diff options
Diffstat (limited to 'kubernetes/so/templates')
-rw-r--r-- | kubernetes/so/templates/_cadiValues.tpl | 19 | ||||
-rw-r--r-- | kubernetes/so/templates/_certificates.tpl | 32 | ||||
-rw-r--r-- | kubernetes/so/templates/_livenessProbe.tpl | 17 | ||||
-rw-r--r-- | kubernetes/so/templates/_profileProperty.tpl | 3 | ||||
-rwxr-xr-x | kubernetes/so/templates/configmap.yaml | 4 | ||||
-rwxr-xr-x | kubernetes/so/templates/deployment.yaml | 72 | ||||
-rw-r--r-- | kubernetes/so/templates/secret.yaml | 4 | ||||
-rwxr-xr-x | kubernetes/so/templates/service.yaml | 2 |
8 files changed, 34 insertions, 119 deletions
diff --git a/kubernetes/so/templates/_cadiValues.tpl b/kubernetes/so/templates/_cadiValues.tpl deleted file mode 100644 index 426facc4b1..0000000000 --- a/kubernetes/so/templates/_cadiValues.tpl +++ /dev/null @@ -1,19 +0,0 @@ -{{- define "cadi.keys" -}} -cadiLoglevel: DEBUG -cadiKeyFile: /org.onap.so.keyfile -cadiTrustStore: /app/org.onap.so.trust.jks -cadiTruststorePassword: {{ .Values.global.app.cadi.cadiTruststorePassword }} -cadiLatitude: {{ .Values.global.app.cadi.cadiLatitude }} -cadiLongitude: {{ .Values.global.app.cadi.cadiLongitude }} -aafEnv: {{ .Values.global.app.cadi.aafEnv }} -aafApiVersion: 2.0 -aafRootNs: {{ .Values.global.app.cadi.aafRootNs }} -aafId: {{ .Values.mso.config.cadi.aafId }} -aafPassword: {{ .Values.mso.config.cadi.aafPassword }} -aafLocateUrl: {{ .Values.global.app.cadi.aafLocateUrl }} -aafUrl: {{ .Values.global.app.cadi.aafUrl }} -apiEnforcement: {{ .Values.mso.config.cadi.apiEnforcement }} -{{- if (.Values.global.app.cadi.noAuthn) }} -noAuthn: {{ .Values.mso.config.cadi.noAuthn }} -{{- end }} -{{- end }} diff --git a/kubernetes/so/templates/_certificates.tpl b/kubernetes/so/templates/_certificates.tpl deleted file mode 100644 index 8bd25d27a1..0000000000 --- a/kubernetes/so/templates/_certificates.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{- define "so.certificate.container_importer" -}} -- name: {{ include "common.name" . }}-certs-importer - image: "{{ include "common.repository" . }}/{{ .Values.global.soBaseImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - "/bin/sh" - args: - - "-c" - - "update-ca-certificates --fresh && \ - cp -r {{ .Values.global.certificates.path }}/* /certificates" - volumeMounts: - - name: {{ include "common.name" . }}-certificates - mountPath: /certificates - - name: {{ include "common.name" . }}-onap-certificates - mountPath: {{ .Values.global.certificates.share_path }} -{{- end -}} - -{{- define "so.certificate.volume-mounts" -}} -- name: {{ include "common.name" . }}-certificates - mountPath: {{ .Values.global.certificates.path }} -- name: {{ include "common.name" . }}-onap-certificates - mountPath: {{ .Values.global.certificates.share_path }} -{{- end -}} - -{{- define "so.certificate.volumes" -}} -- name: {{ include "common.name" . }}-certificates - emptyDir: - medium: Memory -- name: {{ include "common.name" . }}-onap-certificates - secret: - secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "so-onap-certs") }} -{{- end -}} diff --git a/kubernetes/so/templates/_livenessProbe.tpl b/kubernetes/so/templates/_livenessProbe.tpl deleted file mode 100644 index 4181beb1f8..0000000000 --- a/kubernetes/so/templates/_livenessProbe.tpl +++ /dev/null @@ -1,17 +0,0 @@ -{{- define "helpers.livenessProbe" -}} -livenessProbe: - httpGet: - path: {{- index .Values.livenessProbe.path|indent 2}} - port: {{ index .Values.containerPort }} - scheme: {{- index .Values.livenessProbe.scheme| indent 2}} - {{- if eq .Values.global.security.aaf.enabled true }} - httpHeaders: - - name: Authorization - value: {{ index .Values.global.aaf.auth.header }} - {{- end }} - initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} - periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} - timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}} - successThreshold: {{ index .Values.livenessProbe.successThreshold}} - failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} -{{- end -}} diff --git a/kubernetes/so/templates/_profileProperty.tpl b/kubernetes/so/templates/_profileProperty.tpl deleted file mode 100644 index 113bc343d0..0000000000 --- a/kubernetes/so/templates/_profileProperty.tpl +++ /dev/null @@ -1,3 +0,0 @@ -{{- define "helpers.profileProperty" -}} - {{ if eq .condition true }}{{.value1}}{{else}}{{.value2}} {{ end }} -{{- end -}} diff --git a/kubernetes/so/templates/configmap.yaml b/kubernetes/so/templates/configmap.yaml index 6aa4b5f4f0..74daf41b7f 100755 --- a/kubernetes/so/templates/configmap.yaml +++ b/kubernetes/so/templates/configmap.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T USA # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,11 +12,12 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 data: LOG_PATH: {{ index .Values.logPath }} APP: {{ index .Values.app }} - ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} + ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/so/templates/deployment.yaml b/kubernetes/so/templates/deployment.yaml index 32f46c23ba..3fee225c03 100755 --- a/kubernetes/so/templates/deployment.yaml +++ b/kubernetes/so/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T USA # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: apps/v1 kind: Deployment metadata: @@ -37,38 +39,31 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: - initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} - - name: {{ include "common.name" . }}-readiness - command: - - /root/job_complete.py - args: - - --job-name - - {{ include "common.release" . }}-so-mariadb-config-job - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness + initContainers: + {{ include "so.certificate.container_importer" . | indent 6 | trim }} + {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} containers: - name: {{ include "common.name" . }} - image: {{ include "common.repository" . }}/{{ .Values.image }} - resources: -{{ include "common.resources" . | indent 12 }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - -c + - | + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + {{- if .Values.global.security.aaf.enabled }} + export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}" + {{- end }} + /app/start-app.sh + {{- end }} env: - name: DB_HOST - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.host + value: {{ include "common.mariadbService" . }} - name: DB_PORT - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.port + value: {{ include "common.mariadbPort" . | quote }} - name: DB_USERNAME {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} - name: DB_PASSWORD @@ -77,27 +72,12 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} - name: DB_ADMIN_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} - {{- if eq .Values.global.security.aaf.enabled true }} - - name: TRUSTSTORE - value: /app/org.onap.so.trust.jks - - name: TRUSTSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: trustStorePassword - - name: KEYSTORE - value: /app/org.onap.so.jks - - name: KEYSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name}}-so-client-certs-secret - key: keyStorePassword - {{- end }} + {{ include "so.certificates.env" . | indent 8 | trim }} envFrom: - configMapRef: name: {{ include "common.fullname" . }}-configmap imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} - name: logs mountPath: /app/logs - name: config @@ -105,14 +85,14 @@ spec: readOnly: true - name: {{ include "common.fullname" . }}-logs mountPath: /var/log/onap -{{ include "helpers.livenessProbe" .| indent 8 }} +{{ include "so.helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP # Filebeat sidecar container - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-filebeat-conf diff --git a/kubernetes/so/templates/secret.yaml b/kubernetes/so/templates/secret.yaml index bdcecddfa3..5aa3ea3855 100644 --- a/kubernetes/so/templates/secret.yaml +++ b/kubernetes/so/templates/secret.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2020 Samsung Electronics # Modifications Copyright © 2020 Orange # @@ -12,5 +13,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/templates/service.yaml b/kubernetes/so/templates/service.yaml index 336b9f7028..2849edecc7 100755 --- a/kubernetes/so/templates/service.yaml +++ b/kubernetes/so/templates/service.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2018 AT&T USA # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} apiVersion: v1 kind: Service metadata: |