml index ddc7fd0ee4..3adec8555d 100644 --- a/kubernetes/aai/charts/aai-data-router/values.yaml +++ b/kubernetes/aai/charts/aai-data-router/values.yaml @@ -21,7 +21,7 @@ global: # global defaults # application image repository: nexus3.onap.org:10001 -image: onap/data-router:1.3.1 +image: onap/data-router:1.4-STAGING-latest pullPolicy: Always restartPolicy: Always flavor: small diff --git a/kubernetes/aai/charts/aai-elasticsearch/resources/config/sg/sg_config.yml b/kubernetes/aai/charts/aai-elasticsearch/resources/config/sg/sg_config.yml index 9172b71e8d..d0050e095c 100644 --- a/kubernetes/aai/charts/aai-elasticsearch/resources/config/sg/sg_config.yml +++ b/kubernetes/aai/charts/aai-elasticsearch/resources/config/sg/sg_config.yml @@ -37,35 +37,28 @@ # HTTP # basic (challenging) # proxy (not challenging, needs xff) -# kerberos (challenging) # clientcert (not challenging, needs https) -# jwt (not challenging) # host (not challenging) #DEPRECATED, will be removed in a future version. # host based authentication is configurable in sg_roles_mapping # Authc # internal # noop -# ldap # Authz -# ldap # noop +# Some SearchGuard functionality is licensed under Apache-2.0, while other functionality is non-free; +# see https://github.com/floragunncom/search-guard. The functionality enabled in this configuration +# file only include those that are licensed under Apache-2.0. Please use care and review SearchGuard's +# license details before enabling any additional features here. + searchguard: dynamic: # Set filtered_alias_mode to 'disallow' to forbid more than 2 filtered aliases per index # Set filtered_alias_mode to 'warn' to allow more than 2 filtered aliases per index but warns about it (default) # Set filtered_alias_mode to 'nowarn' to allow more than 2 filtered aliases per index silently #filtered_alias_mode: warn - #kibana: - # Kibana multitenancy - # see https://github.com/floragunncom/search-guard-docs/blob/master/multitenancy.md - # To make this work you need to install https://github.com/floragunncom/search-guard-module-kibana-multitenancy/wiki - #multitenancy_enabled: true - #server_username: kibanaserver - #index: '.kibana' - #do_not_fail_on_forbidden: false http: anonymous_auth_enabled: false xff: @@ -80,20 +73,6 @@ searchguard: ###### and here https://tools.ietf.org/html/rfc7239 ###### and https://tomcat.apache.org/tomcat-8.0-doc/config/valve.html#Remote_IP_Valve authc: - kerberos_auth_domain: - http_enabled: false - transport_enabled: false - order: 6 - http_authenticator: - type: kerberos - challenge: true - config: - # If true a lot of kerberos/security related debugging output will be logged to standard out - krb_debug: false - # If true then the realm will be stripped from the user name - strip_realm_from_principal: true - authentication_backend: - type: noop basic_internal_auth_domain: http_enabled: true transport_enabled: true @@ -141,81 +120,4 @@ searchguard: challenge: false authentication_backend: type: noop - ldap: - http_enabled: false - transport_enabled: false - order: 5 - http_authenticator: - type: basic - challenge: false - authentication_backend: - # LDAP authentication backend (authenticate users against a LDAP or Active Directory) - type: ldap - config: - # enable ldaps - enable_ssl: false - # enable start tls, enable_ssl should be false - enable_start_tls: false - # send client certificate - enable_ssl_client_auth: false - # verify ldap hostname - verify_hostnames: true - hosts: - - localhost:8389 - bind_dn: null - password: null - userbase: 'ou=people,dc=example,dc=com' - # Filter to search for users (currently in the whole subtree beneath userbase) - # {0} is substituted with the username - usersearch: '(sAMAccountName={0})' - # Use this attribute from the user as username (if not set then DN is used) - username_attribute: null - authz: - roles_from_myldap: - http_enabled: false - transport_enabled: false - authorization_backend: - # LDAP authorization backend (gather roles from a LDAP or Active Directory, you have to configure the above LDAP authentication backend settings too) - type: ldap - config: - # enable ldaps - enable_ssl: false - # enable start tls, enable_ssl should be false - enable_start_tls: false - # send client certificate - enable_ssl_client_auth: false - # verify ldap hostname - verify_hostnames: true - hosts: - - localhost:8389 - bind_dn: null - password: null - rolebase: 'ou=groups,dc=example,dc=com' - # Filter to search for roles (currently in the whole subtree beneath rolebase) - # {0} is substituted with the DN of the user - # {1} is substituted with the username - # {2} is substituted with an attribute value from user's directory entry, of the authenticated user. Use userroleattribute to specify the name of the attribute - rolesearch: '(member={0})' - # Specify the name of the attribute which value should be substituted with {2} above - userroleattribute: null - # Roles as an attribute of the user entry - userrolename: disabled - #userrolename: memberOf - # The attribute in a role entry containing the name of that role, Default is "name". - # Can also be "dn" to use the full DN as rolename. - rolename: cn - # Resolve nested roles transitive (roles which are members of other roles and so on ...) - resolve_nested_roles: true - userbase: 'ou=people,dc=example,dc=com' - # Filter to search for users (currently in the whole subtree beneath userbase) - # {0} is substituted with the username - usersearch: '(uid={0})' - # Skip users matching a user name, a wildcard or a regex pattern - #skip_users: - # - 'cn=Michael Jackson,ou*people,o=TEST' - # - '/\S*/' - roles_from_another_ldap: - enabled: false - authorization_backend: - type: ldap - #config goes here ... + authz:
\ No newline at end of file diff --git a/kubernetes/aai/charts/aai-graphadmin/resources/config/migration/janusgraph-migration-cached.properties b/kubernetes/aai/charts/aai-graphadmin/resources/config/migration/janusgraph-migration-cached.properties new file mode 100644 index 0000000000..28e3089b88 --- /dev/null +++ b/kubernetes/aai/charts/aai-graphadmin/resources/config/migration/janusgraph-migration-cached.properties @@ -0,0 +1,70 @@ +# +# ============LICENSE_START======================================================= +# Copyright © 2018 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +query.fast-property=true +query.smart-limit=false + +{{- if eq .Values.global.jobs.migration.remoteCassandra.enabled false }} + +storage.backend=cassandra + +#In case of upgrades from Casablanca provide the override aai.global.cassandra.existingInstServiceName=aai-cassandra +storage.hostname={{ .Values.global.cassandra.existingInstServiceName | default .Values.global.cassandra.serviceName }} + +storage.cassandra.keyspace=aaigraph +storage.cassandra.read-consistency-level=LOCAL_QUORUM +storage.cassandra.write-consistency-level=LOCAL_QUORUM +storage.cassandra.replication-factor=3 +storage.cassandra.replication-strategy-class=org.apache.cassandra.locator.SimpleStrategy +{{- else }} +{{- if .Values.global.jobs.migration.remoteCassandra.storage }} +storage.backend={{ .Values.global.jobs.migration.remoteCassandra.storage.backend }} +storage.hostname={{ .Values.global.jobs.migration.remoteCassandra.storage.hostname }} +{{- if eq .Values.global.jobs.migration.remoteCassandra.storage.backend "cassandra" }} +storage.cassandra.keyspace={{ .Values.global.jobs.migration.remoteCassandra.storage.name }} +storage.cassandra.read-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cassandra.readConsistency }} +storage.cassandra.write-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cassandra.writeConsistency }} +storage.cassandra.replication-factor={{ .Values.global.jobs.migration.remoteCassandra.storage.cassandra.replicationFactor | int }} +storage.cassandra.replication-strategy-class=org.apache.cassandra.locator.SimpleStrategy + +{{- else if eq .Values.global.jobs.migration.remoteCassandra.storage.backend "cql" }} +storage.cql.keyspace={{ .Values.global.jobs.migration.remoteCassandra.storage.name }} +storage.cql.read-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.readConsistency }} +storage.cql.write-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.readConsistency }} +storage.cql.replication-factor={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.replicationFactor | int }} +storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.localConsistencyForSysOps }} +storage.cql.cluster-name={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.clusterName }} +storage.cql.local-datacenter={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.localDataCenter }} + +{{- else if eq .Values.global.jobs.migration.remoteCassandra.storage.backend "hbase" }} +storage.hbase.table={{ .Values.global.jobs.migration.remoteCassandra.storage.name }} +{{- end }} +storage.connection-timeout={{ .Values.global.jobs.migration.remoteCassandra.storage.connectionTimeout | int }} +cache.tx-cache-size={{ .Values.global.jobs.migration.remoteCassandra.storage.cacheSize | int }} +log.tx.key-consistent={{ .Values.global.jobs.migration.remoteCassandra.storage.keyConsistent }} +{{- end }} +{{- end }} +storage.lock.wait-time=300 + +#caching on +cache.db-cache = true +cache.db-cache-clean-wait = 20 +cache.db-cache-time = 180000 +cache.db-cache-size = 0.3 + +#load graphson file on startup +load.snapshot.file=false diff --git a/kubernetes/aai/charts/aai-graphadmin/resources/config/migration/janusgraph-migration-real.properties b/kubernetes/aai/charts/aai-graphadmin/resources/config/migration/janusgraph-migration-real.properties new file mode 100644 index 0000000000..4c28b20781 --- /dev/null +++ b/kubernetes/aai/charts/aai-graphadmin/resources/config/migration/janusgraph-migration-real.properties @@ -0,0 +1,65 @@ +# +# ============LICENSE_START======================================================= +# Copyright © 2018 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +query.fast-property=true +query.smart-limit=false + +{{- if eq .Values.global.jobs.migration.remoteCassandra.enabled false }} + +storage.backend=cassandra + +#In case of upgrades from Casablanca provide the override aai.global.cassandra.existingInstServiceName=aai-cassandra +storage.hostname={{ .Values.global.cassandra.existingInstServiceName | default .Values.global.cassandra.serviceName }} + +storage.cassandra.keyspace=aaigraph +storage.cassandra.read-consistency-level=LOCAL_QUORUM +storage.cassandra.write-consistency-level=LOCAL_QUORUM +storage.cassandra.replication-factor=3 +storage.cassandra.replication-strategy-class=org.apache.cassandra.locator.SimpleStrategy +{{- else }} +{{- if .Values.global.jobs.migration.remoteCassandra.storage }} +storage.backend={{ .Values.global.jobs.migration.remoteCassandra.storage.backend }} +storage.hostname={{ .Values.global.jobs.migration.remoteCassandra.storage.hostname }} +{{- if eq .Values.global.jobs.migration.remoteCassandra.storage.backend "cassandra" }} +storage.cassandra.keyspace={{ .Values.global.jobs.migration.remoteCassandra.storage.name }} +storage.cassandra.read-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cassandra.readConsistency }} +storage.cassandra.write-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cassandra.writeConsistency }} +storage.cassandra.replication-factor={{ .Values.global.jobs.migration.remoteCassandra.storage.cassandra.replicationFactor | int }} +storage.cassandra.replication-strategy-class=org.apache.cassandra.locator.SimpleStrategy + +{{- else if eq .Values.global.jobs.migration.remoteCassandra.storage.backend "cql" }} +storage.cql.keyspace={{ .Values.global.jobs.migration.remoteCassandra.storage.name }} +storage.cql.read-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.readConsistency }} +storage.cql.write-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.readConsistency }} +storage.cql.replication-factor={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.replicationFactor | int }} +storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.localConsistencyForSysOps }} +storage.cql.cluster-name={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.clusterName }} +storage.cql.local-datacenter={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.localDataCenter }} + +{{- else if eq .Values.global.jobs.migration.remoteCassandra.storage.backend "hbase" }} +storage.hbase.table={{ .Values.global.jobs.migration.remoteCassandra.storage.name }} +{{- end }} +storage.connection-timeout={{ .Values.global.jobs.migration.remoteCassandra.storage.connectionTimeout | int }} +cache.tx-cache-size={{ .Values.global.jobs.migration.remoteCassandra.storage.cacheSize | int }} +log.tx.key-consistent={{ .Values.global.jobs.migration.remoteCassandra.storage.keyConsistent }} +{{- end }} +{{- end }} +storage.lock.wait-time=300 +# Setting db-cache to false ensure the fastest propagation of changes across servers +cache.db-cache = false +#load graphson file on startup +load.snapshot.file=false diff --git a/kubernetes/aai/charts/aai-graphadmin/templates/configmap.yaml b/kubernetes/aai/charts/aai-graphadmin/templates/configmap.yaml index 281bac6915..bd229d3fb0 100644 --- a/kubernetes/aai/charts/aai-graphadmin/templates/configmap.yaml +++ b/kubernetes/aai/charts/aai-graphadmin/templates/configmap.yaml @@ -20,90 +20,44 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }}-log + name: {{ include "common.fullname" . }}-configmap namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} + {{- if .Values.global.jobs.migration.enabled }} + annotations: + "helm.sh/hook": pre-upgrade,pre-install + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": before-hook-creation + {{- end }} data: {{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-localhost-access-log-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: {{ tpl (.Files.Glob "resources/config/localhost-access-logback.xml").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-db-real-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: {{ tpl (.Files.Glob "resources/config/janusgraph-realtime.properties").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-db-cached-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: {{ tpl (.Files.Glob "resources/config/janusgraph-cached.properties").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-aaiconfig-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: {{ tpl (.Files.Glob "resources/config/aaiconfig.properties").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-springapp-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: {{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/realm.properties").AsConfig . | indent 2 }} + +{{- if .Values.global.jobs.migration.enabled }} --- apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }}-realm-configmap + name: {{ include "common.fullname" . }}-migration-configmap namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} + annotations: + "helm.sh/hook": pre-upgrade,pre-install + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": before-hook-creation data: -{{ tpl (.Files.Glob "resources/config/realm.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/migration/*").AsConfig . | indent 2 }} +{{- end }} diff --git a/kubernetes/aai/charts/aai-graphadmin/templates/deployment.yaml b/kubernetes/aai/charts/aai-graphadmin/templates/deployment.yaml index 2888a64f5e..f768603a89 100644 --- a/kubernetes/aai/charts/aai-graphadmin/templates/deployment.yaml +++ b/kubernetes/aai/charts/aai-graphadmin/templates/deployment.yaml @@ -16,7 +16,6 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= - apiVersion: extensions/v1beta1 kind: Deployment metadata: @@ -45,7 +44,12 @@ spec: {{ if .Values.global.initContainers.enabled }} initContainers: - command: - {{ if .Values.global.jobs.createSchema.enabled }} + {{ if .Values.global.jobs.migration.enabled }} + - /root/job_complete.py + args: + - --job-name + - {{ .Release.Name }}-aai-graphadmin-migration + {{ else if .Values.global.jobs.createSchema.enabled }} - /root/job_complete.py args: - --job-name @@ -86,27 +90,27 @@ spec: name: localtime readOnly: true - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties - name: {{ include "common.fullname" . }}-db-real-conf + name: {{ include "common.fullname" . }}-config subPath: janusgraph-realtime.properties - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties - name: {{ include "common.fullname" . }}-db-cached-conf + name: {{ include "common.fullname" . }}-config subPath: janusgraph-cached.properties - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties - name: {{ include "common.fullname" . }}-aaiconfig-conf + name: {{ include "common.fullname" . }}-config subPath: aaiconfig.properties - mountPath: /opt/aai/logroot/AAI-RES name: {{ include "common.fullname" . }}-logs - mountPath: /opt/app/aai-graphadmin/resources/logback.xml - name: {{ include "common.fullname" . }}-log-conf + name: {{ include "common.fullname" . }}-config subPath: logback.xml - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml - name: {{ include "common.fullname" . }}-localhost-access-log-conf + name: {{ include "common.fullname" . }}-config subPath: localhost-access-logback.xml - mountPath: /opt/app/aai-graphadmin/resources/etc/auth/realm.properties - name: {{ include "common.fullname" . }}-realm-conf + name: {{ include "common.fullname" . }}-config subPath: realm.properties - mountPath: /opt/app/aai-graphadmin/resources/application.properties - name: {{ include "common.fullname" . }}-springapp-conf + name: {{ include "common.fullname" . }}-config subPath: application.properties {{ $global := . }} {{ range $job := .Values.global.config.auth.files }} @@ -166,27 +170,9 @@ spec: emptyDir: {} - name: {{ include "common.fullname" . }}-filebeat emptyDir: {} - - name: {{ include "common.fullname" . }}-log-conf - configMap: - name: {{ include "common.fullname" . }}-log - - name: {{ include "common.fullname" . }}-localhost-access-log-conf - configMap: - name: {{ include "common.fullname" . }}-localhost-access-log-configmap - - name: {{ include "common.fullname" . }}-db-real-conf - configMap: - name: {{ include "common.fullname" . }}-db-real-configmap - - name: {{ include "common.fullname" . }}-db-cached-conf - configMap: - name: {{ include "common.fullname" . }}-db-cached-configmap - - name: {{ include "common.fullname" . }}-aaiconfig-conf - configMap: - name: {{ include "common.fullname" . }}-aaiconfig-configmap - - name: {{ include "common.fullname" . }}-springapp-conf - configMap: - name: {{ include "common.fullname" . }}-springapp-configmap - - name: {{ include "common.fullname" . }}-realm-conf + - name: {{ include "common.fullname" . }}-config configMap: - name: {{ include "common.fullname" . }}-realm-configmap + name: {{ include "common.fullname" . }}-configmap - name: {{ include "common.fullname" . }}-auth-truststore-sec secret: secretName: aai-common-truststore diff --git a/kubernetes/aai/charts/aai-graphadmin/templates/job.yaml b/kubernetes/aai/charts/aai-graphadmin/templates/job.yaml index 55fce011c7..e5b673bee2 100644 --- a/kubernetes/aai/charts/aai-graphadmin/templates/job.yaml +++ b/kubernetes/aai/charts/aai-graphadmin/templates/job.yaml @@ -29,8 +29,7 @@ # If you are using an existing cassandra cluster not coming from oom # then it is your job to ensure that there are no connections to the database -{{ if .Values.global.jobs.createSchema.enabled }} - +{{- if and ( not .Values.global.jobs.migration.enabled ) ( .Values.global.jobs.createSchema.enabled ) }} apiVersion: batch/v1 kind: Job metadata: @@ -89,24 +88,24 @@ spec: name: localtime readOnly: true - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties - name: {{ include "common.fullname" . }}-db-real-conf + name: {{ include "common.fullname" . }}-config subPath: janusgraph-realtime.properties - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties - name: {{ include "common.fullname" . }}-db-cached-conf + name: {{ include "common.fullname" . }}-config subPath: janusgraph-cached.properties - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties - name: {{ include "common.fullname" . }}-aaiconfig-conf + name: {{ include "common.fullname" . }}-config subPath: aaiconfig.properties - mountPath: /opt/aai/logroot/AAI-GA name: {{ include "common.fullname" . }}-logs - mountPath: /opt/app/aai-graphadmin/resources/logback.xml - name: {{ include "common.fullname" . }}-log-conf + name: {{ include "common.fullname" . }}-config subPath: logback.xml - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml - name: {{ include "common.fullname" . }}-localhost-access-log-conf + name: {{ include "common.fullname" . }}-config subPath: localhost-access-logback.xml - mountPath: /opt/app/aai-graphadmin/resources/application.properties - name: {{ include "common.fullname" . }}-springapp-conf + name: {{ include "common.fullname" . }}-config subPath: application.properties {{ $global := . }} {{ range $job := .Values.global.config.auth.files }} @@ -134,29 +133,179 @@ spec: - name: {{ include "common.fullname" . }}-logs hostPath: path: {{ .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}-create-db-schema - - name: {{ include "common.fullname" . }}-filebeat - emptyDir: {} - - name: {{ include "common.fullname" . }}-log-conf - configMap: - name: {{ include "common.fullname" . }}-log - - name: {{ include "common.fullname" . }}-localhost-access-log-conf - configMap: - name: {{ include "common.fullname" . }}-localhost-access-log-configmap - - name: {{ include "common.fullname" . }}-db-real-conf + - name: {{ include "common.fullname" . }}-config configMap: - name: {{ include "common.fullname" . }}-db-real-configmap - - name: {{ include "common.fullname" . }}-db-cached-conf - configMap: - name: {{ include "common.fullname" . }}-db-cached-configmap - - name: {{ include "common.fullname" . }}-aaiconfig-conf - configMap: - name: {{ include "common.fullname" . }}-aaiconfig-configmap - - name: {{ include "common.fullname" . }}-springapp-conf + name: {{ include "common.fullname" . }}-configmap + - name: {{ include "common.fullname" . }}-auth-truststore-sec + secret: + secretName: aai-common-truststore + items: + {{ range $job := .Values.global.config.auth.files }} + - key: {{ . }} + path: {{ . }} + {{ end }} + restartPolicy: Never + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" +{{ end }} +{{- if .Values.global.jobs.migration.enabled }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-migration + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-job + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + "helm.sh/hook": post-upgrade,post-rollback,post-install + "helm.sh/hook-weight": "1" + "helm.sh/hook-delete-policy": before-hook-creation +spec: + backoffLimit: 20 + template: + metadata: + labels: + app: {{ include "common.name" . }}-job + release: {{ .Release.Name }} + name: {{ include "common.name" . }} + spec: + initContainers: + - command: + - /root/ready.py + args: + - --container-name + {{- if .Values.global.cassandra.localCluster }} + - aai-cassandra + {{- else }} + - cassandra + {{- end }} + - --container-name + - aai-schema-service + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + - command: + - /bin/bash + - -c + - bash docker-entrypoint.sh dataRestoreFromSnapshot.sh `ls -t /opt/app/aai-graphadmin/logs/data/dataSnapshots|head -1|awk -F".P" '{ print $1 }'` + env: + - name: LOCAL_USER_ID + value: {{ .Values.global.config.userId | quote }} + - name: LOCAL_GROUP_ID + value: {{ .Values.global.config.groupId | quote }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties + name: {{ include "common.fullname" . }}-config + subPath: janusgraph-realtime.properties + - mountPath: /opt/app/aai-graphadmin/logs/data/dataSnapshots + name: {{ include "common.fullname" . }}-snapshots + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties + name: {{ include "common.fullname" . }}-config + subPath: janusgraph-cached.properties + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties + name: {{ include "common.fullname" . }}-config + subPath: aaiconfig.properties + - mountPath: /opt/aai/logroot/AAI-GA + name: {{ include "common.fullname" . }}-logs + - mountPath: /opt/app/aai-graphadmin/resources/logback.xml + name: {{ include "common.fullname" . }}-config + subPath: logback.xml + - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml + name: {{ include "common.fullname" . }}-config + subPath: localhost-access-logback.xml + - mountPath: /opt/app/aai-graphadmin/resources/application.properties + name: {{ include "common.fullname" . }}-config + subPath: application.properties + {{ $global := . }} + {{ range $job := .Values.global.config.auth.files }} + - mountPath: /opt/app/aai-graphadmin/resources/etc/auth/{{ . }} + name: {{ include "common.fullname" $global }}-auth-truststore-sec + subPath: {{ . }} + {{ end }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-restore-backup + containers: + - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-perform-migration + command: + - /bin/bash + - -c + - bash docker-entrypoint.sh run_Migrations.sh -e UpdateAaiUriIndexMigration --commit --skipPreMigrationSnapShot --runDisabled RebuildAllEdges + env: + - name: LOCAL_USER_ID + value: {{ .Values.global.config.userId | quote }} + - name: LOCAL_GROUP_ID + value: {{ .Values.global.config.groupId | quote }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties + name: {{ include "common.fullname" . }}-config + subPath: janusgraph-realtime.properties + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties + name: {{ include "common.fullname" . }}-config + subPath: janusgraph-cached.properties + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties + name: {{ include "common.fullname" . }}-config + subPath: aaiconfig.properties + - mountPath: /opt/aai/logroot/AAI-GA + name: {{ include "common.fullname" . }}-logs + - mountPath: /opt/app/aai-graphadmin/resources/logback.xml + name: {{ include "common.fullname" . }}-config + subPath: logback.xml + - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml + name: {{ include "common.fullname" . }}-config + subPath: localhost-access-logback.xml + - mountPath: /opt/app/aai-graphadmin/resources/application.properties + name: {{ include "common.fullname" . }}-config + subPath: application.properties + {{ $global := . }} + {{ range $job := .Values.global.config.auth.files }} + - mountPath: /opt/app/aai-graphadmin/resources/etc/auth/{{ . }} + name: {{ include "common.fullname" $global }}-auth-truststore-sec + subPath: {{ . }} + {{ end }} + resources: +{{ include "common.resources" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: filebeat-conf configMap: - name: {{ include "common.fullname" . }}-springapp-configmap - - name: {{ include "common.fullname" . }}-realm-conf + name: aai-filebeat + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} + - name: {{ include "common.fullname" . }}-config configMap: - name: {{ include "common.fullname" . }}-realm-configmap + name: {{ include "common.fullname" . }}-configmap + - name: {{ include "common.fullname" . }}-snapshots + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }}-migration - name: {{ include "common.fullname" . }}-auth-truststore-sec secret: secretName: aai-common-truststore @@ -168,4 +317,112 @@ spec: restartPolicy: Never imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-db-backup-job + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-db-backup-job + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + annotations: + "helm.sh/hook": pre-upgrade,pre-install + "helm.sh/hook-weight": "2" + "helm.sh/hook-delete-policy": before-hook-creation +spec: + backoffLimit: 20 + template: + metadata: + labels: + app: {{ include "common.name" . }}-db-backup-job + release: {{ .Release.Name }} + name: {{ include "common.name" . }} + spec: + {{ if eq .Values.global.jobs.migration.remoteCassandra.enabled false }} + initContainers: + - command: + - /bin/bash + - -c + - /root/ready.py --container-name aai-cassandra --timeout 1 || /root/ready.py --container-name cassandra + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-db-backup-readiness + {{- end }} + containers: + - name: {{ include "common.name" . }}-db-backup-job + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/bash + - docker-entrypoint.sh + - dataSnapshot.sh + env: + - name: LOCAL_USER_ID + value: {{ .Values.global.config.userId | quote }} + - name: LOCAL_GROUP_ID + value: {{ .Values.global.config.groupId | quote }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/aai-graphadmin/logs/data/dataSnapshots + name: {{ include "common.fullname" . }}-snapshots + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties + name: {{ include "common.fullname" . }}-migration + subPath: janusgraph-migration-real.properties + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties + name: {{ include "common.fullname" . }}-migration + subPath: janusgraph-migration-cached.properties + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties + name: {{ include "common.fullname" . }}-config + subPath: aaiconfig.properties + - mountPath: /opt/aai/logroot/AAI-RES/ + name: {{ include "common.fullname" . }}-logs + - mountPath: /opt/app/aai-graphadmin/resources/logback.xml + name: {{ include "common.fullname" . }}-config + subPath: logback.xml + - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml + name: {{ include "common.fullname" . }}-config + subPath: localhost-access-logback.xml + - mountPath: /opt/app/aai-graphadmin/resources/application.properties + name: {{ include "common.fullname" . }}-config + subPath: application.properties + resources: +{{ include "common.resources" . | indent 10 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} + - name: {{ include "common.fullname" . }}-config + configMap: + name: {{ include "common.fullname" . }}-configmap + - name: {{ include "common.fullname" . }}-migration + configMap: + name: {{ include "common.fullname" . }}-migration-configmap + - name: {{ include "common.fullname" . }}-snapshots + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }}-migration + restartPolicy: Never + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" {{ end }} + diff --git a/kubernetes/aai/charts/aai-graphadmin/templates/pv.yaml b/kubernetes/aai/charts/aai-graphadmin/templates/pv.yaml new file mode 100644 index 0000000000..f6783315ad --- /dev/null +++ b/kubernetes/aai/charts/aai-graphadmin/templates/pv.yaml @@ -0,0 +1,42 @@ +{{/* +# Copyright ▒ 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if .Values.global.jobs.migration.enabled -}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }} + annotations: + "helm.sh/hook": pre-upgrade,pre-install + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": before-hook-creation +spec: + capacity: + storage: {{ .Values.persistence.size}} + accessModes: + - {{ .Values.persistence.accessMode }} + persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + hostPath: + path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath1 }} +{{- end -}} + diff --git a/kubernetes/aai/charts/aai-graphadmin/templates/pvc.yaml b/kubernetes/aai/charts/aai-graphadmin/templates/pvc.yaml new file mode 100644 index 0000000000..582afe9acd --- /dev/null +++ b/kubernetes/aai/charts/aai-graphadmin/templates/pvc.yaml @@ -0,0 +1,51 @@ +{{/* +# Copyright ▒ 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if .Values.global.jobs.migration.enabled -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }}-migration + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + annotations: + "helm.sh/hook": pre-upgrade,pre-install + "helm.sh/hook-weight": "-1" + "helm.sh/hook-delete-policy": before-hook-creation +{{- if .Values.persistence.annotations }} +{{ toYaml .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + name: {{ include "common.fullname" . }} + accessModes: + - {{ .Values.persistence.accessMode }} + resources: + requests: + storage: {{ .Values.persistence.size }} +{{- if .Values.persistence.storageClass }} +{{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" +{{- end }} +{{- end }} +{{- end -}} diff --git a/kubernetes/aai/charts/aai-graphadmin/values.yaml b/kubernetes/aai/charts/aai-graphadmin/values.yaml index bdd6033bc3..498c3c185d 100644 --- a/kubernetes/aai/charts/aai-graphadmin/values.yaml +++ b/kubernetes/aai/charts/aai-graphadmin/values.yaml @@ -108,8 +108,26 @@ ingress: enabled: false persistence: + enabled: true + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + # existingClaim: + volumeReclaimPolicy: Retain + ## database data Persistent Volume Storage Class + ## If defined, storageClassName: <storageClass> + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + accessMode: ReadWriteMany + size: 2Gi + mountPath: /dockerdata-nfs mountSubPath: aai/aai-graphadmin + mountSubPath1: aai/migration resources: small: diff --git a/kubernetes/aai/charts/aai-modelloader/values.yaml b/kubernetes/aai/charts/aai-modelloader/values.yaml index 563ea6bba0..58a72db406 100644 --- a/kubernetes/aai/charts/aai-modelloader/values.yaml +++ b/kubernetes/aai/charts/aai-modelloader/values.yaml @@ -21,7 +21,7 @@ global: # global defaults # application image repository: nexus3.onap.org:10001 -image: onap/model-loader:1.3.1 +image: onap/model-loader:1.4-STAGING-latest pullPolicy: Always restartPolicy: Always flavor: small diff --git a/kubernetes/aai/charts/aai-resources/templates/configmap.yaml b/kubernetes/aai/charts/aai-resources/templates/configmap.yaml index 0f40d04dae..a4c2e317ad 100644 --- a/kubernetes/aai/charts/aai-resources/templates/configmap.yaml +++ b/kubernetes/aai/charts/aai-resources/templates/configmap.yaml @@ -15,7 +15,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }}-log + name: {{ include "common.fullname" . }}-configmap namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} @@ -24,83 +24,11 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-localhost-access-log-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: {{ tpl (.Files.Glob "resources/config/localhost-access-logback.xml").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-db-real-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: {{ tpl (.Files.Glob "resources/config/janusgraph-realtime.properties").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-db-cached-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: {{ tpl (.Files.Glob "resources/config/janusgraph-cached.properties").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-aaiconfig-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: {{ tpl (.Files.Glob "resources/config/aaiconfig.properties").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-springapp-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: {{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-realm-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: {{ tpl (.Files.Glob "resources/config/realm.properties").AsConfig . | indent 2 }} --- apiVersion: v1 diff --git a/kubernetes/aai/charts/aai-resources/templates/deployment.yaml b/kubernetes/aai/charts/aai-resources/templates/deployment.yaml index 84438c1f0c..d530c3dbbc 100644 --- a/kubernetes/aai/charts/aai-resources/templates/deployment.yaml +++ b/kubernetes/aai/charts/aai-resources/templates/deployment.yaml @@ -805,7 +805,12 @@ spec: {{ end }} initContainers: - command: - {{ if .Values.global.jobs.createSchema.enabled }} + {{ if .Values.global.jobs.migration.enabled }} + - /root/job_complete.py + args: + - --job-name + - {{ .Release.Name }}-aai-graphadmin-migration + {{ else if .Values.global.jobs.createSchema.enabled }} - /root/job_complete.py args: - --job-name @@ -853,24 +858,24 @@ spec: name: localtime readOnly: true - mountPath: /opt/app/aai-resources/resources/etc/appprops/janusgraph-realtime.properties - name: {{ include "common.fullname" . }}-db-real-conf + name: {{ include "common.fullname" . }}-config subPath: janusgraph-realtime.properties - mountPath: /opt/app/aai-resources/resources/etc/appprops/janusgraph-cached.properties - name: {{ include "common.fullname" . }}-db-cached-conf + name: {{ include "common.fullname" . }}-config subPath: janusgraph-cached.properties - mountPath: /opt/app/aai-resources/resources/etc/appprops/aaiconfig.properties - name: {{ include "common.fullname" . }}-aaiconfig-conf + name: {{ include "common.fullname" . }}-config subPath: aaiconfig.properties - mountPath: /opt/aai/logroot/AAI-RES name: {{ include "common.fullname" . }}-logs - mountPath: /opt/app/aai-resources/resources/logback.xml - name: {{ include "common.fullname" . }}-log-conf + name: {{ include "common.fullname" . }}-config subPath: logback.xml - mountPath: /opt/app/aai-resources/resources/localhost-access-logback.xml - name: {{ include "common.fullname" . }}-localhost-access-log-conf + name: {{ include "common.fullname" . }}-config subPath: localhost-access-logback.xml - mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties - name: {{ include "common.fullname" . }}-realm-conf + name: {{ include "common.fullname" . }}-config subPath: realm.properties {{ if .Values.global.installSidecarSecurity }} - mountPath: /opt/app/aai-resources/resources/etc/auth/aai_policy.json @@ -902,7 +907,7 @@ spec: name: aai-common-aai-auth-mount subPath: truststoreONAPall.jks - mountPath: /opt/app/aai-resources/resources/application.properties - name: {{ include "common.fullname" . }}-springapp-conf + name: {{ include "common.fullname" . }}-config subPath: application.properties {{ $global := . }} {{ range $job := .Values.global.config.auth.files }} @@ -1046,33 +1051,15 @@ spec: emptyDir: {} - name: {{ include "common.fullname" . }}-filebeat emptyDir: {} - - name: {{ include "common.fullname" . }}-log-conf - configMap: - name: {{ include "common.fullname" . }}-log - - name: {{ include "common.fullname" . }}-localhost-access-log-conf - configMap: - name: {{ include "common.fullname" . }}-localhost-access-log-configmap - - name: {{ include "common.fullname" . }}-db-real-conf + - name: {{ include "common.fullname" . }}-config configMap: - name: {{ include "common.fullname" . }}-db-real-configmap - - name: {{ include "common.fullname" . }}-db-cached-conf - configMap: - name: {{ include "common.fullname" . }}-db-cached-configmap - - name: {{ include "common.fullname" . }}-aaiconfig-conf - configMap: - name: {{ include "common.fullname" . }}-aaiconfig-configmap + name: {{ include "common.fullname" . }}-configmap - name: {{ include "common.fullname" . }}-aaf-properties configMap: name: {{ include "common.fullname" . }}-aaf-props - name: {{ include "common.fullname" . }}-aaf-certs secret: secretName: {{ include "common.fullname" . }}-aaf-keys - - name: {{ include "common.fullname" . }}-springapp-conf - configMap: - name: {{ include "common.fullname" . }}-springapp-configmap - - name: {{ include "common.fullname" . }}-realm-conf - configMap: - name: {{ include "common.fullname" . }}-realm-configmap - name: {{ include "common.fullname" . }}-auth-truststore-sec secret: secretName: aai-common-truststore diff --git a/kubernetes/aai/charts/aai-search-data/resources/fproxy/config/fproxy.properties b/kubernetes/aai/charts/aai-search-data/resources/fproxy/config/fproxy.properties new file mode 100644 index 0000000000..f512fb71a6 --- /dev/null +++ b/kubernetes/aai/charts/aai-search-data/resources/fproxy/config/fproxy.properties @@ -0,0 +1,2 @@ +credential.cache.timeout.ms=180000 +transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/kubernetes/aai/charts/aai-search-data/resources/fproxy/config/logback-spring.xml b/kubernetes/aai/charts/aai-search-data/resources/fproxy/config/logback-spring.xml new file mode 100644 index 0000000000..edac199968 --- /dev/null +++ b/kubernetes/aai/charts/aai-search-data/resources/fproxy/config/logback-spring.xml @@ -0,0 +1,48 @@ +<?xml version="1.0" encoding="UTF-8"?> +<configuration> + + <property name="LOGS" value="./logs/AAF-FPS" /> + <property name="FILEPREFIX" value="application" /> + + <appender name="Console" + class="ch.qos.logback.core.ConsoleAppender"> + <layout class="ch.qos.logback.classic.PatternLayout"> + <Pattern> + %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable + </Pattern> + </layout> + </appender> + + <appender name="RollingFile" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOGS}/${FILEPREFIX}.log</file> + <encoder + class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> + <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> + </encoder> + + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <!-- rollover daily and when the file reaches 10 MegaBytes --> + <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log + </fileNamePattern> + <timeBasedFileNamingAndTriggeringPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> + <maxFileSize>10MB</maxFileSize> + </timeBasedFileNamingAndTriggeringPolicy> + </rollingPolicy> + </appender> + + <!-- LOG everything at INFO level --> + <root level="debug"> + <appender-ref ref="RollingFile" /> + <appender-ref ref="Console" /> + </root> + + <!-- LOG "com.baeldung*" at TRACE level --> + <logger name="org.onap.aaf.fproxy" level="trace" additivity="false"> + <appender-ref ref="RollingFile" /> + <appender-ref ref="Console" /> + </logger> + +</configuration> diff --git a/kubernetes/aai/charts/aai-search-data/resources/fproxy/config/readme.txt b/kubernetes/aai/charts/aai-search-data/resources/fproxy/config/readme.txt new file mode 100644 index 0000000000..79cf29e73c --- /dev/null +++ b/kubernetes/aai/charts/aai-search-data/resources/fproxy/config/readme.txt @@ -0,0 +1 @@ +Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/kubernetes/aai/charts/aai-search-data/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/charts/aai-search-data/resources/rproxy/config/auth/uri-authorization.json new file mode 100644 index 0000000000..595d484c37 --- /dev/null +++ b/kubernetes/aai/charts/aai-search-data/resources/rproxy/config/auth/uri-authorization.json @@ -0,0 +1,11 @@ +[ + { + "uri": "\/services\/search-data-service\/.*", + "method": "GET|PUT|POST|DELETE", + "permissions": [ + "org\\.onap\\.aai\\.resources\\|\\*\\|.*" + ] + } + + +] diff --git a/kubernetes/aai/charts/aai-search-data/resources/rproxy/config/cadi.properties b/kubernetes/aai/charts/aai-search-data/resources/rproxy/config/cadi.properties new file mode 100644 index 0000000000..c2b628dbb3 --- /dev/null +++ b/kubernetes/aai/charts/aai-search-data/resources/rproxy/config/cadi.properties @@ -0,0 +1,39 @@ +# This is a normal Java Properties File +# Comments are with Pound Signs at beginning of lines, +# and multi-line expression of properties can be obtained by backslash at end of line + +#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below +#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name +#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com +#to your hosts file on your machine. +#hostname=test.aic.cip.att.com + +cadi_loglevel=DEBUG + +# OAuth2 +aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.0/token +aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.0/introspect + +cadi_latitude=37.78187 +cadi_longitude=-122.26147 + +# Locate URL (which AAF Env) +aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095 + +# AAF URL +aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.0 + +cadi_keyfile=/opt/app/rproxy/config/security/keyfile +cadi_keystore=/opt/app/rproxy/config/auth/org.onap.aai.p12 +cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV +cadi_alias=aai@aai.onap.org +cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore +cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + +aaf_env=DEV + +aaf_id=demo@people.osaaf.org +aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz + +# This is a colon separated list of client cert issuers +cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA diff --git a/kubernetes/aai/charts/aai-search-data/resources/rproxy/config/forward-proxy.properties b/kubernetes/aai/charts/aai-search-data/resources/rproxy/config/forward-proxy.properties new file mode 100644 index 0000000000..55a9b4816f --- /dev/null +++ b/kubernetes/aai/charts/aai-search-data/resources/rproxy/config/forward-proxy.properties @@ -0,0 +1,4 @@ +forward-proxy.protocol = https +forward-proxy.host = localhost +forward-proxy.port = 10680 +forward-proxy.cacheurl = /credential-cache diff --git a/kubernetes/aai/charts/aai-search-data/resources/rproxy/config/logback-spring.xml b/kubernetes/aai/charts/aai-search-data/resources/rproxy/config/logback-spring.xml new file mode 100644 index 0000000000..289fe7512c --- /dev/null +++ b/kubernetes/aai/charts/aai-search-data/resources/rproxy/config/logback-spring.xml @@ -0,0 +1,48 @@ +<?xml version="1.0" encoding="UTF-8"?> +<configuration> + + <property name="LOGS" value="./logs/reverse-proxy" /> + <property name="FILEPREFIX" value="application" /> + + <appender name="Console" + class="ch.qos.logback.core.ConsoleAppender"> + <layout class="ch.qos.logback.classic.PatternLayout"> + <Pattern> + %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable + </Pattern> + </layout> + </appender> + + <appender name="RollingFile" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOGS}/${FILEPREFIX}.log</file> + <encoder + class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> + <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> + </encoder> + + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <!-- rollover daily and when the file reaches 10 MegaBytes --> + <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log + </fileNamePattern> + <timeBasedFileNamingAndTriggeringPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> + <maxFileSize>10MB</maxFileSize> + </timeBasedFileNamingAndTriggeringPolicy> + </rollingPolicy> + </appender> + + <!-- LOG everything at INFO level --> + <root level="debug"> + <appender-ref ref="RollingFile" /> + <appender-ref ref="Console" /> + </root> + + <!-- LOG "com.baeldung*" at TRACE level --> + <logger name="org.onap.aaf.rproxy" level="trace" additivity="false"> + <appender-ref ref="RollingFile" /> + <appender-ref ref="Console" /> + </logger> + +</configuration> diff --git a/kubernetes/aai/charts/aai-search-data/resources/rproxy/config/primary-service.properties b/kubernetes/aai/charts/aai-search-data/resources/rproxy/config/primary-service.properties new file mode 100644 index 0000000000..5fddcb240a --- /dev/null +++ b/kubernetes/aai/charts/aai-search-data/resources/rproxy/config/primary-service.properties @@ -0,0 +1,3 @@ +primary-service.protocol = https +primary-service.host = localhost +primary-service.port = 9509 diff --git a/kubernetes/aai/charts/aai-search-data/resources/rproxy/config/readme.txt b/kubernetes/aai/charts/aai-search-data/resources/rproxy/config/readme.txt new file mode 100644 index 0000000000..79cf29e73c --- /dev/null +++ b/kubernetes/aai/charts/aai-search-data/resources/rproxy/config/readme.txt @@ -0,0 +1 @@ +Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/kubernetes/aai/charts/aai-search-data/resources/rproxy/config/reverse-proxy.properties b/kubernetes/aai/charts/aai-search-data/resources/rproxy/config/reverse-proxy.properties new file mode 100644 index 0000000000..8d46e1f429 --- /dev/null +++ b/kubernetes/aai/charts/aai-search-data/resources/rproxy/config/reverse-proxy.properties @@ -0,0 +1 @@ +transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/kubernetes/aai/charts/aai-search-data/templates/configmap.yaml b/kubernetes/aai/charts/aai-search-data/templates/configmap.yaml index b1547f42aa..4361aa405d 100644 --- a/kubernetes/aai/charts/aai-search-data/templates/configmap.yaml +++ b/kubernetes/aai/charts/aai-search-data/templates/configmap.yaml @@ -37,3 +37,47 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/log/logback.xml").AsConfig . | indent 2 }} + +{{ if .Values.global.installSidecarSecurity }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-fproxy-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-fproxy-log-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-rproxy-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-rproxy-log-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }} +{{ end }} + diff --git a/kubernetes/aai/charts/aai-search-data/templates/deployment.yaml b/kubernetes/aai/charts/aai-search-data/templates/deployment.yaml index 1d39d4e1d9..b63c4c520f 100644 --- a/kubernetes/aai/charts/aai-search-data/templates/deployment.yaml +++ b/kubernetes/aai/charts/aai-search-data/templates/deployment.yaml @@ -35,6 +35,14 @@ spec: release: {{ .Release.Name }} name: {{ include "common.name" . }} spec: + {{ if .Values.global.installSidecarSecurity }} + initContainers: + - name: {{ .Values.global.tproxyConfig.name }} + image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + securityContext: + privileged: true + {{ end }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -116,6 +124,84 @@ spec: - mountPath: /usr/share/filebeat/data name: {{ include "common.fullname" . }}-service-filebeat + {{ if .Values.global.installSidecarSecurity }} + - name: {{ .Values.global.rproxy.name }} + image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: CONFIG_HOME + value: "/opt/app/rproxy/config" + - name: KEY_STORE_PASSWORD + value: {{ .Values.config.keyStorePassword }} + - name: spring_profiles_active + value: {{ .Values.global.rproxy.activeSpringProfiles }} + volumeMounts: + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/forward-proxy.properties + subPath: forward-proxy.properties + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/primary-service.properties + subPath: primary-service.properties + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/reverse-proxy.properties + subPath: reverse-proxy.properties + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/cadi.properties + subPath: cadi.properties + - name: {{ include "common.fullname" . }}-rproxy-log-config + mountPath: /opt/app/rproxy/config/logback-spring.xml + subPath: logback-spring.xml + - name: {{ include "common.fullname" . }}-rproxy-auth-certs + mountPath: /opt/app/rproxy/config/auth/tomcat_keystore + subPath: tomcat_keystore + - name: {{ include "common.fullname" . }}-rproxy-auth-certs + mountPath: /opt/app/rproxy/config/auth/client-cert.p12 + subPath: client-cert.p12 + - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + mountPath: /opt/app/rproxy/config/auth/uri-authorization.json + subPath: uri-authorization.json + - name: {{ include "common.fullname" . }}-rproxy-auth-certs + mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12 + subPath: org.onap.aai.p12 + - name: {{ include "common.fullname" . }}-rproxy-security-config + mountPath: /opt/app/rproxy/config/security/keyfile + subPath: keyfile + + ports: + - containerPort: {{ .Values.global.rproxy.port }} + + - name: {{ .Values.global.fproxy.name }} + image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: CONFIG_HOME + value: "/opt/app/fproxy/config" + - name: KEY_STORE_PASSWORD + value: {{ .Values.config.keyStorePassword }} + - name: TRUST_STORE_PASSWORD + value: {{ .Values.config.trustStorePassword }} + - name: spring_profiles_active + value: {{ .Values.global.fproxy.activeSpringProfiles }} + volumeMounts: + - name: {{ include "common.fullname" . }}-fproxy-config + mountPath: /opt/app/fproxy/config/fproxy.properties + subPath: fproxy.properties + - name: {{ include "common.fullname" . }}-fproxy-log-config + mountPath: /opt/app/fproxy/config/logback-spring.xml + subPath: logback-spring.xml + - name: {{ include "common.fullname" . }}-fproxy-auth-certs + mountPath: /opt/app/fproxy/config/auth/fproxy_truststore + subPath: fproxy_truststore + - name: {{ include "common.fullname" . }}-fproxy-auth-certs + mountPath: /opt/app/fproxy/config/auth/tomcat_keystore + subPath: tomcat_keystore + - name: {{ include "common.fullname" . }}-fproxy-auth-certs + mountPath: /opt/app/fproxy/config/auth/client-cert.p12 + subPath: client-cert.p12 + ports: + - containerPort: {{ .Values.global.fproxy.port }} + {{ end }} + volumes: - name: localtime hostPath: @@ -139,6 +225,35 @@ spec: - name: {{ include "common.fullname" . }}-service-log-conf configMap: name: {{ include "common.fullname" . }}-service-log + {{ if .Values.global.installSidecarSecurity }} + - name: {{ include "common.fullname" . }}-rproxy-config + configMap: + name: {{ include "common.fullname" . }}-rproxy-config + - name: {{ include "common.fullname" . }}-rproxy-log-config + configMap: + name: {{ include "common.fullname" . }}-rproxy-log-config + - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + configMap: + name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + - name: {{ include "common.fullname" . }}-rproxy-auth-config + secret: + secretName: {{ include "common.fullname" . }}-rproxy-auth-config + - name: {{ include "common.fullname" . }}-rproxy-auth-certs + secret: + secretName: aai-rproxy-auth-certs + - name: {{ include "common.fullname" . }}-rproxy-security-config + secret: + secretName: aai-rproxy-security-config + - name: {{ include "common.fullname" . }}-fproxy-config + configMap: + name: {{ include "common.fullname" . }}-fproxy-config + - name: {{ include "common.fullname" . }}-fproxy-log-config + configMap: + name: {{ include "common.fullname" . }}-fproxy-log-config + - name: {{ include "common.fullname" . }}-fproxy-auth-certs + secret: + secretName: aai-fproxy-auth-certs + {{ end }} restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/charts/aai-search-data/templates/secret.yaml b/kubernetes/aai/charts/aai-search-data/templates/secret.yaml index ee32e19218..9af326c3d3 100644 --- a/kubernetes/aai/charts/aai-search-data/templates/secret.yaml +++ b/kubernetes/aai/charts/aai-search-data/templates/secret.yaml @@ -38,3 +38,16 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/auth/search_policy.json").AsSecrets . | indent 2 }} + +{{ if .Values.global.installSidecarSecurity }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-rproxy-auth-config + namespace: {{ include "common.namespace" . }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }} +{{ end }} + diff --git a/kubernetes/aai/charts/aai-search-data/templates/service.yaml b/kubernetes/aai/charts/aai-search-data/templates/service.yaml index a49553e65b..73a4d62d02 100644 --- a/kubernetes/aai/charts/aai-search-data/templates/service.yaml +++ b/kubernetes/aai/charts/aai-search-data/templates/service.yaml @@ -25,6 +25,19 @@ metadata: spec: type: {{ .Values.service.type }} ports: + {{ if .Values.global.installSidecarSecurity }} + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + targetPort: {{ .Values.global.rproxy.port }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.global.rproxy.port }} + name: {{ .Values.service.portName }} + {{- end}} + {{ else }} + {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} @@ -33,6 +46,7 @@ spec: - port: {{ .Values.service.internalPort }} name: {{ .Values.service.portName }} {{- end}} +{{ end }} selector: app: {{ include "common.name" . }} release: {{ .Release.Name }} diff --git a/kubernetes/aai/charts/aai-search-data/values.yaml b/kubernetes/aai/charts/aai-search-data/values.yaml index 2a999b8a0c..b7a8bbc652 100644 --- a/kubernetes/aai/charts/aai-search-data/values.yaml +++ b/kubernetes/aai/charts/aai-search-data/values.yaml @@ -23,7 +23,7 @@ global: # global defaults # application image repository: nexus3.onap.org:10001 -image: onap/search-data-service:1.3.1 +image: onap/search-data-service:1.4-STAGING-latest pullPolicy: Always restartPolicy: Always flavor: small @@ -32,7 +32,7 @@ config: elasticsearchHttpPort: 9200 keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 - + trustStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 # default number of instances replicaCount: 1 diff --git a/kubernetes/aai/charts/aai-traversal/templates/configmap.yaml b/kubernetes/aai/charts/aai-traversal/templates/configmap.yaml index 106031edbc..1a92199d49 100644 --- a/kubernetes/aai/charts/aai-traversal/templates/configmap.yaml +++ b/kubernetes/aai/charts/aai-traversal/templates/configmap.yaml @@ -15,7 +15,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }}-log + name: {{ include "common.fullname" . }}-configmap namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} @@ -24,83 +24,11 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-localhost-access-log-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: {{ tpl (.Files.Glob "resources/config/localhost-access-logback.xml").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-db-real-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: {{ tpl (.Files.Glob "resources/config/janusgraph-realtime.properties").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-db-cached-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: {{ tpl (.Files.Glob "resources/config/janusgraph-cached.properties").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-aaiconfig-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: {{ tpl (.Files.Glob "resources/config/aaiconfig.properties").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-springapp-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: {{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-realm-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: {{ tpl (.Files.Glob "resources/config/realm.properties").AsConfig . | indent 2 }} --- apiVersion: v1 diff --git a/kubernetes/aai/charts/aai-traversal/templates/deployment.yaml b/kubernetes/aai/charts/aai-traversal/templates/deployment.yaml index c783f7d977..b94389f068 100644 --- a/kubernetes/aai/charts/aai-traversal/templates/deployment.yaml +++ b/kubernetes/aai/charts/aai-traversal/templates/deployment.yaml @@ -440,7 +440,12 @@ spec: {{ if .Values.global.initContainers.enabled }} initContainers: - command: - {{ if .Values.global.jobs.createSchema.enabled }} + {{ if .Values.global.jobs.migration.enabled }} + - /root/job_complete.py + args: + - --job-name + - {{ .Release.Name }}-aai-graphadmin-migration + {{ else if .Values.global.jobs.createSchema.enabled }} - /root/job_complete.py args: - --job-name @@ -483,24 +488,24 @@ spec: name: localtime readOnly: true - mountPath: /opt/app/aai-traversal/resources/etc/appprops/janusgraph-realtime.properties - name: {{ include "common.fullname" . }}-db-real-conf + name: {{ include "common.fullname" . }}-config subPath: janusgraph-realtime.properties - mountPath: /opt/app/aai-traversal/resources/etc/appprops/janusgraph-cached.properties - name: {{ include "common.fullname" . }}-db-cached-conf + name: {{ include "common.fullname" . }}-config subPath: janusgraph-cached.properties - mountPath: /opt/app/aai-traversal/resources/etc/appprops/aaiconfig.properties - name: {{ include "common.fullname" . }}-aaiconfig-conf + name: {{ include "common.fullname" . }}-config subPath: aaiconfig.properties - mountPath: /opt/aai/logroot/AAI-GQ name: {{ include "common.fullname" . }}-logs - mountPath: /opt/app/aai-traversal/resources/logback.xml - name: {{ include "common.fullname" . }}-log-conf + name: {{ include "common.fullname" . }}-config subPath: logback.xml - mountPath: /opt/app/aai-traversal/resources/localhost-access-logback.xml - name: {{ include "common.fullname" . }}-localhost-access-log-conf + name: {{ include "common.fullname" . }}-config subPath: localhost-access-logback.xml - mountPath: /opt/app/aai-traversal/resources/etc/auth/realm.properties - name: {{ include "common.fullname" . }}-realm-conf + name: {{ include "common.fullname" . }}-config subPath: realm.properties - mountPath: /opt/app/aai-traversal/resources/aaf/org.onap.aai.keyfile name: {{ include "common.fullname" . }}-aaf-certs @@ -527,7 +532,7 @@ spec: name: aai-common-aai-auth-mount subPath: truststoreONAPall.jks - mountPath: /opt/app/aai-traversal/resources/application.properties - name: {{ include "common.fullname" . }}-springapp-conf + name: {{ include "common.fullname" . }}-config subPath: application.properties {{ $global := . }} {{ range $job := .Values.global.config.auth.files }} @@ -588,21 +593,9 @@ spec: emptyDir: {} - name: {{ include "common.fullname" . }}-filebeat emptyDir: {} - - name: {{ include "common.fullname" . }}-log-conf - configMap: - name: {{ include "common.fullname" . }}-log - - name: {{ include "common.fullname" . }}-localhost-access-log-conf - configMap: - name: {{ include "common.fullname" . }}-localhost-access-log-configmap - - name: {{ include "common.fullname" . }}-db-real-conf + - name: {{ include "common.fullname" . }}-config configMap: - name: {{ include "common.fullname" . }}-db-real-configmap - - name: {{ include "common.fullname" . }}-db-cached-conf - configMap: - name: {{ include "common.fullname" . }}-db-cached-configmap - - name: {{ include "common.fullname" . }}-aaiconfig-conf - configMap: - name: {{ include "common.fullname" . }}-aaiconfig-configmap + name: {{ include "common.fullname" . }}-configmap - name: {{ include "common.fullname" . }}-aaf-properties configMap: name: {{ include "common.fullname" . }}-aaf-props @@ -612,12 +605,6 @@ spec: - name: aai-common-aai-auth-mount secret: secretName: aai-common-aai-auth - - name: {{ include "common.fullname" . }}-springapp-conf - configMap: - name: {{ include "common.fullname" . }}-springapp-configmap - - name: {{ include "common.fullname" . }}-realm-conf - configMap: - name: {{ include "common.fullname" . }}-realm-configmap - name: {{ include "common.fullname" . }}-auth-truststore-sec secret: secretName: aai-common-truststore diff --git a/kubernetes/aai/charts/aai-traversal/templates/job.yaml b/kubernetes/aai/charts/aai-traversal/templates/job.yaml index a746f54470..31db068ae8 100644 --- a/kubernetes/aai/charts/aai-traversal/templates/job.yaml +++ b/kubernetes/aai/charts/aai-traversal/templates/job.yaml @@ -25,6 +25,12 @@ metadata: chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} +{{ if .Values.global.jobs.migration.enabled }} + annotations: + "helm.sh/hook": post-upgrade,post-rollback,post-install + "helm.sh/hook-weight": "2" + "helm.sh/hook-delete-policy": before-hook-creation +{{ end }} spec: template: metadata: @@ -74,24 +80,24 @@ spec: name: localtime readOnly: true - mountPath: /opt/app/aai-traversal/resources/etc/appprops/janusgraph-realtime.properties - name: {{ include "common.fullname" . }}-db-real-conf + name: {{ include "common.fullname" . }}-config subPath: janusgraph-realtime.properties - mountPath: /opt/app/aai-traversal/resources/etc/appprops/janusgraph-cached.properties - name: {{ include "common.fullname" . }}-db-cached-conf + name: {{ include "common.fullname" . }}-config subPath: janusgraph-cached.properties - mountPath: /opt/app/aai-traversal/resources/etc/appprops/aaiconfig.properties - name: {{ include "common.fullname" . }}-aaiconfig-conf + name: {{ include "common.fullname" . }}-config subPath: aaiconfig.properties - mountPath: /opt/aai/logroot/AAI-GQ/ name: {{ include "common.fullname" . }}-logs - mountPath: /opt/app/aai-traversal/resources/logback.xml - name: {{ include "common.fullname" . }}-log-conf + name: {{ include "common.fullname" . }}-config subPath: logback.xml - mountPath: /opt/app/aai-traversal/resources/localhost-access-logback.xml - name: {{ include "common.fullname" . }}-localhost-access-log-conf + name: {{ include "common.fullname" . }}-config subPath: localhost-access-logback.xml - mountPath: /opt/app/aai-traversal/resources/application.properties - name: {{ include "common.fullname" . }}-springapp-conf + name: {{ include "common.fullname" . }}-config subPath: application.properties {{ $global := . }} {{ range $job := .Values.global.config.auth.files }} @@ -113,27 +119,9 @@ spec: path: {{ .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}-update-query - name: {{ include "common.fullname" . }}-filebeat emptyDir: {} - - name: {{ include "common.fullname" . }}-log-conf - configMap: - name: {{ include "common.fullname" . }}-log - - name: {{ include "common.fullname" . }}-localhost-access-log-conf - configMap: - name: {{ include "common.fullname" . }}-localhost-access-log-configmap - - name: {{ include "common.fullname" . }}-db-real-conf - configMap: - name: {{ include "common.fullname" . }}-db-real-configmap - - name: {{ include "common.fullname" . }}-db-cached-conf - configMap: - name: {{ include "common.fullname" . }}-db-cached-configmap - - name: {{ include "common.fullname" . }}-aaiconfig-conf - configMap: - name: {{ include "common.fullname" . }}-aaiconfig-configmap - - name: {{ include "common.fullname" . }}-springapp-conf - configMap: - name: {{ include "common.fullname" . }}-springapp-configmap - - name: {{ include "common.fullname" . }}-realm-conf + - name: {{ include "common.fullname" . }}-config configMap: - name: {{ include "common.fullname" . }}-realm-configmap + name: {{ include "common.fullname" . }}-configmap - name: {{ include "common.fullname" . }}-auth-truststore-sec secret: secretName: aai-common-truststore |