summaryrefslogtreecommitdiffstats
path: root/kubernetes/aai/components/aai-graphadmin
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/aai/components/aai-graphadmin')
-rw-r--r--kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties10
-rw-r--r--kubernetes/aai/components/aai-graphadmin/resources/config/application.properties22
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml25
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml6
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml8
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml10
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/service.yaml5
-rw-r--r--kubernetes/aai/components/aai-graphadmin/values.yaml18
8 files changed, 82 insertions, 22 deletions
diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties
index e62ba07bfd..512e906b00 100644
--- a/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties
+++ b/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties
@@ -24,20 +24,28 @@ aai.config.checktime=1000
# this could come from siteconfig.pl?
aai.config.nodename=AutomaticallyOverwritten
+{{ if ( include "common.needTLS" .) }}
aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/
aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/
aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/
+{{ else }}
+aai.server.url.base=http://aai.{{ include "common.namespace" . }}/aai/
+aai.server.url=http://aai.{{ include "common.namespace" . }}/aai/{{ .Values.global.config.schema.version.api.default }}/
+aai.global.callback.url=http://aai.{{ include "common.namespace" . }}/aai/
+{{ end }}
-{{ if .Values.global.config.basic.auth.enabled }}
+{{ if or (.Values.global.config.basic.auth.enabled) ( include "common.onServiceMesh" .) }}
aai.tools.enableBasicAuth=true
aai.tools.username={{ .Values.global.config.basic.auth.username }}
aai.tools.password={{ .Values.global.config.basic.auth.passwd }}
{{ end }}
+{{ if ( include "common.needTLS" .) }}
aai.truststore.filename={{ .Values.global.config.truststore.filename }}
aai.truststore.passwd.x={{ .Values.global.config.truststore.passwd }}
aai.keystore.filename={{ .Values.global.config.keystore.filename }}
aai.keystore.passwd.x={{ .Values.global.config.keystore.passwd }}
+{{ end }}
aai.notification.current.version={{ .Values.global.config.schema.version.api.default }}
aai.notificationEvent.default.status=UNPROCESSED
diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties
index 8cefebc825..367e9038cd 100644
--- a/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties
+++ b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties
@@ -33,7 +33,7 @@ server.servlet.context-path=/
spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
-spring.profiles.active={{ .Values.config.profiles.active }}
+spring.profiles.active={{ .Values.config.profiles.active }}{{ (eq "true" (include "common.needTLS" .)) | ternary ",one-way-ssl" "" }}
spring.jersey.application-path=${schema.uri.base.path}
#The max number of active threads in this pool
server.tomcat.max-threads=200
@@ -48,6 +48,7 @@ server.local.startpath=aai-graphadmin/src/main/resources/
server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties
server.port=8449
+{{ if ( include "common.needTLS" .) }}
server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
server.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }}
server.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
@@ -55,11 +56,15 @@ server.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.conf
server.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})
server.ssl.client-auth=want
server.ssl.key-store-type=JKS
+{{ else }}
+security.require-ssl=false
+server.ssl.enabled=false
+{{ end }}
# JMS bind address host port
jms.bind.address=tcp://localhost:61649
-dmaap.ribbon.listOfServers=message-router.{{.Release.Namespace}}:3905
-dmaap.ribbon.transportType=https
+dmaap.ribbon.listOfServers=message-router.{{.Release.Namespace}}:{{ (eq "true" (include "common.needTLS" .)) | ternary 3905 3904 }}
+dmaap.ribbon.transportType={{ include "common.scheme" . }}
# Schema related attributes for the oxm and edges
# Any additional schema related attributes should start with prefix schema
@@ -91,23 +96,28 @@ schema.version.edge.label.start={{ .Values.global.config.schema.version.edge.lab
schema.version.api.default={{ .Values.global.config.schema.version.api.default }}
schema.translator.list={{ .Values.global.config.schema.translator.list }}
-schema.service.base.url=https://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/
+schema.service.base.url={{ include "common.scheme" . }}://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/
schema.service.nodes.endpoint=nodes?version=
schema.service.edges.endpoint=edgerules?version=
schema.service.versions.endpoint=versions
-schema.service.client={{ .Values.global.config.schema.service.client }}
+schema.service.client={{ (eq "true" (include "common.needTLS" .)) | ternary .Values.global.config.schema.service.client "no-auth" }}
+{{ if ( include "common.needTLS" .) }}
schema.service.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }}
schema.service.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }}
schema.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
schema.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})
+{{ end }}
aperture.rdbmsname=aai_relational
-aperture.service.client={{ .Values.global.config.schema.service.client }}
+aperture.service.client={{ (eq "true" (include "common.needTLS" .)) | ternary .Values.global.config.schema.service.client "no-auth" }}
+
aperture.service.base.url=http://localhost:8457/aai/aperture
+{{ if ( include "common.needTLS" .) }}
aperture.service.ssl.key-store=${server.local.startpath}etc/auth/{{ .Values.global.config.keystore.filename }}
aperture.service.ssl.trust-store=${server.local.startpath}etc/auth/{{ .Values.global.config.truststore.filename }}
aperture.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
aperture.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})
+{{ end }}
aperture.service.timeout-in-milliseconds=300000
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
index 791bf61004..610290061f 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
@@ -32,6 +32,12 @@ metadata:
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
+ minReadySeconds: {{ .Values.minReadySeconds }}
+ strategy:
+ type: {{ .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ .Values.updateStrategy.maxSurge }}
selector:
matchLabels:
app: {{ include "common.name" . }}
@@ -45,6 +51,7 @@ spec:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
spec:
hostname: aai-graphadmin
+ terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }}
{{ if .Values.global.initContainers.enabled }}
initContainers:
- command:
@@ -89,6 +96,10 @@ spec:
value: {{ .Values.global.config.userId | quote }}
- name: LOCAL_GROUP_ID
value: {{ .Values.global.config.groupId | quote }}
+ - name: INTERNAL_PORT_1
+ value: {{ .Values.service.internalPort | quote }}
+ - name: INTERNAL_PORT_2
+ value: {{ .Values.service.internalPort2 | quote }}
volumeMounts:
- mountPath: /etc/localtime
name: localtime
@@ -125,6 +136,18 @@ spec:
ports:
- containerPort: {{ .Values.service.internalPort }}
- containerPort: {{ .Values.service.internalPort2 }}
+ lifecycle:
+ # wait for active requests (long-running tasks) to be finished
+ # Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod.
+ preStop:
+ exec:
+ command:
+ - sh
+ - -c
+ - |
+ while (netstat -an | grep ESTABLISHED | grep -e $INTERNAL_PORT_1 -e $INTERNAL_PORT_2)
+ do sleep 10
+ done
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{ if .Values.liveness.enabled }}
@@ -187,4 +210,4 @@ spec:
{{ end }}
restartPolicy: {{ .Values.restartPolicy }}
imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ - name: {{ include "common.namespace" . }}-docker-registry-key
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml
index 154ad30c1a..0cdce11395 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml
@@ -80,8 +80,10 @@ spec:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- /bin/bash
- - docker-entrypoint.sh
- - dataSnapshot.sh
+ - -c
+ - |
+ bash docker-entrypoint.sh dataSnapshot.sh ;
+ {{- include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
env:
- name: LOCAL_USER_ID
value: {{ .Values.global.config.userId | quote }}
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml
index 79144680b4..7c078e9236 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml
@@ -80,8 +80,10 @@ spec:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- /bin/bash
- - docker-entrypoint.sh
- - createDBSchema.sh
+ - -c
+ - |
+ bash docker-entrypoint.sh createDBSchema.sh ;
+ {{- include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
env:
- name: LOCAL_USER_ID
value: {{ .Values.global.config.userId | quote }}
@@ -149,5 +151,5 @@ spec:
{{ end }}
restartPolicy: Never
imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ - name: {{ include "common.namespace" . }}-docker-registry-key
{{ end }}
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml
index 4b100dd97b..9b4be4e4c7 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml
@@ -130,7 +130,9 @@ spec:
command:
- /bin/bash
- -c
- - bash docker-entrypoint.sh run_Migrations.sh -e UpdateAaiUriIndexMigration --commit --skipPreMigrationSnapShot --runDisabled RebuildAllEdges
+ - |
+ bash docker-entrypoint.sh run_Migrations.sh -e UpdateAaiUriIndexMigration --commit --skipPreMigrationSnapShot --runDisabled RebuildAllEdges ;
+ {{- include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
env:
- name: LOCAL_USER_ID
value: {{ .Values.global.config.userId | quote }}
@@ -248,8 +250,10 @@ spec:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- /bin/bash
- - docker-entrypoint.sh
- - dataSnapshot.sh
+ - -c
+ - |
+ bash docker-entrypoint.sh dataSnapshot.sh ;
+ {{- include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
env:
- name: LOCAL_USER_ID
value: {{ .Values.global.config.userId | quote }}
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/service.yaml b/kubernetes/aai/components/aai-graphadmin/templates/service.yaml
index 2f7aaa960d..85165e2dc4 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/service.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/service.yaml
@@ -35,17 +35,16 @@ spec:
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- port: {{ .Values.service.internalPort2 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
name: {{ .Values.service.portName2 }}
{{- else -}}
- port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- port: {{ .Values.service.internalPort2 }}
name: {{ .Values.service.portName2 }}
{{- end}}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
- clusterIP: None
diff --git a/kubernetes/aai/components/aai-graphadmin/values.yaml b/kubernetes/aai/components/aai-graphadmin/values.yaml
index 03d034bf05..89c4b024d6 100644
--- a/kubernetes/aai/components/aai-graphadmin/values.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/values.yaml
@@ -61,6 +61,7 @@ global: # global defaults
# Schema specific properties that include supported versions of api
schema:
# Specifies if the connection should be one way ssl, two way ssl or no auth
+ # will be set to no-auth if tls is disabled
service:
client: one-way-ssl
# Specifies which translator to use if it has schema-service, then it will
@@ -125,13 +126,23 @@ flavor: small
flavorOverride: small
# default number of instances
replicaCount: 1
+# the minimum number of seconds that a newly created Pod should be ready
+minReadySeconds: 30
+updateStrategy:
+ type: RollingUpdate
+ # The number of pods that can be unavailable during the update process
+ maxUnavailable: 0
+ # The number of pods that can be created above the desired amount of pods during an update
+ maxSurge: 1
# Configuration for the graphadmin deployment
config:
# Specify the profiles for the graphadmin microservice
profiles:
- active: "dmaap,one-way-ssl"
+ # one way ssl profile will be set unless tlsEnabled is set to false or serviceMesh is enabled and
+ # serviceMesh.tls is set to tru
+ active: dmaap #,one-way-ssl"
# Specifies the timeout limit for the REST API requests
timeout:
@@ -200,10 +211,11 @@ readiness:
service:
type: ClusterIP
# REST API port for the graphadmin microservice
- portName: aai-graphadmin-8449
+ portName: http
internalPort: 8449
- portName2: aai-graphadmin-5005
+ portName2: tcp-5005
internalPort2: 5005
+ terminationGracePeriodSeconds: 120
ingress:
enabled: false