summaryrefslogtreecommitdiffstats
path: root/kubernetes/aai
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/aai')
-rw-r--r--kubernetes/aai/components/aai-babel/templates/deployment.yaml7
-rw-r--r--kubernetes/aai/components/aai-babel/values.yaml5
-rw-r--r--kubernetes/aai/components/aai-graphadmin/resources/config/application.properties5
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml3
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/service.yaml5
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/servicemonitor.yaml3
-rw-r--r--kubernetes/aai/components/aai-graphadmin/values.yaml22
-rw-r--r--kubernetes/aai/components/aai-modelloader/templates/deployment.yaml7
-rw-r--r--kubernetes/aai/components/aai-modelloader/values.yaml5
-rw-r--r--kubernetes/aai/components/aai-resources/resources/config/application.properties14
-rw-r--r--kubernetes/aai/components/aai-resources/templates/deployment.yaml3
-rw-r--r--kubernetes/aai/components/aai-resources/templates/service.yaml7
-rw-r--r--kubernetes/aai/components/aai-resources/templates/servicemonitor.yaml3
-rw-r--r--kubernetes/aai/components/aai-resources/values.yaml55
-rw-r--r--kubernetes/aai/components/aai-schema-service/templates/deployment.yaml7
-rw-r--r--kubernetes/aai/components/aai-schema-service/values.yaml5
-rw-r--r--kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml7
-rw-r--r--kubernetes/aai/components/aai-sparky-be/values.yaml5
-rw-r--r--kubernetes/aai/components/aai-traversal/resources/config/application.properties16
-rw-r--r--kubernetes/aai/components/aai-traversal/templates/deployment.yaml3
-rw-r--r--kubernetes/aai/components/aai-traversal/templates/service.yaml7
-rw-r--r--kubernetes/aai/components/aai-traversal/templates/servicemonitor.yaml3
-rw-r--r--kubernetes/aai/components/aai-traversal/values.yaml61
-rw-r--r--kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg33
-rw-r--r--kubernetes/aai/resources/config/haproxy/haproxy.cfg35
-rw-r--r--kubernetes/aai/templates/deployment.yaml16
-rw-r--r--kubernetes/aai/templates/service.yaml23
-rw-r--r--kubernetes/aai/templates/servicemonitor.yaml3
-rw-r--r--kubernetes/aai/values.yaml40
29 files changed, 386 insertions, 22 deletions
diff --git a/kubernetes/aai/components/aai-babel/templates/deployment.yaml b/kubernetes/aai/components/aai-babel/templates/deployment.yaml
index 38a4e484c3..e52ac7a6d1 100644
--- a/kubernetes/aai/components/aai-babel/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-babel/templates/deployment.yaml
@@ -31,6 +31,13 @@ spec:
matchLabels:
app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
+ strategy:
+ type: {{ .Values.updateStrategy.type }}
+ {{- if (eq "RollingUpdate" .Values.updateStrategy.type) }}
+ rollingUpdate:
+ maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ .Values.updateStrategy.maxSurge }}
+ {{- end }}
template:
metadata:
labels:
diff --git a/kubernetes/aai/components/aai-babel/values.yaml b/kubernetes/aai/components/aai-babel/values.yaml
index 3cfc8189df..ca23bc96c1 100644
--- a/kubernetes/aai/components/aai-babel/values.yaml
+++ b/kubernetes/aai/components/aai-babel/values.yaml
@@ -67,6 +67,11 @@ flavorOverride: small
# default number of instances
replicaCount: 1
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 0
+ maxSurge: 1
+
nodeSelector: {}
affinity: {}
diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties
index 27606021ef..6e64fd8400 100644
--- a/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties
+++ b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties
@@ -122,3 +122,8 @@ aperture.service.ssl.key-store-password=password(${KEYSTORE_JKS_PASSWORD})
aperture.service.ssl.trust-store-password=password(${TRUSTSTORE_PASSWORD})
{{ end }}
aperture.service.timeout-in-milliseconds=300000
+
+#To Expose the Prometheus scraping endpoint
+management.port=8448
+endpoints.enabled=false
+management.security.enabled=false \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
index 5241c6edf2..3e1479e335 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
@@ -143,6 +143,8 @@ spec:
value: {{ .Values.service.internalPort | quote }}
- name: INTERNAL_PORT_2
value: {{ .Values.service.internalPort2 | quote }}
+ - name: INTERNAL_PORT_3
+ value: {{ .Values.service.internalPort3 | quote }}
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- mountPath: /etc/localtime
name: localtime
@@ -173,6 +175,7 @@ spec:
ports:
- containerPort: {{ .Values.service.internalPort }}
- containerPort: {{ .Values.service.internalPort2 }}
+ - containerPort: {{ .Values.service.internalPort3 }}
lifecycle:
# wait for active requests (long-running tasks) to be finished
# Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod.
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/service.yaml b/kubernetes/aai/components/aai-graphadmin/templates/service.yaml
index cf4655361d..6350f858f1 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/service.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/service.yaml
@@ -40,11 +40,16 @@ spec:
- port: {{ .Values.service.internalPort2 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
name: {{ .Values.service.portName2 }}
+ - port: {{ .Values.service.internalPort3 }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }}
+ name: {{ .Values.service.portName3 }}
{{- else -}}
- port: {{ .Values.service.internalPort }}
name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- port: {{ .Values.service.internalPort2 }}
name: {{ .Values.service.portName2 }}
+ - port: {{ .Values.service.internalPort3 }}
+ name: {{ .Values.service.portName3 }}
{{- end}}
selector:
app: {{ include "common.name" . }}
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/servicemonitor.yaml b/kubernetes/aai/components/aai-graphadmin/templates/servicemonitor.yaml
new file mode 100644
index 0000000000..c0d9f212b4
--- /dev/null
+++ b/kubernetes/aai/components/aai-graphadmin/templates/servicemonitor.yaml
@@ -0,0 +1,3 @@
+{{- if .Values.metrics.serviceMonitor.enabled }}
+{{ include "common.serviceMonitor" . }}
+{{- end }} \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-graphadmin/values.yaml b/kubernetes/aai/components/aai-graphadmin/values.yaml
index deaf26a5ab..2ac55459bb 100644
--- a/kubernetes/aai/components/aai-graphadmin/values.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/values.yaml
@@ -96,7 +96,7 @@ global: # global defaults
# Specifies which clients should always default to realtime graph connection
realtime:
- clients: SDNC,MSO,SO,robot-ete
+ clients: SDNC,-1|MSO,-1|SO,-1|robot-ete,-1
#################################################################
# Certificate configuration
@@ -240,6 +240,8 @@ service:
internalPort: 8449
portName2: tcp-5005
internalPort2: 5005
+ portName3: aai-graphadmin-8448
+ internalPort3: 8448
terminationGracePeriodSeconds: 120
ingress:
@@ -296,6 +298,24 @@ resources:
memory: 2Gi
unlimited: {}
+metrics:
+ serviceMonitor:
+ enabled: false
+ targetPort: 8448
+ path: /prometheus
+ basicAuth:
+ enabled: false
+
+ selector:
+ app: '{{ include "common.name" . }}'
+ chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+ release: '{{ include "common.release" . }}'
+ heritage: '{{ .Release.Service }}'
+
+ relabelings: []
+
+ metricRelabelings: []
+
# Not fully used for now
securityContext:
user_id: *user_id
diff --git a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml
index 47c13af86e..8e481b9656 100644
--- a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml
@@ -28,6 +28,13 @@ metadata:
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
+ strategy:
+ type: {{ .Values.updateStrategy.type }}
+ {{- if (eq "RollingUpdate" .Values.updateStrategy.type) }}
+ rollingUpdate:
+ maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ .Values.updateStrategy.maxSurge }}
+ {{- end }}
selector:
matchLabels:
app: {{ include "common.name" . }}
diff --git a/kubernetes/aai/components/aai-modelloader/values.yaml b/kubernetes/aai/components/aai-modelloader/values.yaml
index 7857f6bc92..1188f9b645 100644
--- a/kubernetes/aai/components/aai-modelloader/values.yaml
+++ b/kubernetes/aai/components/aai-modelloader/values.yaml
@@ -67,6 +67,11 @@ config: {}
# default number of instances
replicaCount: 1
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 0
+ maxSurge: 1
+
nodeSelector: {}
affinity: {}
diff --git a/kubernetes/aai/components/aai-resources/resources/config/application.properties b/kubernetes/aai/components/aai-resources/resources/config/application.properties
index 7258b7bef8..b5b64bec4b 100644
--- a/kubernetes/aai/components/aai-resources/resources/config/application.properties
+++ b/kubernetes/aai/components/aai-resources/resources/config/application.properties
@@ -106,5 +106,17 @@ schema.service.ssl.trust-store-password=${TRUSTSTORE_PASSWORD}
{{ end }}
#to expose the Prometheus scraping endpoint
+management.port=8448
+management.endpoints.enabled-by-default=false
+management.security.enabled=false
+endpoints.enabled=false
+endpoints.info.enabled=false
+endpoints.prometheus.enabled=false
+endpoints.health.enabled=false
+management.metrics.web.server.auto-time-requests=false
management.metrics.distribution.percentiles-histogram[http.server.requests]=true
-management.metrics.distribution.sla[http.server.requests]=20ms, 30ms, 40ms, 50ms, 60ms, 70ms, 80ms, 90ms, 100ms, 500ms, 1000ms, 5000ms, 7000ms \ No newline at end of file
+management.metrics.distribution.sla[http.server.requests]=20ms, 30ms, 40ms, 50ms, 60ms, 70ms, 80ms, 90ms, 100ms, 500ms, 1000ms, 5000ms, 7000ms
+#Add common tag for grouping all aai related metrics
+management.metrics.tags.group_id=aai
+#It is not advisable to use labels to store dimensions with high cardinality. Enable this option only for debug purposes. For more information: https://github.com/micrometer-metrics/micrometer/issues/1584
+scrape.uri.metrics=false \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml
index 74c58ff2d3..33aa97179e 100644
--- a/kubernetes/aai/components/aai-resources/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml
@@ -136,6 +136,8 @@ spec:
value: {{ .Values.service.internalPort | quote }}
- name: INTERNAL_PORT_2
value: {{ .Values.service.internalPort2 | quote }}
+ - name: INTERNAL_PORT_3
+ value: {{ .Values.service.internalPort3 | quote }}
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- mountPath: /etc/localtime
name: localtime
@@ -184,6 +186,7 @@ spec:
ports:
- containerPort: {{ .Values.service.internalPort }}
- containerPort: {{ .Values.service.internalPort2 }}
+ - containerPort: {{ .Values.service.internalPort3 }}
lifecycle:
# wait for active requests (long-running tasks) to be finished
# Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod.
diff --git a/kubernetes/aai/components/aai-resources/templates/service.yaml b/kubernetes/aai/components/aai-resources/templates/service.yaml
index 46118461d1..8feb071bc6 100644
--- a/kubernetes/aai/components/aai-resources/templates/service.yaml
+++ b/kubernetes/aai/components/aai-resources/templates/service.yaml
@@ -34,12 +34,19 @@ spec:
- port: {{ .Values.service.internalPort2 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
name: {{ .Values.service.portName2 }}
+ - port: {{ .Values.service.internalPort3 }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }}
+ name: {{ .Values.service.portName3 }}
{{- else -}}
- port: {{ .Values.service.internalPort }}
name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- port: {{ .Values.service.internalPort2 }}
name: {{ .Values.service.portName2 }}
+ - port: {{ .Values.service.internalPort3 }}
+ name: {{ .Values.service.portName3 }}
{{- end }}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
+ clusterIP: None
+ sessionAffinity: {{ .Values.service.sessionAffinity }}
diff --git a/kubernetes/aai/components/aai-resources/templates/servicemonitor.yaml b/kubernetes/aai/components/aai-resources/templates/servicemonitor.yaml
new file mode 100644
index 0000000000..c0d9f212b4
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/templates/servicemonitor.yaml
@@ -0,0 +1,3 @@
+{{- if .Values.metrics.serviceMonitor.enabled }}
+{{ include "common.serviceMonitor" . }}
+{{- end }} \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml
index 2dfbfeebe5..de7bf2dd84 100644
--- a/kubernetes/aai/components/aai-resources/values.yaml
+++ b/kubernetes/aai/components/aai-resources/values.yaml
@@ -231,7 +231,10 @@ service:
internalPort: 8447
portName2: tcp-5005
internalPort2: 5005
+ portName3: aai-resources-8448
+ internalPort3: 8448
terminationGracePeriodSeconds: 120
+ sessionAffinity: None
ingress:
enabled: false
@@ -270,6 +273,58 @@ resources:
memory: 4Gi
unlimited: {}
+metrics:
+ serviceMonitor:
+ enabled: false
+ targetPort: 8448
+ path: /prometheus
+ basicAuth:
+ enabled: false
+ externalSecretName: mysecretname
+ externalSecretUserKey: login
+ externalSecretPasswordKey: password
+
+ ## Namespace in which Prometheus is running
+ ##
+ # namespace: monitoring
+
+ ## Interval at which metrics should be scraped.
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
+ ##
+ #interval: 30s
+
+ ## Timeout after which the scrape is ended
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
+ ##
+ # scrapeTimeout: 10s
+
+ ## ServiceMonitor selector labels
+ ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration
+ ##
+ selector:
+ app: '{{ include "common.name" . }}'
+ chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+ release: '{{ include "common.release" . }}'
+ heritage: '{{ .Release.Service }}'
+
+ ## RelabelConfigs to apply to samples before scraping
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
+ ## Value is evalued as a template
+ ##
+ relabelings: []
+
+ ## MetricRelabelConfigs to apply to samples before ingestion
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
+ ## Value is evalued as a template
+ ##
+ metricRelabelings: []
+ # - sourceLabels:
+ # - "__name__"
+ # targetLabel: "__name__"
+ # action: replace
+ # regex: '(.*)'
+ # replacement: 'example_prefix_$1'
+
#Pods Service Account
serviceAccount:
nameOverride: aai-resources
diff --git a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml
index cd58b959ad..8a7c43f0b9 100644
--- a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml
@@ -28,6 +28,13 @@ metadata:
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
+ strategy:
+ type: {{ .Values.updateStrategy.type }}
+ {{- if (eq "RollingUpdate" .Values.updateStrategy.type) }}
+ rollingUpdate:
+ maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ .Values.updateStrategy.maxSurge }}
+ {{- end }}
selector:
matchLabels:
app: {{ include "common.name" . }}
diff --git a/kubernetes/aai/components/aai-schema-service/values.yaml b/kubernetes/aai/components/aai-schema-service/values.yaml
index a72b1d9ec1..50e12e8e4d 100644
--- a/kubernetes/aai/components/aai-schema-service/values.yaml
+++ b/kubernetes/aai/components/aai-schema-service/values.yaml
@@ -101,6 +101,11 @@ flavorOverride: small
# default number of instances
replicaCount: 1
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 0
+ maxSurge: 1
+
nodeSelector: {}
affinity: {}
diff --git a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
index bb0b9bbdcf..31ea946d9b 100644
--- a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
@@ -28,6 +28,13 @@ metadata:
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
+ strategy:
+ type: {{ .Values.updateStrategy.type }}
+ {{- if (eq "RollingUpdate" .Values.updateStrategy.type) }}
+ rollingUpdate:
+ maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ .Values.updateStrategy.maxSurge }}
+ {{- end }}
selector:
matchLabels:
app: {{ include "common.name" . }}
diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml
index a8896e031f..29953b4b66 100644
--- a/kubernetes/aai/components/aai-sparky-be/values.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/values.yaml
@@ -95,6 +95,11 @@ nsSuffix: aai
# default number of instances
replicaCount: 1
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 0
+ maxSurge: 1
+
nodeSelector: {}
affinity: {}
diff --git a/kubernetes/aai/components/aai-traversal/resources/config/application.properties b/kubernetes/aai/components/aai-traversal/resources/config/application.properties
index 24a5241fe2..3022b17f97 100644
--- a/kubernetes/aai/components/aai-traversal/resources/config/application.properties
+++ b/kubernetes/aai/components/aai-traversal/resources/config/application.properties
@@ -106,3 +106,19 @@ schema.service.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Value
schema.service.ssl.key-store-password=${KEYSTORE_PASSWORD}
schema.service.ssl.trust-store-password=${TRUSTSTORE_PASSWORD}
{{ end }}
+
+#to expose the Prometheus scraping endpoint
+management.port=8448
+management.endpoints.enabled-by-default=false
+management.security.enabled=false
+endpoints.enabled=false
+endpoints.info.enabled=false
+endpoints.prometheus.enabled=false
+endpoints.health.enabled=false
+management.metrics.web.server.auto-time-requests=false
+management.metrics.distribution.percentiles-histogram[http.server.requests]=true
+management.metrics.distribution.sla[http.server.requests]=20ms, 30ms, 40ms, 50ms, 60ms, 70ms, 80ms, 90ms, 100ms, 500ms, 1000ms, 5000ms, 7000ms
+#Add common tag for grouping all aai related metrics
+management.metrics.tags.group_id=aai
+#It is not advisable to use labels to store dimensions with high cardinality. Enable this option only for debug purposes. For more information: https://github.com/micrometer-metrics/micrometer/issues/1584
+scrape.uri.metrics=false \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml
index b9f2a802f2..093277169a 100644
--- a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml
@@ -155,6 +155,8 @@ spec:
value: {{ .Values.service.internalPort | quote }}
- name: INTERNAL_PORT_2
value: {{ .Values.service.internalPort2 | quote }}
+ - name: INTERNAL_PORT_3
+ value: {{ .Values.service.internalPort3 | quote }}
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- mountPath: /etc/localtime
name: localtime
@@ -205,6 +207,7 @@ spec:
ports:
- containerPort: {{ .Values.service.internalPort }}
- containerPort: {{ .Values.service.internalPort2 }}
+ - containerPort: {{ .Values.service.internalPort3 }}
lifecycle:
# wait for active requests (long-running tasks) to be finished
# Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod.
diff --git a/kubernetes/aai/components/aai-traversal/templates/service.yaml b/kubernetes/aai/components/aai-traversal/templates/service.yaml
index b54b6be644..daf1758890 100644
--- a/kubernetes/aai/components/aai-traversal/templates/service.yaml
+++ b/kubernetes/aai/components/aai-traversal/templates/service.yaml
@@ -34,12 +34,19 @@ spec:
- port: {{ .Values.service.internalPort2 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
name: {{ .Values.service.portName2 }}
+ - port: {{ .Values.service.internalPort3 }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }}
+ name: {{ .Values.service.portName3 }}
{{- else -}}
- port: {{ .Values.service.internalPort }}
name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- port: {{ .Values.service.internalPort2 }}
name: {{ .Values.service.portName2 }}
+ - port: {{ .Values.service.internalPort3 }}
+ name: {{ .Values.service.portName3 }}
{{- end }}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
+ clusterIP: None
+ sessionAffinity: {{ .Values.service.sessionAffinity }}
diff --git a/kubernetes/aai/components/aai-traversal/templates/servicemonitor.yaml b/kubernetes/aai/components/aai-traversal/templates/servicemonitor.yaml
new file mode 100644
index 0000000000..c0d9f212b4
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/templates/servicemonitor.yaml
@@ -0,0 +1,3 @@
+{{- if .Values.metrics.serviceMonitor.enabled }}
+{{ include "common.serviceMonitor" . }}
+{{- end }} \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml
index 105b962c64..b5d99fdbda 100644
--- a/kubernetes/aai/components/aai-traversal/values.yaml
+++ b/kubernetes/aai/components/aai-traversal/values.yaml
@@ -231,6 +231,12 @@ persistence:
# default number of instances
replicaCount: 1
+minReadySeconds: 10
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 0
+ maxSurge: 1
+
nodeSelector: {}
affinity: {}
@@ -253,7 +259,10 @@ service:
internalPort: 8446
portName2: tcp-5005
internalPort2: 5005
+ portName3: aai-traversal-8448
+ internalPort3: 8448
terminationGracePeriodSeconds: 120
+ sessionAffinity: None
ingress:
enabled: false
@@ -289,6 +298,58 @@ resources:
memory: 4Gi
unlimited: {}
+metrics:
+ serviceMonitor:
+ enabled: false
+ targetPort: 8448
+ path: /prometheus
+ basicAuth:
+ enabled: false
+ externalSecretName: mysecretname
+ externalSecretUserKey: login
+ externalSecretPasswordKey: password
+
+ ## Namespace in which Prometheus is running
+ ##
+ # namespace: monitoring
+
+ ## Interval at which metrics should be scraped.
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
+ ##
+ #interval: 30s
+
+ ## Timeout after which the scrape is ended
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
+ ##
+ # scrapeTimeout: 10s
+
+ ## ServiceMonitor selector labels
+ ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration
+ ##
+ selector:
+ app: '{{ include "common.name" . }}'
+ chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+ release: '{{ include "common.release" . }}'
+ heritage: '{{ .Release.Service }}'
+
+ ## RelabelConfigs to apply to samples before scraping
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
+ ## Value is evalued as a template
+ ##
+ relabelings: []
+
+ ## MetricRelabelConfigs to apply to samples before ingestion
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
+ ## Value is evalued as a template
+ ##
+ metricRelabelings: []
+ # - sourceLabels:
+ # - "__name__"
+ # targetLabel: "__name__"
+ # action: replace
+ # regex: '(.*)'
+ # replacement: 'example_prefix_$1'
+
#Pods Service Account
serviceAccount:
nameOverride: aai-traversal
diff --git a/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg b/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg
index 6e7acef17f..03212b9f2d 100644
--- a/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg
+++ b/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg
@@ -17,8 +17,10 @@ global
log /dev/log local0
stats socket /usr/local/etc/haproxy/haproxy.socket mode 660 level admin
stats timeout 30s
- user root
- group root
+ # it is required else pod will not come up
+ maxconn 50000
+ user haproxy
+ group haproxy
daemon
#################################
# Default SSL material locations#
@@ -38,7 +40,8 @@ defaults
mode http
option httplog
option ssl-hello-chk
- option httpchk GET /aai/util/echo HTTP/1.1\r\nHost:\ aai\r\nX-TransactionId:\ haproxy-0111\r\nX-FromAppId:\ haproxy\r\nAccept:\ application/json\r\nAuthorization:\ Basic\ YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==
+ option httpchk
+ http-check send meth GET uri /aai/util/echo ver HTTP/1.1 hdr Host aai hdr X-TransactionId haproxy-0111 hdr X-FromAppId haproxy hdr Accept application/json hdr Authorization 'Basic QUFJOkFBSQ=='
default-server init-addr none
# option dontlognull
# errorfile 400 /etc/haproxy/errors/400.http
@@ -59,6 +62,12 @@ defaults
timeout server 480000
timeout http-keep-alive 30000
+frontend stats
+ bind *:8448
+ http-request use-service prometheus-exporter if { path /metrics }
+ stats enable
+ stats uri /stats
+ stats refresh 10s
frontend IST_8443
mode http
@@ -73,6 +82,10 @@ frontend IST_8443
capture response header Host len 100
option log-separate-errors
option forwardfor
+
+ http-request set-header X-Forwarded-Proto https
+ http-request add-header X-Forwarded-Port 8443
+
http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-AAI-Client-SSL TRUE if { ssl_c_used }
http-request set-header X-AAI-SSL %[ssl_fc]
@@ -97,9 +110,6 @@ frontend IST_8443
{{- end }}
{{- end }}
- reqadd X-Forwarded-Proto:\ https
- reqadd X-Forwarded-Port:\ 8443
-
#######################
#ACLS FOR PORT 8446####
#######################
@@ -107,9 +117,10 @@ frontend IST_8443
acl is_Port_8446_generic path_reg -i ^/aai/v[0-9]+/search/generic-query$
acl is_Port_8446_nodes path_reg -i ^/aai/v[0-9]+/search/nodes-query$
acl is_Port_8446_version path_reg -i ^/aai/v[0-9]+/query$
+ acl is_dsl path_reg -i ^/aai/v[0-9]+/dsl$
acl is_named-query path_beg -i /aai/search/named-query
acl is_search-model path_beg -i /aai/search/model
- use_backend IST_AAI_8446 if is_Port_8446_generic or is_Port_8446_nodes or is_Port_8446_version or is_named-query or is_search-model
+ use_backend IST_AAI_8446 if is_Port_8446_generic or is_Port_8446_nodes or is_Port_8446_version or is_named-query or is_search-model or is_dsl
default_backend IST_Default_8447
@@ -120,9 +131,11 @@ frontend IST_8443
backend IST_Default_8447
balance roundrobin
+ stick-table type string len 100 size 200k expire 2m
+ stick on path
http-request set-header X-Forwarded-Port %[src_port]
http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
- server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none
+ server-template aai-resources.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiResources}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none
#######################
@@ -131,9 +144,11 @@ backend IST_Default_8447
backend IST_AAI_8446
balance roundrobin
+ stick-table type string len 100 size 200k expire 2m
+ stick on path
http-request set-header X-Forwarded-Port %[src_port]
http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
- server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none
+ server-template aai-traversal.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiTraversal}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none
listen IST_AAI_STATS
mode http
diff --git a/kubernetes/aai/resources/config/haproxy/haproxy.cfg b/kubernetes/aai/resources/config/haproxy/haproxy.cfg
index 1accff9935..8c2554efea 100644
--- a/kubernetes/aai/resources/config/haproxy/haproxy.cfg
+++ b/kubernetes/aai/resources/config/haproxy/haproxy.cfg
@@ -17,6 +17,10 @@ global
log /dev/log local0
stats socket /usr/local/etc/haproxy/haproxy.socket mode 660 level admin
stats timeout 30s
+ # it is required else pod will not come up
+ maxconn 50000
+ user haproxy
+ group haproxy
daemon
#################################
# Default SSL material locations#
@@ -38,7 +42,8 @@ defaults
{{- if ( include "common.needTLS" .) }}
option ssl-hello-chk
{{- end }}
- option httpchk GET /aai/util/echo HTTP/1.1\r\nHost:\ aai\r\nX-TransactionId:\ haproxy-0111\r\nX-FromAppId:\ haproxy\r\nAccept:\ application/json\r\nAuthorization:\ Basic\ QUFJOkFBSQ==
+ option httpchk
+ http-check send meth GET uri /aai/util/echo ver HTTP/1.1 hdr Host aai hdr X-TransactionId haproxy-0111 hdr X-FromAppId haproxy hdr Accept application/json hdr Authorization 'Basic QUFJOkFBSQ=='
default-server init-addr none
# option dontlognull
# errorfile 400 /etc/haproxy/errors/400.http
@@ -59,6 +64,12 @@ defaults
timeout server 480000
timeout http-keep-alive 30000
+frontend stats
+ bind *:8448
+ http-request use-service prometheus-exporter if { path /metrics }
+ stats enable
+ stats uri /stats
+ stats refresh 10s
frontend IST_8080
mode http
@@ -73,8 +84,8 @@ frontend IST_8080
option log-separate-errors
option forwardfor
http-request set-header X-Forwarded-Proto http
- reqadd X-Forwarded-Proto:\ http
- reqadd X-Forwarded-Port:\ 8080
+ http-request set-header X-Forwarded-Proto http
+ http-request add-header X-Forwarded-Port 8080
#######################
#ACLS FOR PORT 8446####
@@ -104,6 +115,10 @@ frontend IST_8443
capture response header Host len 100
option log-separate-errors
option forwardfor
+
+ http-request set-header X-Forwarded-Proto https
+ http-request add-header X-Forwarded-Port 8443
+
http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-AAI-Client-SSL TRUE if { ssl_c_used }
http-request set-header X-AAI-SSL %[ssl_fc]
@@ -128,8 +143,6 @@ frontend IST_8443
{{- end }}
{{- end }}
- reqadd X-Forwarded-Proto:\ https
- reqadd X-Forwarded-Port:\ 8443
{{- end }}
#######################
@@ -152,12 +165,14 @@ frontend IST_8443
backend IST_Default_8447
balance roundrobin
+ stick-table type string len 100 size 200k expire 2m
+ stick on path
http-request set-header X-Forwarded-Port %[src_port]
http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
{{- if ( include "common.needTLS" .) }}
- server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none
+ server-template aai-resources.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiResources}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none
{{- else }}
- server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check port 8447
+ server-template aai-resources.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiResources}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check port 8447
{{- end }}
#######################
@@ -166,10 +181,12 @@ backend IST_Default_8447
backend IST_AAI_8446
balance roundrobin
+ stick-table type string len 100 size 200k expire 2m
+ stick on path
http-request set-header X-Forwarded-Port %[src_port]
http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
{{- if ( include "common.needTLS" .) }}
- server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none
+ server-template aai-traversal.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiTraversal}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none
{{- else }}
- server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check port 8446
+ server-template aai-traversal.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiTraversal}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check port 8446
{{- end }}
diff --git a/kubernetes/aai/templates/deployment.yaml b/kubernetes/aai/templates/deployment.yaml
index 80fcebbef7..f1d10e2c81 100644
--- a/kubernetes/aai/templates/deployment.yaml
+++ b/kubernetes/aai/templates/deployment.yaml
@@ -30,6 +30,13 @@ spec:
matchLabels:
app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
+ strategy:
+ type: {{ .Values.updateStrategy.type }}
+ {{- if (eq "RollingUpdate" .Values.updateStrategy.type) }}
+ rollingUpdate:
+ maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ .Values.updateStrategy.maxSurge }}
+ {{- end }}
template:
metadata:
labels:
@@ -39,6 +46,7 @@ spec:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
spec:
+ terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }}
initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- command:
- /app/ready.py
@@ -58,6 +66,13 @@ spec:
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ resources:
+ requests:
+ memory: {{ .Values.haproxy.initContainers.resources.memory }}
+ cpu: {{ .Values.haproxy.initContainers.resources.cpu }}
+ limits:
+ memory: {{ .Values.haproxy.initContainers.resources.memory }}
+ cpu: {{ .Values.haproxy.initContainers.resources.cpu }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}"
@@ -79,6 +94,7 @@ spec:
ports:
- containerPort: {{ .Values.service.internalPort }}
- containerPort: {{ .Values.service.internalPlainPort }}
+ - containerPort: {{ .Values.metricsService.internalPort }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if eq .Values.liveness.enabled true }}
diff --git a/kubernetes/aai/templates/service.yaml b/kubernetes/aai/templates/service.yaml
index 4a6dc8e497..a8c3c3957e 100644
--- a/kubernetes/aai/templates/service.yaml
+++ b/kubernetes/aai/templates/service.yaml
@@ -35,6 +35,8 @@ spec:
type: {{ .Values.service.type }}
selector:
app: {{ include "common.name" . }}
+ clusterIP: {{ .Values.service.aaiServiceClusterIp }}
+ sessionAffinity: {{ .Values.service.sessionAffinity }}
---
apiVersion: v1
kind: Service
@@ -54,4 +56,23 @@ spec:
type: ClusterIP
selector:
app: {{ include "common.name" . }}
-
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}-metrics
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}-metrics
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ ports:
+ - port: {{ .Values.metricsService.externalPort }}
+ targetPort: {{ .Values.metricsService.internalPort }}
+ name: {{ .Values.metricsService.portName }}
+ type: {{ .Values.metricsService.type }}
+ selector:
+ app: {{ include "common.name" . }}
+ clusterIP: None \ No newline at end of file
diff --git a/kubernetes/aai/templates/servicemonitor.yaml b/kubernetes/aai/templates/servicemonitor.yaml
new file mode 100644
index 0000000000..c0d9f212b4
--- /dev/null
+++ b/kubernetes/aai/templates/servicemonitor.yaml
@@ -0,0 +1,3 @@
+{{- if .Values.metrics.serviceMonitor.enabled }}
+{{ include "common.serviceMonitor" . }}
+{{- end }} \ No newline at end of file
diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml
index 247c58be2b..0ba461c4c7 100644
--- a/kubernetes/aai/values.yaml
+++ b/kubernetes/aai/values.yaml
@@ -328,7 +328,7 @@ certInitializer:
# application image
dockerhubRepository: registry.hub.docker.com
-image: aaionap/haproxy:1.4.2
+image: onap/aai-haproxy:1.9.5
pullPolicy: Always
flavor: small
@@ -345,15 +345,27 @@ config:
# default number of instances
replicaCount: 1
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 0
+ maxSurge: 1
+
nodeSelector: {}
affinity: {}
# HAProxy configuration to block HTTP requests to AAI based on configurable URL patterns
haproxy:
+ initContainers:
+ resources:
+ memory: 100Mi
+ cpu: 50m
requestBlocking:
enabled: false
customConfigs: []
+ replicas:
+ aaiResources: 1
+ aaiTraversal: 1
# probe configuration parameters
liveness:
@@ -392,6 +404,32 @@ service:
externalPlainPort: 80
internalPlainPort: 8080
nodeport: 33
+ aaiServiceClusterIp:
+ sessionAffinity: None
+
+metricsService:
+ type: ClusterIP
+ portName: prometheus
+ externalPort: 8448
+ internalPort: 8448
+
+metrics:
+ serviceMonitor:
+ enabled: false
+ targetPort: 8448
+ path: /metrics
+ basicAuth:
+ enabled: false
+
+ selector:
+ app: '{{ include "common.name" . }}-metrics'
+ chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+ release: '{{ include "common.release" . }}'
+ heritage: '{{ .Release.Service }}'
+
+ relabelings: []
+
+ metricRelabelings: []
ingress:
enabled: false