diff options
Diffstat (limited to 'kubernetes/aai/components/aai-traversal')
8 files changed, 77 insertions, 122 deletions
diff --git a/kubernetes/aai/components/aai-traversal/Chart.yaml b/kubernetes/aai/components/aai-traversal/Chart.yaml index e9545b703f..f4e458f0fb 100644 --- a/kubernetes/aai/components/aai-traversal/Chart.yaml +++ b/kubernetes/aai/components/aai-traversal/Chart.yaml @@ -17,7 +17,7 @@ apiVersion: v2 description: ONAP AAI traversal name: aai-traversal -version: 15.0.0 +version: 15.0.1 dependencies: - name: common @@ -29,3 +29,6 @@ dependencies: - name: serviceAccount version: ~13.x-0 repository: '@local' + - name: readinessCheck + version: ~13.x-0 + repository: '@local' diff --git a/kubernetes/aai/components/aai-traversal/templates/aai-trav-kafka-user.yml b/kubernetes/aai/components/aai-traversal/templates/aai-trav-kafka-user.yml index 7c6a252315..966e5663f2 100644 --- a/kubernetes/aai/components/aai-traversal/templates/aai-trav-kafka-user.yml +++ b/kubernetes/aai/components/aai-traversal/templates/aai-trav-kafka-user.yml @@ -17,7 +17,7 @@ apiVersion: kafka.strimzi.io/v1beta2 kind: KafkaUser metadata: name: {{ include "common.release" . }}-{{ .Values.global.aaiTravKafkaUser }} - labels: + labels: {{- include "common.labels" . | nindent 4 }} strimzi.io/cluster: {{ include "common.release" . }}-strimzi spec: authentication: diff --git a/kubernetes/aai/components/aai-traversal/templates/autoscaling.yaml b/kubernetes/aai/components/aai-traversal/templates/autoscaling.yaml index 76d2611f16..a14a9b5bda 100644 --- a/kubernetes/aai/components/aai-traversal/templates/autoscaling.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/autoscaling.yaml @@ -1,14 +1,7 @@ {{- if .Values.autoscaling.enabled }} apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: scaleTargetRef: apiVersion: apps/v1 diff --git a/kubernetes/aai/components/aai-traversal/templates/configmap.yaml b/kubernetes/aai/components/aai-traversal/templates/configmap.yaml index 905c21f4b3..e9415df278 100644 --- a/kubernetes/aai/components/aai-traversal/templates/configmap.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/configmap.yaml @@ -18,14 +18,7 @@ apiVersion: v1 kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} data: {{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/localhost-access-logback.xml").AsConfig . | indent 2 }} diff --git a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml index 6d97b0e7e8..d12fc6b702 100644 --- a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml @@ -20,20 +20,7 @@ apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - app.kubernetes.io/name: {{ include "common.name" . }} - {{- if .Chart.AppVersion }} - version: "{{ .Chart.AppVersion | replace "+" "_" }}" - {{- else }} - version: "{{ .Chart.Version | replace "+" "_" }}" - {{- end }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: {{- if or .Values.config.debug.enabled .Values.config.profiling.enabled }} replicas: 1 @@ -53,19 +40,7 @@ spec: matchLabels: app: {{ include "common.name" . }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - app.kubernetes.io/name: {{ include "common.name" . }} - {{- if .Chart.AppVersion }} - version: "{{ .Chart.AppVersion | replace "+" "_" }}" - {{- else }} - version: "{{ .Chart.Version | replace "+" "_" }}" - {{- end }} - name: {{ include "common.name" . }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} {{- if .Values.global.msbEnabled }} {{ $values := .Values }} msb.onap.org/service-info: '[ @@ -119,43 +94,19 @@ spec: hostname: aai-traversal terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }} initContainers: - - command: - - /app/ready.py - args: {{- if .Values.global.jobs.migration.enabled }} - - --job-name - - {{ include "common.release" . }}-aai-graphadmin-migration - {{- else }} - {{- if .Values.global.jobs.createSchema.enabled }} - - --job-name - - {{ include "common.release" . }}-aai-graphadmin-create-db-schema - {{- else }} - - --service-name - - {{ .Values.global.cassandra.serviceName }} - - --service-name - - aai-schema-service - {{- end }} + {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_migration) | nindent 8 }} + {{- else if .Values.global.jobs.createSchema.enabled }} + {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_createSchema) | nindent 8 }} + {{- else }} + {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_cassandra) | nindent 8 }} {{- end }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" + {{ include "common.podSecurityContext" . | indent 6 | trim }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} env: {{- if .Values.config.env }} {{- range $key,$value := .Values.config.env }} @@ -219,6 +170,8 @@ spec: - mountPath: /opt/app/aai-traversal/resources/application-keycloak.properties name: {{ include "common.fullname" . }}-config subPath: application-keycloak.properties + - mountPath: /tmp + name: tmp ports: - containerPort: {{ .Values.service.traversalPort }} name: {{ .Values.service.traversalPortName }} @@ -277,9 +230,14 @@ spec: serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: logs - emptyDir: {} + emptyDir: + sizeLimit: {{ .Values.volumes.logSizeLimit }} + - name: tmp + emptyDir: + sizeLimit: {{ .Values.volumes.tmpSizeLimit }} - name: {{ include "common.fullname" . }}-logs-misc - emptyDir: {} + emptyDir: + sizeLimit: {{ .Values.volumes.logmiscSizeLimit }} {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: {{ include "common.fullname" . }}-config configMap: diff --git a/kubernetes/aai/components/aai-traversal/templates/job.yaml b/kubernetes/aai/components/aai-traversal/templates/job.yaml index db90f824ef..3ea973fb99 100644 --- a/kubernetes/aai/components/aai-traversal/templates/job.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/job.yaml @@ -24,11 +24,7 @@ kind: Job metadata: name: {{ include "common.fullname" . }}-update-query-data namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} + labels: {{- include "common.labels" . | nindent 4 }} {{ if .Values.global.jobs.migration.enabled }} annotations: "helm.sh/hook": post-upgrade,post-rollback,post-install @@ -38,33 +34,12 @@ metadata: spec: template: metadata: - labels: - app: {{ include "common.name" . }}-job - release: {{ include "common.release" . }} + labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "job") | nindent 8 }} name: {{ include "common.name" . }} spec: + {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: - - name: {{ include "common.name" . }}-readiness - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /app/ready.py - args: - - --service-name - - aai - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - resources: - limits: - cpu: "100m" - memory: "500Mi" - requests: - cpu: "3m" - memory: "20Mi" + {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_service) | nindent 6 }} - name: {{ include "common.name" . }}-wait-for-aai-haproxy image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -85,6 +60,16 @@ spec: requests: cpu: "3m" memory: "20Mi" + securityContext: + runAsUser: 100 + runAsGroup: 65533 + readOnlyRootFilesystem: true + privileged: false + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + - CAP_NET_RAW containers: - name: {{ include "common.name" . }}-job image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} @@ -101,6 +86,7 @@ spec: sh -x /opt/app/aai-traversal/bin/install/updateQueryData.sh ; {{ include "common.serviceMesh.killSidecar" . | indent 11 | trim }} + {{ include "common.containerSecurityContext" . | indent 8 | trim }} resources: {{ include "common.resources" . | nindent 10 }} volumeMounts: - mountPath: /opt/app/aai-traversal/resources/etc/appprops/janusgraph-realtime.properties @@ -127,9 +113,11 @@ spec: serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: {{ include "common.fullname" . }}-logs - emptyDir: {} + emptyDir: + sizeLimit: {{ .Values.volumes.logSizeLimit }} - name: {{ include "common.fullname" . }}-logs-misc - emptyDir: {} + emptyDir: + sizeLimit: {{ .Values.volumes.logmiscSizeLimit }} {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: {{ include "common.fullname" . }}-config configMap: diff --git a/kubernetes/aai/components/aai-traversal/templates/service.yaml b/kubernetes/aai/components/aai-traversal/templates/service.yaml index 49ed56306a..60e8efc2ad 100644 --- a/kubernetes/aai/components/aai-traversal/templates/service.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/service.yaml @@ -19,12 +19,7 @@ kind: Service metadata: name: {{ include "common.servicename" . }} namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - app.kubernetes.io/name: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} + labels: {{- include "common.labels" . | nindent 4 }} spec: type: {{ .Values.service.type }} ports: @@ -54,8 +49,6 @@ spec: name: {{ .Values.service.metricsPortName }} targetPort: {{ .Values.service.metricsPortName }} {{- end }} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + selector: {{- include "common.matchLabels" . | nindent 4 }} clusterIP: None sessionAffinity: {{ .Values.service.sessionAffinity }} diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml index e19ea65b9c..fd8206865e 100644 --- a/kubernetes/aai/components/aai-traversal/values.yaml +++ b/kubernetes/aai/components/aai-traversal/values.yaml @@ -111,7 +111,7 @@ global: # global defaults someConfig: random # application image -image: onap/aai-traversal:1.15.1 +image: onap/aai-traversal:1.15.2 pullPolicy: Always restartPolicy: Always flavor: small @@ -353,6 +353,9 @@ endpoints: info: enabled: true +podAnnotations: + checksum/config: '{{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}' + metrics: serviceMonitor: enabled: true @@ -383,9 +386,9 @@ metrics: ## selector: app: '{{ include "common.name" . }}' - chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' - release: '{{ include "common.release" . }}' - heritage: '{{ .Release.Service }}' + helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' + app.kubernetes.io/instance: '{{ include "common.release" . }}' + app.kubernetes.io/managed-by: '{{ .Release.Service }}' ## RelabelConfigs to apply to samples before scraping ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig @@ -418,6 +421,30 @@ log: root: INFO base: INFO # base package (org.onap.aai) logConfigMapNamePrefix: '{{ include "common.fullname" . }}' + +volumes: + logSizeLimit: 50Mi + logmiscSizeLimit: 50Mi + tmpSizeLimit: 100Mi + +securityContext: + user_id: 1000 + group_id: 1000 + +readinessCheck: + wait_for_migration: + jobs: + - '{{ include "common.release" . }}-aai-graphadmin-migration' + wait_for_createSchema: + jobs: + - '{{ include "common.release" . }}-aai-graphadmin-create-db-schema' + wait_for_cassandra: + services: + - '{{ .Values.global.cassandra.serviceName }}' + - aai-schema-service + wait_for_service: + services: + - aai ################################################################# # Secrets metaconfig ################################################################# |