diff options
Diffstat (limited to 'kubernetes/aai/components/aai-graphadmin')
8 files changed, 82 insertions, 22 deletions
diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties index e62ba07bfd..512e906b00 100644 --- a/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties +++ b/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties @@ -24,20 +24,28 @@ aai.config.checktime=1000 # this could come from siteconfig.pl? aai.config.nodename=AutomaticallyOverwritten +{{ if ( include "common.needTLS" .) }} aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/ aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/ aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/ +{{ else }} +aai.server.url.base=http://aai.{{ include "common.namespace" . }}/aai/ +aai.server.url=http://aai.{{ include "common.namespace" . }}/aai/{{ .Values.global.config.schema.version.api.default }}/ +aai.global.callback.url=http://aai.{{ include "common.namespace" . }}/aai/ +{{ end }} -{{ if .Values.global.config.basic.auth.enabled }} +{{ if or (.Values.global.config.basic.auth.enabled) ( include "common.onServiceMesh" .) }} aai.tools.enableBasicAuth=true aai.tools.username={{ .Values.global.config.basic.auth.username }} aai.tools.password={{ .Values.global.config.basic.auth.passwd }} {{ end }} +{{ if ( include "common.needTLS" .) }} aai.truststore.filename={{ .Values.global.config.truststore.filename }} aai.truststore.passwd.x={{ .Values.global.config.truststore.passwd }} aai.keystore.filename={{ .Values.global.config.keystore.filename }} aai.keystore.passwd.x={{ .Values.global.config.keystore.passwd }} +{{ end }} aai.notification.current.version={{ .Values.global.config.schema.version.api.default }} aai.notificationEvent.default.status=UNPROCESSED diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties index 8cefebc825..367e9038cd 100644 --- a/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties +++ b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties @@ -33,7 +33,7 @@ server.servlet.context-path=/ spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration -spring.profiles.active={{ .Values.config.profiles.active }} +spring.profiles.active={{ .Values.config.profiles.active }}{{ (eq "true" (include "common.needTLS" .)) | ternary ",one-way-ssl" "" }} spring.jersey.application-path=${schema.uri.base.path} #The max number of active threads in this pool server.tomcat.max-threads=200 @@ -48,6 +48,7 @@ server.local.startpath=aai-graphadmin/src/main/resources/ server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties server.port=8449 +{{ if ( include "common.needTLS" .) }} server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 server.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }} server.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) @@ -55,11 +56,15 @@ server.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.conf server.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) server.ssl.client-auth=want server.ssl.key-store-type=JKS +{{ else }} +security.require-ssl=false +server.ssl.enabled=false +{{ end }} # JMS bind address host port jms.bind.address=tcp://localhost:61649 -dmaap.ribbon.listOfServers=message-router.{{.Release.Namespace}}:3905 -dmaap.ribbon.transportType=https +dmaap.ribbon.listOfServers=message-router.{{.Release.Namespace}}:{{ (eq "true" (include "common.needTLS" .)) | ternary 3905 3904 }} +dmaap.ribbon.transportType={{ include "common.scheme" . }} # Schema related attributes for the oxm and edges # Any additional schema related attributes should start with prefix schema @@ -91,23 +96,28 @@ schema.version.edge.label.start={{ .Values.global.config.schema.version.edge.lab schema.version.api.default={{ .Values.global.config.schema.version.api.default }} schema.translator.list={{ .Values.global.config.schema.translator.list }} -schema.service.base.url=https://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/ +schema.service.base.url={{ include "common.scheme" . }}://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/ schema.service.nodes.endpoint=nodes?version= schema.service.edges.endpoint=edgerules?version= schema.service.versions.endpoint=versions -schema.service.client={{ .Values.global.config.schema.service.client }} +schema.service.client={{ (eq "true" (include "common.needTLS" .)) | ternary .Values.global.config.schema.service.client "no-auth" }} +{{ if ( include "common.needTLS" .) }} schema.service.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }} schema.service.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }} schema.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) schema.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) +{{ end }} aperture.rdbmsname=aai_relational -aperture.service.client={{ .Values.global.config.schema.service.client }} +aperture.service.client={{ (eq "true" (include "common.needTLS" .)) | ternary .Values.global.config.schema.service.client "no-auth" }} + aperture.service.base.url=http://localhost:8457/aai/aperture +{{ if ( include "common.needTLS" .) }} aperture.service.ssl.key-store=${server.local.startpath}etc/auth/{{ .Values.global.config.keystore.filename }} aperture.service.ssl.trust-store=${server.local.startpath}etc/auth/{{ .Values.global.config.truststore.filename }} aperture.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) aperture.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) +{{ end }} aperture.service.timeout-in-milliseconds=300000 diff --git a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml index 791bf61004..610290061f 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml @@ -32,6 +32,12 @@ metadata: heritage: {{ .Release.Service }} spec: replicas: {{ .Values.replicaCount }} + minReadySeconds: {{ .Values.minReadySeconds }} + strategy: + type: {{ .Values.updateStrategy.type }} + rollingUpdate: + maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ .Values.updateStrategy.maxSurge }} selector: matchLabels: app: {{ include "common.name" . }} @@ -45,6 +51,7 @@ spec: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} spec: hostname: aai-graphadmin + terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }} {{ if .Values.global.initContainers.enabled }} initContainers: - command: @@ -89,6 +96,10 @@ spec: value: {{ .Values.global.config.userId | quote }} - name: LOCAL_GROUP_ID value: {{ .Values.global.config.groupId | quote }} + - name: INTERNAL_PORT_1 + value: {{ .Values.service.internalPort | quote }} + - name: INTERNAL_PORT_2 + value: {{ .Values.service.internalPort2 | quote }} volumeMounts: - mountPath: /etc/localtime name: localtime @@ -125,6 +136,18 @@ spec: ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.internalPort2 }} + lifecycle: + # wait for active requests (long-running tasks) to be finished + # Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod. + preStop: + exec: + command: + - sh + - -c + - | + while (netstat -an | grep ESTABLISHED | grep -e $INTERNAL_PORT_1 -e $INTERNAL_PORT_2) + do sleep 10 + done # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{ if .Values.liveness.enabled }} @@ -187,4 +210,4 @@ spec: {{ end }} restartPolicy: {{ .Values.restartPolicy }} imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" + - name: {{ include "common.namespace" . }}-docker-registry-key diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml index 154ad30c1a..0cdce11395 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml @@ -80,8 +80,10 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /bin/bash - - docker-entrypoint.sh - - dataSnapshot.sh + - -c + - | + bash docker-entrypoint.sh dataSnapshot.sh ; + {{- include "common.serviceMesh.killSidecar" . | indent 11 | trim }} env: - name: LOCAL_USER_ID value: {{ .Values.global.config.userId | quote }} diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml index 79144680b4..7c078e9236 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml @@ -80,8 +80,10 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /bin/bash - - docker-entrypoint.sh - - createDBSchema.sh + - -c + - | + bash docker-entrypoint.sh createDBSchema.sh ; + {{- include "common.serviceMesh.killSidecar" . | indent 11 | trim }} env: - name: LOCAL_USER_ID value: {{ .Values.global.config.userId | quote }} @@ -149,5 +151,5 @@ spec: {{ end }} restartPolicy: Never imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" + - name: {{ include "common.namespace" . }}-docker-registry-key {{ end }} diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml index 4b100dd97b..9b4be4e4c7 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml @@ -130,7 +130,9 @@ spec: command: - /bin/bash - -c - - bash docker-entrypoint.sh run_Migrations.sh -e UpdateAaiUriIndexMigration --commit --skipPreMigrationSnapShot --runDisabled RebuildAllEdges + - | + bash docker-entrypoint.sh run_Migrations.sh -e UpdateAaiUriIndexMigration --commit --skipPreMigrationSnapShot --runDisabled RebuildAllEdges ; + {{- include "common.serviceMesh.killSidecar" . | indent 11 | trim }} env: - name: LOCAL_USER_ID value: {{ .Values.global.config.userId | quote }} @@ -248,8 +250,10 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /bin/bash - - docker-entrypoint.sh - - dataSnapshot.sh + - -c + - | + bash docker-entrypoint.sh dataSnapshot.sh ; + {{- include "common.serviceMesh.killSidecar" . | indent 11 | trim }} env: - name: LOCAL_USER_ID value: {{ .Values.global.config.userId | quote }} diff --git a/kubernetes/aai/components/aai-graphadmin/templates/service.yaml b/kubernetes/aai/components/aai-graphadmin/templates/service.yaml index 2f7aaa960d..85165e2dc4 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/service.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/service.yaml @@ -35,17 +35,16 @@ spec: {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} - port: {{ .Values.service.internalPort2 }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} name: {{ .Values.service.portName2 }} {{- else -}} - port: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} - port: {{ .Values.service.internalPort2 }} name: {{ .Values.service.portName2 }} {{- end}} selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} - clusterIP: None diff --git a/kubernetes/aai/components/aai-graphadmin/values.yaml b/kubernetes/aai/components/aai-graphadmin/values.yaml index 03d034bf05..89c4b024d6 100644 --- a/kubernetes/aai/components/aai-graphadmin/values.yaml +++ b/kubernetes/aai/components/aai-graphadmin/values.yaml @@ -61,6 +61,7 @@ global: # global defaults # Schema specific properties that include supported versions of api schema: # Specifies if the connection should be one way ssl, two way ssl or no auth + # will be set to no-auth if tls is disabled service: client: one-way-ssl # Specifies which translator to use if it has schema-service, then it will @@ -125,13 +126,23 @@ flavor: small flavorOverride: small # default number of instances replicaCount: 1 +# the minimum number of seconds that a newly created Pod should be ready +minReadySeconds: 30 +updateStrategy: + type: RollingUpdate + # The number of pods that can be unavailable during the update process + maxUnavailable: 0 + # The number of pods that can be created above the desired amount of pods during an update + maxSurge: 1 # Configuration for the graphadmin deployment config: # Specify the profiles for the graphadmin microservice profiles: - active: "dmaap,one-way-ssl" + # one way ssl profile will be set unless tlsEnabled is set to false or serviceMesh is enabled and + # serviceMesh.tls is set to tru + active: dmaap #,one-way-ssl" # Specifies the timeout limit for the REST API requests timeout: @@ -200,10 +211,11 @@ readiness: service: type: ClusterIP # REST API port for the graphadmin microservice - portName: aai-graphadmin-8449 + portName: http internalPort: 8449 - portName2: aai-graphadmin-5005 + portName2: tcp-5005 internalPort2: 5005 + terminationGracePeriodSeconds: 120 ingress: enabled: false |