diff options
Diffstat (limited to 'kubernetes')
125 files changed, 1027 insertions, 2105 deletions
diff --git a/kubernetes/a1policymanagement/Chart.yaml b/kubernetes/a1policymanagement/Chart.yaml index 1fa512a50d..c6798d15b4 100644 --- a/kubernetes/a1policymanagement/Chart.yaml +++ b/kubernetes/a1policymanagement/Chart.yaml @@ -26,9 +26,6 @@ dependencies: - name: common version: ~12.x-0 repository: '@local' - - name: certInitializer - version: ~12.x-0 - repository: '@local' - name: repositoryGenerator version: ~12.x-0 repository: '@local' diff --git a/kubernetes/a1policymanagement/resources/config/application.yaml b/kubernetes/a1policymanagement/resources/config/application.yaml index 29b0b9ad16..789f3eb673 100644 --- a/kubernetes/a1policymanagement/resources/config/application.yaml +++ b/kubernetes/a1policymanagement/resources/config/application.yaml @@ -49,26 +49,23 @@ logging: server: # Configuration of the HTTP/REST server. The parameters are defined and handeled by the springboot framework. # See springboot documentation. - port: 8433 + #port: 8081 http-port: 8081 ssl: - enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} + enabled: false key-store-type: PKCS12 - key-store-password: ${KEYSTORE_PASSWORD} - key-store: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 - key-password: ${KEYSTORE_PASSWORD} - key-alias: {{ .Values.certInitializer.fqi }} + key-store-password: "" + key-store: "" + key-password: "" + key-alias: "" app: # Location of the component configuration file. The file will only be used if the Consul database is not used; # configuration from the Consul will override the file. filepath: /opt/app/policy-agent/data/application_configuration.json webclient: - # Configuration of the trust store used for the HTTP client (outgoing requests) - # The file location and the password for the truststore is only relevant if trust-store-used == true - # Note that the same keystore as for the server is used. trust-store-used: false - trust-store-password: ${TRUSTSORE_PASSWORD} - trust-store: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks + trust-store-password: "" + trust-store: "" # Configuration of usage of HTTP Proxy for the southbound accesses. # The HTTP proxy (if configured) will only be used for accessing NearRT RIC:s http.proxy-host: diff --git a/kubernetes/a1policymanagement/resources/config/application_configuration.json b/kubernetes/a1policymanagement/resources/config/application_configuration.json index 5ee3f7d75d..837ce0c5b8 100644 --- a/kubernetes/a1policymanagement/resources/config/application_configuration.json +++ b/kubernetes/a1policymanagement/resources/config/application_configuration.json @@ -3,7 +3,7 @@ "controller": [ { "name": "controller1", - "baseUrl": "{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.sdncLink .Values.sdncLinkHttp }}", + "baseUrl": "{{ .Values.sdncLink }}", "userName": "${A1CONTROLLER_USER}", "password": "${A1CONTROLLER_PASSWORD}" } diff --git a/kubernetes/a1policymanagement/templates/ingress.yaml b/kubernetes/a1policymanagement/templates/ingress.yaml new file mode 100644 index 0000000000..bcc60a0953 --- /dev/null +++ b/kubernetes/a1policymanagement/templates/ingress.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2023 Deutsche Telekom +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.ingress" . }} diff --git a/kubernetes/a1policymanagement/templates/statefulset.yaml b/kubernetes/a1policymanagement/templates/statefulset.yaml index 89d131e26c..b1d04074f7 100644 --- a/kubernetes/a1policymanagement/templates/statefulset.yaml +++ b/kubernetes/a1policymanagement/templates/statefulset.yaml @@ -30,7 +30,7 @@ spec: spec: imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" - initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} + initContainers: - name: {{ include "common.name" . }}-bootstrap-config image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -39,10 +39,6 @@ spec: args: - -c - | - {{- if (include "common.needTLS" .) }} - export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop\ - | xargs -0) - {{- end }} cd /config-input for PFILE in `ls -1` do @@ -55,7 +51,7 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "login") | indent 10 }} - name: A1CONTROLLER_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "password") | indent 10 }} - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} + volumeMounts: - mountPath: /config-input name: {{ include "common.fullname" . }}-policy-conf-input - mountPath: /config @@ -97,10 +93,10 @@ spec: httpGet: path: /status port: {{ .Values.liveness.port }} - scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }} + scheme: HTTP initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} + volumeMounts: - name: config mountPath: /opt/app/policy-agent/data/application_configuration.json subPath: application_configuration.json @@ -111,7 +107,7 @@ spec: mountPath: "/var/policy-management-service/database" resources: {{ include "common.resources" . | nindent 10 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} + volumes: - name: {{ include "common.fullname" . }}-policy-conf-input configMap: name: {{ include "common.fullname" . }}-policy-conf diff --git a/kubernetes/a1policymanagement/values.yaml b/kubernetes/a1policymanagement/values.yaml index bf49313787..93f57d3587 100644 --- a/kubernetes/a1policymanagement/values.yaml +++ b/kubernetes/a1policymanagement/values.yaml @@ -30,39 +30,6 @@ secrets: password: '{{ .Values.a1controller.password }}' passwordPolicy: required -################################################################# -# AAF part -################################################################# -certInitializer: - nameOverride: a1p-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - # aafDeployCredsExternalSecret: some secret - fqdn: a1p - fqi: a1p@a1p.onap.org - public_fqdn: a1p.onap.org - cadi_longitude: "0.0" - cadi_latitude: "0.0" - app_ns: org.osaaf.aaf - credsPath: /opt/app/osaaf/local - fqi_namespace: org.onap.a1p - aaf_add_config: | - echo "*** changing them into shell safe ones" - export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) - export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) - cd {{ .Values.credsPath }} - keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \ - -storepass "${cadi_keystore_password_p12}" \ - -keystore {{ .Values.fqi_namespace }}.p12 - keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \ - -storepass "${cadi_truststore_password}" \ - -keystore {{ .Values.fqi_namespace }}.trust.jks - echo "*** save the generated passwords" - echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop - echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop - echo "*** change ownership of certificates to targeted user" - chown -R 1000 . - image: onap/ccsdk-oran-a1policymanagementservice:1.3.2 userID: 1000 #Should match with image-defined user ID groupID: 999 #Should match with image-defined group ID @@ -72,21 +39,25 @@ replicaCount: 1 service: type: NodePort name: a1policymanagement - both_tls_and_plain: true ports: - name: api - port: 8433 - plain_port: 8081 + port: 8081 port_protocol: http nodePort: '94' +ingress: + enabled: false + service: + - baseaddr: 'a1policymanagement-api' + name: 'a1policymanagement' + port: 8081 + # SDNC Credentials are used here a1controller: user: admin password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U -sdncLink: https://sdnc.onap:8443 -sdncLinkHttp: http://sdnc.onap:8282 +sdncLink: http://sdnc.onap:8282 # The information about A1-Mediator/RICs can be added here. # The A1 policy management service supports both STD & OSC versions. # Alternatively, the A1 simulator from ORAN-SC can also be used. It provides STD & OSC versions for A1 termination. diff --git a/kubernetes/cps/components/cps-core/values.yaml b/kubernetes/cps/components/cps-core/values.yaml index a016574dc5..7bdb79d8f9 100644 --- a/kubernetes/cps/components/cps-core/values.yaml +++ b/kubernetes/cps/components/cps-core/values.yaml @@ -182,7 +182,7 @@ config: # spring.config.min-size: 10 additional: - notification.data-updated.enabled: true + notification.enabled: true notification.data-updated.topic: &dataUpdatedTopic cps.data-updated-events notification.data-updated.filters.enabled-dataspaces: "" notification.async.enabled: false diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml b/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml index 8e71114c8c..2a31c73303 100644 --- a/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml +++ b/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml @@ -49,6 +49,11 @@ logging: onap: cps: {{ .Values.logging.cps }} +spring.kafka.bootstrap-servers: {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 +spring.kafka.security.protocol: SASL_PLAINTEXT +spring.kafka.properties.sasl.mechanism: SCRAM-SHA-512 +spring.kafka.properties.sasl.jaas.config: ${SASL_JAAS_CONFIG} + {{- if .Values.config.additional }} {{ toYaml .Values.config.additional | nindent 2 }} diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml b/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml index c35519b5fc..44f11f5b9c 100644 --- a/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml +++ b/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml @@ -164,7 +164,7 @@ config: # spring.config.min-size: 10 logging: - level: INFO + level: DEBUG cps: DEBUG path: /tmp diff --git a/kubernetes/nbi/Chart.yaml b/kubernetes/nbi/Chart.yaml index ee1e330072..5f277876a3 100644 --- a/kubernetes/nbi/Chart.yaml +++ b/kubernetes/nbi/Chart.yaml @@ -26,9 +26,6 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' - - name: certInitializer - version: ~12.x-0 - repository: '@local' - name: mongo version: ~12.x-0 repository: '@local' diff --git a/kubernetes/nbi/templates/deployment.yaml b/kubernetes/nbi/templates/deployment.yaml index 9bab15f30c..fcb9b6e1bd 100644 --- a/kubernetes/nbi/templates/deployment.yaml +++ b/kubernetes/nbi/templates/deployment.yaml @@ -25,9 +25,6 @@ spec: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: -{{- if .Values.global.aafEnabled }} - initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} -{{- end }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} @@ -35,36 +32,20 @@ spec: ports: {{ include "common.containerPorts" . | nindent 12 }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container - {{- if .Values.global.aafEnabled }} - command: - - sh - args: - - -c - - | - export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) - export JAVA_OPTS="-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \ - -Dserver.ssl.key-store={{ .Values.certInitializer.credsPath }}/org.onap.nbi.p12 \ - -Dserver.ssl.key-store-type=PKCS12 \ - -Djavax.net.ssl.trustStore={{ .Values.certInitializer.credsPath }}/org.onap.nbi.trust.jks \ - -Dserver.ssl.key-store-password=$cadi_keystore_password_p12 \ - -Djavax.net.ssl.trustStoreType=jks\ - -Djava.security.egd=file:/dev/./urandom -Dserver.port=8443" - exec java -XX:+UseContainerSupport $JAVA_OPTS -jar /opt/onap/app.jar - {{- end }} {{ if .Values.liveness.enabled }} livenessProbe: httpGet: - port: {{ if (include "common.needTLS" .) }}{{ .Values.service.internalPort }}{{ else }}{{ .Values.service.internalPlainPort }}{{ end }} + port: {{ .Values.service.internalPort }} path: {{ .Values.liveness.path }} - scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }} + scheme: HTTP initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end }} readinessProbe: httpGet: - port: {{ if (include "common.needTLS" .) }}{{ .Values.service.internalPort }}{{ else }}{{ .Values.service.internalPlainPort }}{{ end }} + port: {{ .Values.service.internalPort }} path: {{ .Values.readiness.path }} - scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }} + scheme: HTTP initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: @@ -91,15 +72,15 @@ spec: - name: ONAP_K8SCLOUDOWNER value: {{ .Values.config.k8sCloudOwner }} - name: NBI_URL - value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}://nbi.{{ include "common.namespace" . }}:{{ if (include "common.needTLS" .) }}{{ .Values.service.internalPort }}{{ else }}{{ .Values.service.internalPlainPort }}{{ end }}/nbi/api/v4" + value: "http://nbi.{{ include "common.namespace" . }}:{{ .Values.service.internalPort }}/nbi/api/v4" - name: SDC_HOST - value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}://sdc-be.{{ include "common.namespace" . }}:{{ if (include "common.needTLS" .) }}8443{{ else }}8080{{ end }}" + value: "http://sdc-be.{{ include "common.namespace" . }}:8080" - name: SDC_HEADER_ECOMPINSTANCEID value: {{ .Values.config.ecompInstanceId }} - name: SDC_HEADER_AUTHORIZATION value: {{ .Values.sdc_authorization }} - name: AAI_HOST - value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}://aai.{{ include "common.namespace" . }}:{{ if (include "common.needTLS" .) }}8443{{ else }}80{{ end }}" + value: "http://aai.{{ include "common.namespace" . }}:80" - name: AAI_HEADER_AUTHORIZATION value: {{ .Values.aai_authorization }} - name: SO_HOST @@ -118,7 +99,7 @@ spec: value: "msb-discovery.{{ include "common.namespace" . }}" - name: MSB_DISCOVERY_PORT value: "10081" - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 12 }} + volumeMounts: - mountPath: /etc/localtime name: localtime readOnly: true @@ -132,7 +113,7 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} + volumes: - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/nbi/tests/deployment_test.yaml b/kubernetes/nbi/tests/deployment_test.yaml index 7c8a1b0dbb..fe9d0d2977 100644 --- a/kubernetes/nbi/tests/deployment_test.yaml +++ b/kubernetes/nbi/tests/deployment_test.yaml @@ -98,7 +98,7 @@ tests: path: spec.template.spec.containers[0].env content: name: SDC_HOST - value: https://sdc-be.NAMESPACE:8443 + value: http://sdc-be.NAMESPACE:8080 - contains: path: spec.template.spec.containers[0].env content: @@ -113,7 +113,7 @@ tests: path: spec.template.spec.containers[0].env content: name: AAI_HOST - value: https://aai.NAMESPACE:8443 + value: http://aai.NAMESPACE:80 - contains: path: spec.template.spec.containers[0].env content: diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml index dc323675ad..e2b7341b7c 100644 --- a/kubernetes/nbi/values.yaml +++ b/kubernetes/nbi/values.yaml @@ -24,31 +24,7 @@ global: service: mariadb-galera internalPort: 3306 nameOverride: mariadb-galera - aafEnabled: true - msbEnabled: true - -################################################################# -# AAF part -################################################################# -certInitializer: - nameOverride: nbi-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - # aafDeployCredsExternalSecret: some secret - fqdn: nbi - fqi: nbi@nbi.onap.org - public_fqdn: nbi.onap.org - cadi_longitude: "0.0" - cadi_latitude: "0.0" - app_ns: org.osaaf.aaf - credsPath: /opt/app/osaaf/local - aaf_add_config: > - echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" > {{ .Values.credsPath }}/mycreds.prop - echo "cadi_truststore_password=$cadi_truststore_password" >> {{ .Values.credsPath }}/mycreds.prop - -aafConfig: - permission_user: 1000 - permission_group: 999 + msbEnabled: false ################################################################# # Secrets metaconfig @@ -150,12 +126,10 @@ service: type: NodePort portName: api name: nbi - internalPort: 8443 - internalPlainPort: 8080 + internalPort: 8080 ports: - name: http - port: 8443 - plain_port: 8080 + port: 8080 nodePort: '74' ingress: @@ -163,8 +137,7 @@ ingress: service: - baseaddr: "nbi-api" name: "nbi" - port: 8443 - plain_port: 8080 + port: 8080 config: ssl: "redirect" # Resource Limit flavor -By Default using small diff --git a/kubernetes/policy/Chart.yaml b/kubernetes/policy/Chart.yaml index 8c41754da5..c9d29ce2ca 100755 --- a/kubernetes/policy/Chart.yaml +++ b/kubernetes/policy/Chart.yaml @@ -67,6 +67,10 @@ dependencies: version: ~12.x-0 repository: 'file://components/policy-clamp-ac-a1pms-ppnt' condition: policy-clamp-ac-a1pms-ppnt.enabled + - name: policy-clamp-ac-kserve-ppnt + version: ~12.x-0 + repository: 'file://components/policy-clamp-ac-kserve-ppnt' + condition: policy-clamp-ac-kserve-ppnt.enabled - name: policy-clamp-ac-pf-ppnt version: ~12.x-0 repository: 'file://components/policy-clamp-ac-pf-ppnt' diff --git a/kubernetes/policy/components/policy-apex-pdp/Chart.yaml b/kubernetes/policy/components/policy-apex-pdp/Chart.yaml index c91569f1ed..f7f0757558 100755 --- a/kubernetes/policy/components/policy-apex-pdp/Chart.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/Chart.yaml @@ -2,6 +2,7 @@ # Copyright (C) 2018 Ericsson. All rights reserved. # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021 Nordix Foundation +# Modification (C) 2023 Deutsche Telekom. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -27,9 +28,6 @@ dependencies: - name: common version: ~12.x-0 repository: '@local' - - name: certInitializer - version: ~12.x-0 - repository: '@local' - name: repositoryGenerator version: ~12.x-0 repository: '@local' diff --git a/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json index 9136b6ed91..2fe354e2c0 100755 --- a/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json +++ b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json @@ -5,7 +5,7 @@ "port": 6969, "userName": "${RESTSERVER_USER}", "password": "${RESTSERVER_PASSWORD}", - "https": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}, + "https": "false", "prometheus": true }, "pdpStatusParameters":{ diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/service.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/service.yaml index 6a4d28bc4b..f96e81074e 100755 --- a/kubernetes/policy/components/policy-apex-pdp/templates/service.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/templates/service.yaml @@ -1,6 +1,7 @@ {{/* # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. +# Modification (C) 2023 Deutsche Telekom. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,29 +19,4 @@ # ============LICENSE_END========================================================= */}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - sessionAffinity: None +{{ include "common.service" . }} diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml index dd1c047aad..6213fecb31 100755 --- a/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml @@ -3,6 +3,7 @@ # Copyright (C) 2018 Ericsson. All rights reserved. # Modifications Copyright (C) 2020 AT&T Intellectual Property. # Modifications Copyright © 2022 Nordix Foundation +# Modification (C) 2023 Deutsche Telekom. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,25 +23,13 @@ apiVersion: apps/v1 kind: StatefulSet -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: + selector: {{- include "common.selectors" . | nindent 4 }} serviceName: {{ include "common.servicename" . }} replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ include "common.name" . }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - command: @@ -49,10 +38,6 @@ spec: - -c - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" env: - - name: TRUSTSTORE_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-pass" "key" "password") | indent 10 }} - - name: KEYSTORE_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-pass" "key" "password") | indent 10 }} - name: RESTSERVER_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }} - name: RESTSERVER_PASSWORD @@ -69,40 +54,29 @@ spec: image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config -{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["sh","-c"] - args: ["if [ -f {{ .Values.certInitializer.credsPath }}/.ci ]; then \ - . {{ .Values.certInitializer.credsPath }}/.ci; fi;\ - /opt/app/policy/apex-pdp/bin/apexOnapPf.sh -c /home/apexuser/config/OnapPfConfig.json"] - ports: - - containerPort: {{ .Values.service.externalPort }} + args: ["/opt/app/policy/apex-pdp/bin/apexOnapPf.sh -c /home/apexuser/config/OnapPfConfig.json"] + ports: {{ include "common.containerPorts" . | nindent 12 }} {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: - port: {{ .Values.service.externalPort }} + port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{- end }} readinessProbe: tcpSocket: - port: {{ .Values.service.externalPort }} + port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: - name: REPLICAS value: "{{ .Values.replicaCount }}" -{{- if not .Values.global.aafEnabled }} - - name: KEYSTORE_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-pass" "key" "password") | indent 12 }} - - name: TRUSTSTORE_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-pass" "key" "password") | indent 12 }} -{{- end }} volumeMounts: -{{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -121,7 +95,6 @@ spec: {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: -{{ include "common.certInitializer.volumes" . | indent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml index 10e4da4a99..3ea694fb06 100755 --- a/kubernetes/policy/components/policy-apex-pdp/values.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml @@ -2,6 +2,7 @@ # Copyright (C) 2018 Ericsson. All rights reserved. # Modifications Copyright (C) 2019-2021 AT&T Intellectual Property. # Modifications Copyright © 2022 Nordix Foundation +# Modification (C) 2023 Deutsche Telekom. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,7 +24,6 @@ ################################################################# global: nodePortPrefix: 302 - aafEnabled: true persistence: {} ################################################################# @@ -35,16 +35,6 @@ secrets: externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}' login: '{{ .Values.restServer.user }}' password: '{{ .Values.restServer.password }}' - - uid: truststore-pass - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.trustStorePassword }}' - passwordPolicy: required - - uid: keystore-pass - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.keyStorePassword }}' - passwordPolicy: required - uid: policy-kafka-user externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' type: genericKV @@ -68,29 +58,6 @@ debugEnabled: false restServer: user: healthcheck password: zb!XztG34 -truststore: - password: Pol1cy_0nap -certStores: - keyStorePassword: Pol1cy_0nap - trustStorePassword: Pol1cy_0nap - -certInitializer: - nameOverride: policy-apex-pdp-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - fqdn: policy - fqi: policy@policy.onap.org - public_fqdn: policy.onap.org - cadi_latitude: "0.0" - cadi_longitude: "0.0" - credsPath: /opt/app/osaaf/local - app_ns: org.osaaf.aaf - uid: 101 - gid: 102 - aaf_add_config: > - echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci; - echo "export KEYSTORE_PASSWORD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; - chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); # default number of instances replicaCount: 1 @@ -114,10 +81,10 @@ readiness: service: type: ClusterIP name: policy-apex-pdp - portName: http - externalPort: 6969 internalPort: 6969 - nodePort: 37 + ports: + - name: http + port: 6969 ingress: enabled: false @@ -157,7 +124,7 @@ metrics: enabled: true port: policy-apex-pdp interval: 60s - isHttps: true + isHttps: false basicAuth: enabled: true externalSecretNameSuffix: policy-apex-pdp-restserver-creds diff --git a/kubernetes/policy/components/policy-api/Chart.yaml b/kubernetes/policy/components/policy-api/Chart.yaml index 49c067b639..1ce7d969f5 100755 --- a/kubernetes/policy/components/policy-api/Chart.yaml +++ b/kubernetes/policy/components/policy-api/Chart.yaml @@ -2,6 +2,7 @@ # Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021 Nordix Foundation +# Modification (C) 2023 Deutsche Telekom. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -27,9 +28,6 @@ dependencies: - name: common version: ~12.x-0 repository: '@local' - - name: certInitializer - version: ~12.x-0 - repository: '@local' - name: repositoryGenerator version: ~12.x-0 repository: '@local' diff --git a/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml b/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml index 53ab355332..269ecd5f5f 100644 --- a/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml +++ b/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml @@ -1,6 +1,7 @@ # ============LICENSE_START======================================================= # Copyright (C) 2022 Bell Canada. All rights reserved. # Modifications Copyright (C) 2022 AT&T Intellectual Property. +# Modification (C) 2023 Deutsche Telekom. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,7 +21,7 @@ server: port: {{ .Values.service.internalPort }} ssl: - enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} + enabled: false servlet: context-path: /policy/api/v1 diff --git a/kubernetes/policy/components/policy-api/templates/deployment.yaml b/kubernetes/policy/components/policy-api/templates/deployment.yaml index b791614b92..580dcdde86 100755 --- a/kubernetes/policy/components/policy-api/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-api/templates/deployment.yaml @@ -1,23 +1,11 @@ apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - selector: - matchLabels: - app: {{ include "common.name" . }} + selector: {{- include "common.selectors" . | nindent 4 }} replicas: {{ .Values.replicaCount }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - command: @@ -56,26 +44,13 @@ spec: image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config -{{ include "common.certInitializer.initContainer" . | indent 8 }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} -{{- if .Values.global.aafEnabled }} - command: ["sh","-c"] - args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ - /opt/app/policy/api/bin/policy-api.sh /opt/app/policy/api/etc/mounted/apiParameters.yaml"] -{{- else }} command: ["/opt/app/policy/api/bin/policy-api.sh"] args: ["/opt/app/policy/api/etc/mounted/apiParameters.yaml"] - env: - - name: KEYSTORE_PASSWD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} - - name: TRUSTSTORE_PASSWD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} -{{- end }} - ports: - - containerPort: {{ .Values.service.internalPort }} + ports: {{ include "common.containerPorts" . | nindent 12 }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{- if eq .Values.liveness.enabled true }} @@ -92,14 +67,13 @@ spec: httpHeaders: - name: Authorization value: Basic {{ printf "%s:%s" .Values.restServer.user .Values.restServer.password | b64enc }} - scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }} + scheme: HTTP successThreshold: {{ .Values.readiness.successThreshold }} failureThreshold: {{ .Values.readiness.failureThreshold }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} timeoutSeconds: {{ .Values.readiness.timeout }} volumeMounts: -{{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -116,7 +90,6 @@ spec: {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: -{{ include "common.certInitializer.volumes" . | indent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/policy/components/policy-api/templates/service.yaml b/kubernetes/policy/components/policy-api/templates/service.yaml index b5dee39e60..abb9a44bbe 100755 --- a/kubernetes/policy/components/policy-api/templates/service.yaml +++ b/kubernetes/policy/components/policy-api/templates/service.yaml @@ -1,6 +1,7 @@ {{/* # ============LICENSE_START======================================================= # Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +# Modification (C) 2023 Deutsche Telekom. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,28 +19,4 @@ # ============LICENSE_END========================================================= */}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} +{{ include "common.service" . }} diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml index 429e9eaf2b..2ec88ee82e 100755 --- a/kubernetes/policy/components/policy-api/values.yaml +++ b/kubernetes/policy/components/policy-api/values.yaml @@ -1,6 +1,7 @@ # ============LICENSE_START======================================================= # Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved. # Modifications Copyright (C) 2022 Bell Canada. All rights reserved. +# Modification (C) 2023 Deutsche Telekom. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,7 +24,6 @@ global: nodePortPrefix: 304 persistence: {} - aafEnabled: true ################################################################# # Secrets metaconfig @@ -41,39 +41,6 @@ secrets: login: '{{ .Values.restServer.user }}' password: '{{ .Values.restServer.password }}' passwordPolicy: required - - uid: keystore-password - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.keyStorePassword }}' - passwordPolicy: required - - uid: truststore-password - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.trustStorePassword }}' - passwordPolicy: required - -certStores: - keyStorePassword: Pol1cy_0nap - trustStorePassword: Pol1cy_0nap - -certInitializer: - nameOverride: policy-api-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - fqdn: policy - fqi: policy@policy.onap.org - public_fqdn: policy.onap.org - cadi_latitude: "0.0" - cadi_longitude: "0.0" - credsPath: /opt/app/osaaf/local - app_ns: org.osaaf.aaf - uid: 100 - gid: 101 - aaf_add_config: > - echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci; - echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; - chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); - ################################################################# # Application configuration defaults. @@ -123,10 +90,11 @@ readiness: service: type: ClusterIP name: policy-api - portName: http - externalPort: 6969 internalPort: 6969 - nodePort: 40 + ports: + - name: http + port: 6969 + ingress: enabled: false @@ -164,7 +132,7 @@ metrics: enabled: true port: policy-api interval: 60s - isHttps: true + isHttps: false basicAuth: enabled: true externalSecretNameSuffix: policy-api-user-creds diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml index a4810bae57..1c3c100022 100755 --- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml @@ -62,11 +62,6 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["/opt/app/policy/clamp/bin/a1pms-participant.sh"] args: ["/opt/app/policy/clamp/etc/mounted/A1pmsParticipantParameters.yaml"] - env: - - name: KEYSTORE_PASSWD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} - - name: TRUSTSTORE_PASSWD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} ports: {{ include "common.containerPorts" . | nindent 12 }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml index 885f2c9793..b90c33766e 100755 --- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml @@ -21,7 +21,6 @@ ################################################################# global: persistence: {} - aafEnabled: false #Strimzi Kafka properties useStrimziKafka: set-via-parent-chart-global-value kafkaTopics: @@ -38,20 +37,6 @@ secrets: login: '{{ .Values.restServer.user }}' password: '{{ .Values.restServer.password }}' passwordPolicy: required - - uid: keystore-password - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.keyStorePassword }}' - passwordPolicy: required - - uid: truststore-password - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.trustStorePassword }}' - passwordPolicy: required - -certStores: - keyStorePassword: Pol1cy_0nap - trustStorePassword: Pol1cy_0nap ################################################################# # Application configuration defaults. @@ -109,8 +94,6 @@ service: ports: - name: a1pms-api port: 8086 - nodePort: 42 - flavor: small resources: diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml index 65126ca6b6..d9af15f0cd 100644 --- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml @@ -25,9 +25,6 @@ dependencies: - name: common version: ~12.x-0 repository: '@local' - - name: certInitializer - version: ~12.x-0 - repository: '@local' - name: repositoryGenerator version: ~12.x-0 repository: '@local' diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml index bae543e187..6cc45cc5c6 100644 --- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml @@ -91,5 +91,5 @@ server: servlet: context-path: /onap/httpparticipant ssl: - enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} + enabled: false diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml index 550957b717..dddae1da50 100644 --- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml @@ -56,24 +56,12 @@ spec: image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config -{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} -{{- if .Values.global.aafEnabled }} - command: ["sh","-c"] - args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ - /opt/app/policy/clamp/bin/http-participant.sh /opt/app/policy/clamp/etc/mounted/HttpParticipantParameters.yaml"] -{{- else }} command: ["/opt/app/policy/clamp/bin/http-participant.sh"] args: ["/opt/app/policy/clamp/etc/mounted/HttpParticipantParameters.yaml"] - env: - - name: KEYSTORE_PASSWD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} - - name: TRUSTSTORE_PASSWD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} -{{- end }} ports: {{ include "common.containerPorts" . | nindent 12 }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container @@ -90,7 +78,6 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: -{{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -107,7 +94,6 @@ spec: {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: -{{ include "common.certInitializer.volumes" . | indent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml index 5c897c23e4..6f60fec111 100644 --- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml @@ -21,7 +21,6 @@ ################################################################# global: persistence: {} - aafEnabled: false #Strimzi Kafka properties useStrimziKafka: set-via-parent-chart-global-value kafkaTopics: @@ -38,39 +37,6 @@ secrets: login: '{{ .Values.restServer.user }}' password: '{{ .Values.restServer.password }}' passwordPolicy: required - - uid: keystore-password - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.keyStorePassword }}' - passwordPolicy: required - - uid: truststore-password - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.trustStorePassword }}' - passwordPolicy: required - -certStores: - keyStorePassword: Pol1cy_0nap - trustStorePassword: Pol1cy_0nap - -certInitializer: - nameOverride: policy-clamp-ac-http-ppnt-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - fqdn: policy - fqi: policy@policy.onap.org - public_fqdn: policy.onap.org - cadi_latitude: "0.0" - cadi_longitude: "0.0" - credsPath: /opt/app/osaaf/local - app_ns: org.osaaf.aaf - uid: 100 - gid: 101 - aaf_add_config: > - echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci; - echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; - chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); - ################################################################# # Application configuration defaults. @@ -115,12 +81,9 @@ readiness: service: type: ClusterIP name: *componentName - useNodePortExt: true ports: - name: http-api port: 8084 - nodePort: 42 - flavor: small resources: diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml index c979d7de4a..a547bc143a 100644 --- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml @@ -27,9 +27,6 @@ dependencies: - name: common version: ~12.x-0 repository: '@local' - - name: certInitializer - version: ~12.x-0 - repository: '@local' - name: repositoryGenerator version: ~12.x-0 repository: '@local' diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml index 30df5df082..761f19c5e3 100644 --- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml @@ -95,7 +95,7 @@ server: servlet: context-path: /onap/policy/clamp/acm/k8sparticipant ssl: - enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} + enabled: false logging: diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml index 0baf6c73b3..df454485c8 100644 --- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml @@ -56,24 +56,12 @@ spec: image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config -{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} -{{- if .Values.global.aafEnabled }} - command: ["sh","-c"] - args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ - /opt/app/policy/clamp/bin/kubernetes-participant.sh /opt/app/policy/clamp/etc/mounted/KubernetesParticipantParameters.yaml"] -{{- else }} command: ["/opt/app/policy/clamp/bin/kubernetes-participant.sh"] args: ["/opt/app/policy/clamp/etc/mounted/KubernetesParticipantParameters.yaml"] - env: - - name: KEYSTORE_PASSWD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} - - name: TRUSTSTORE_PASSWD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} -{{- end }} ports: {{ include "common.containerPorts" . | nindent 12 }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container @@ -90,7 +78,6 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: -{{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -107,7 +94,6 @@ spec: {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}} volumes: -{{ include "common.certInitializer.volumes" . | indent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml index 8682d147b4..985399a893 100644 --- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml @@ -22,7 +22,6 @@ global: nodePortPrefixExt: 304 persistence: {} - aafEnabled: false #Strimzi Kafka properties useStrimziKafka: set-via-parent-chart-global-value kafkaTopics: @@ -39,39 +38,6 @@ secrets: login: '{{ .Values.restServer.user }}' password: '{{ .Values.restServer.password }}' passwordPolicy: required - - uid: keystore-password - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.keyStorePassword }}' - passwordPolicy: required - - uid: truststore-password - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.trustStorePassword }}' - passwordPolicy: required - -certStores: - keyStorePassword: Pol1cy_0nap - trustStorePassword: Pol1cy_0nap - -certInitializer: - nameOverride: policy-clamp-ac-k8s-ppnt-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - fqdn: policy - fqi: policy@policy.onap.org - public_fqdn: policy.onap.org - cadi_latitude: "0.0" - cadi_longitude: "0.0" - credsPath: /opt/app/osaaf/local - app_ns: org.osaaf.aaf - uid: 100 - gid: 101 - aaf_add_config: > - echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci; - echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; - chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); - ################################################################# # Application configuration defaults. @@ -113,11 +79,9 @@ readiness: service: type: ClusterIP name: *componentName - useNodePortExt: true ports: - name: http-api port: 8083 - nodePort: 42 ingress: enabled: false diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/Chart.yaml new file mode 100755 index 0000000000..f62c37aa2f --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/Chart.yaml @@ -0,0 +1,36 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +apiVersion: v2 +description: ONAP Policy Clamp Kserve Participant +name: policy-clamp-ac-kserve-ppnt +version: 12.0.0 + +dependencies: + - name: common + version: ~12.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~12.x-0 + repository: '@local' + - name: serviceAccount + version: ~12.x-0 + repository: '@local' + - name: readinessCheck + version: ~12.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/KserveParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/KserveParticipantParameters.yaml new file mode 100755 index 0000000000..af9d46a807 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/KserveParticipantParameters.yaml @@ -0,0 +1,112 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +spring: + cloud: + kubernetes: + enabled: false + discovery: + enabled: false + security: + user: + name: ${RESTSERVER_USER} + password: ${RESTSERVER_PASSWORD} + autoconfigure: + exclude: + - org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration + - org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration + - org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration + - org.springframework.boot.autoconfigure.data.web.SpringDataWebAutoConfiguration + - io.kubernetes.client.spring.extended.manifests.config.KubernetesManifestsAutoConfiguration + - io.kubernetes.client.spring.extended.network.config.KubernetesLoadBalancerAutoConfiguration + +security: + enable-csrf: false + +participant: + intermediaryParameters: + reportingTimeIntervalMs: 120000 + description: Participant Description + participantId: 101c62b3-8918-41b9-a747-d21eb79c6c04 + clampAutomationCompositionTopics: + topicSources: + - + useHttps: false + fetchTimeout: 15000 + topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} + {{ if .Values.global.useStrimziKafka }} + topicCommInfrastructure: kafka + servers: + - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + additionalProps: + group.id: {{ (first .Values.kafkaUser.acls).name }} + allow.auto.create.topics: false + security.protocol: SASL_PLAINTEXT + sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} + sasl.jaas.config: ${SASL_JAAS_CONFIG} + {{ else }} + topicCommInfrastructure: dmaap + servers: + - ${topicServer:message-router} + {{ end }} + topicSinks: + - + useHttps: false + fetchTimeout: 15000 + topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }} + {{ if .Values.global.useStrimziKafka }} + topicCommInfrastructure: kafka + servers: + - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + additionalProps: + client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id + security.protocol: SASL_PLAINTEXT + sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} + sasl.jaas.config: ${SASL_JAAS_CONFIG} + {{ else }} + topicCommInfrastructure: dmaap + servers: + - ${topicServer:message-router} + {{ end }} + participantSupportedElementTypes: + - + typeName: org.onap.policy.clamp.acm.KserveAutomationCompositionElement + typeVersion: 1.0.1 + - + typeName: org.onap.policy.clamp.acm.AutomationCompositionElement + typeVersion: 1.0.0 + +customresourcedefinition: + group: serving.kserve.io + version: v1beta1 + plural: inferenceservices + grace-period: 10 + +management: + endpoints: + web: + base-path: / + exposure: + include: health, metrics, prometheus +server: + port: 8087 + servlet: + context-path: /onap/policy/clamp/acm/kserveparticipant + ssl: + enabled: false + + diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/logback.xml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/logback.xml new file mode 100755 index 0000000000..897d62a487 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/logback.xml @@ -0,0 +1,103 @@ +<!-- + ============LICENSE_START======================================================= + Copyright (C) 2023 Nordix Foundation. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + SPDX-License-Identifier: Apache-2.0 + ============LICENSE_END========================================================= +--> + +<configuration scan="true" scanPeriod="30 seconds" debug="false"> + + <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/kserve-participant/error.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/kserve-participant/error.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="ErrorOut" /> + </appender> + + <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/kserve-participant/debug.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/kserve-participant/debug.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="DebugOut" /> + </appender> + + <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/kserve-participant/network.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/kserve-participant/network.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern> + </encoder> + </appender> + + <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="NetworkOut" /> + </appender> + + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern> + </encoder> + </appender> + + <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="STDOUT" /> + </appender> + + <logger name="network" level="INFO" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <root level="INFO"> + <appender-ref ref="AsyncDebugOut" /> + <appender-ref ref="AsyncErrorOut" /> + <appender-ref ref="AsyncStdOut" /> + </root> + +</configuration> diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/configmap.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/configmap.yaml new file mode 100755 index 0000000000..d3e2833904 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/configmap.yaml @@ -0,0 +1,32 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*.{xml,yaml}").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/deployment.yaml new file mode 100755 index 0000000000..1067a7e24a --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/deployment.yaml @@ -0,0 +1,108 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: +{{- if not .Values.global.useStrimziKafka }} +{{ include "common.readinessCheck.waitFor" . | nindent 6 }} +{{- end }} + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: RESTSERVER_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }} + - name: RESTSERVER_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }} +{{- if .Values.global.useStrimziKafka }} + - name: SASL_JAAS_CONFIG + valueFrom: + secretKeyRef: + name: {{ include "common.name" . }}-ku + key: sasl.jaas.config +{{- end }} + volumeMounts: + - mountPath: /config-input + name: ac-kserve-ppnt-config + - mountPath: /config + name: ac-kserve-ppnt-config-processed + image: {{ include "repositoryGenerator.image.envsubst" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + containers: + - name: {{ include "common.name" . }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["/opt/app/policy/clamp/bin/kserve-participant.sh"] + args: ["/opt/app/policy/clamp/etc/mounted/KserveParticipantParameters.yaml"] + ports: {{ include "common.containerPorts" . | nindent 12 }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.readiness.port }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/policy/clamp/etc/mounted + name: ac-kserve-ppnt-config-processed + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: ac-kserve-ppnt-config + configMap: + name: {{ include "common.fullname" . }}-configmap + defaultMode: 0755 + - name: ac-kserve-ppnt-config-processed + emptyDir: + medium: Memory + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/kafkauser.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/kafkauser.yaml new file mode 100755 index 0000000000..16a3f72049 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/kafkauser.yaml @@ -0,0 +1,18 @@ +{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if .Values.global.useStrimziKafka }}
+{{ include "common.kafkauser" . }}
+{{ end }}
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/secrets.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/secrets.yaml new file mode 100755 index 0000000000..339fe339c5 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/secrets.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/service.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/service.yaml new file mode 100644 index 0000000000..ac5ee0b72f --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/service.yaml @@ -0,0 +1,38 @@ +{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ include "common.namespace" . }}-policy-clamp-ac-kserve-ppnt-binding
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cluster-admin
+subjects:
+ - kind: ServiceAccount
+ name: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}}
+ namespace: {{ include "common.namespace" . }}
diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml new file mode 100755 index 0000000000..cef5200eb6 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml @@ -0,0 +1,130 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +################################################################# +# Global configuration defaults. +################################################################# +global: + persistence: {} + #Strimzi Kafka properties + useStrimziKafka: set-via-parent-chart-global-value + kafkaTopics: + acRuntimeTopic: + name: &acRuntimeTopic policy.clamp-runtime-acm + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: restserver-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}' + login: '{{ .Values.restServer.user }}' + password: '{{ .Values.restServer.password }}' + passwordPolicy: required + +################################################################# +# Application configuration defaults. +################################################################# +# application image +image: onap/policy-clamp-ac-kserve-ppnt:6.4.1 +pullPolicy: Always + +componentName: &componentName policy-clamp-ac-kserve-ppnt + +# application configuration +restServer: + user: participantUser + password: zb!XztG34 + +# flag to enable debugging - application support required +debugEnabled: false + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} +ingress: + enabled: false + +# probe configuration parameters +liveness: + initialDelaySeconds: 20 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + port: kserve-api + +readiness: + initialDelaySeconds: 20 + periodSeconds: 10 + port: kserve-api + +service: + type: ClusterIP + name: *componentName + ports: + - name: kserve-api + port: 8087 + +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + large: + limits: + cpu: 2 + memory: 8Gi + requests: + cpu: 200m + memory: 2Gi + unlimited: {} +#Pods Service Account +serviceAccount: + nameOverride: *componentName + roles: + - create + +config: +# Any new property can be added in the env by setting in overrides in the format mentioned below +# All the added properties must be in "key: value" format instead of yaml. +# additional: +# spring.config.max-size: 200 +# spring.config.min-size: 10 +# Strimzi Kafka config +kafkaUser: + authenticationType: scram-sha-512 + acls: + - name: *componentName + type: group + operations: [Read] + - name: *acRuntimeTopic + type: topic + operations: [Read, Write] + +readinessCheck: + wait_for: + - message-router
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml index a7b7ba8cd8..3d56b169d4 100644 --- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml @@ -25,9 +25,6 @@ dependencies: - name: common version: ~12.x-0 repository: '@local' - - name: certInitializer - version: ~12.x-0 - repository: '@local' - name: repositoryGenerator version: ~12.x-0 repository: '@local' diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml index 9bfeefaf76..f4c26e430a 100644 --- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml @@ -39,7 +39,7 @@ participant: port: 6969 userName: ${API_USER} password: ${API_PASSWORD} - useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }} + useHttps: "false" allowSelfSignedCerts: true policyPapParameters: clientName: pap @@ -47,7 +47,7 @@ participant: port: 6969 userName: ${PAP_USER} password: ${PAP_PASSWORD} - useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }} + useHttps: "false" allowSelfSignedCerts: true intermediaryParameters: reportingTimeIntervalMs: 120000 @@ -109,5 +109,5 @@ server: servlet: context-path: /onap/policyparticipant ssl: - enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} + enabled: false diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml index 726daf1180..a13b9f712f 100644 --- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml @@ -64,24 +64,12 @@ spec: image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config -{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} -{{- if .Values.global.aafEnabled }} - command: ["sh","-c"] - args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ - /opt/app/policy/clamp/bin/policy-participant.sh /opt/app/policy/clamp/etc/mounted/PolicyParticipantParameters.yaml"] -{{- else }} command: ["/opt/app/policy/clamp/bin/policy-participant.sh"] args: ["/opt/app/policy/clamp/etc/mounted/PolicyParticipantParameters.yaml"] - env: - - name: KEYSTORE_PASSWD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} - - name: TRUSTSTORE_PASSWD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} -{{- end }} ports: {{ include "common.containerPorts" . | nindent 12 }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container @@ -98,7 +86,6 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: -{{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -115,7 +102,6 @@ spec: {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: -{{ include "common.certInitializer.volumes" . | indent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml index 206d6e37fa..83839f80bf 100644 --- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml @@ -21,7 +21,6 @@ ################################################################# global: persistence: {} - aafEnabled: false #Strimzi Kafka properties useStrimziKafka: set-via-parent-chart-global-value kafkaTopics: @@ -50,39 +49,6 @@ secrets: login: '{{ .Values.restServer.pap.user }}' password: '{{ .Values.restServer.pap.password }}' passwordPolicy: required - - uid: keystore-password - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.keyStorePassword }}' - passwordPolicy: required - - uid: truststore-password - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.trustStorePassword }}' - passwordPolicy: required - -certStores: - keyStorePassword: Pol1cy_0nap - trustStorePassword: Pol1cy_0nap - -certInitializer: - nameOverride: policy-clamp-ac-pf-ppnt-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - fqdn: policy - fqi: policy@policy.onap.org - public_fqdn: policy.onap.org - cadi_latitude: "0.0" - cadi_longitude: "0.0" - credsPath: /opt/app/osaaf/local - app_ns: org.osaaf.aaf - uid: 100 - gid: 101 - aaf_add_config: > - echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci; - echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; - chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); - ################################################################# # Application configuration defaults. @@ -135,11 +101,10 @@ readiness: service: type: ClusterIP name: *componentName - useNodePortExt: true + internalPort: 8085 ports: - name: http-api port: 8085 - nodePort: 42 flavor: small resources: diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml index e08bd4d490..798dd21a38 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml @@ -27,9 +27,6 @@ dependencies: - name: common version: ~12.x-0 repository: '@local' - - name: certInitializer - version: ~12.x-0 - repository: '@local' - name: repositoryGenerator version: ~12.x-0 repository: '@local' diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml index e9adad70cb..28faa7feed 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml @@ -55,7 +55,7 @@ server: error: path: /error ssl: - enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} + enabled: false runtime: participantParameters: diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml index 5ec20ca7a3..27bc013f0e 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml @@ -74,24 +74,12 @@ spec: image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config -{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} -{{- if .Values.global.aafEnabled }} - command: ["sh","-c"] - args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ - /opt/app/policy/clamp/bin/acm-runtime.sh /opt/app/policy/clamp/etc/mounted/acRuntimeParameters.yaml"] -{{- else }} command: ["/opt/app/policy/clamp/bin/acm-runtime.sh"] args: ["/opt/app/policy/clamp/etc/mounted/acRuntimeParameters.yaml"] - env: - - name: KEYSTORE_PASSWD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} - - name: TRUSTSTORE_PASSWD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} -{{- end }} ports: {{ include "common.containerPorts" . | nindent 12 }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container @@ -108,7 +96,6 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: -{{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -125,7 +112,6 @@ spec: {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: -{{ include "common.certInitializer.volumes" . | indent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml index e35a6c00a8..0ec4be4726 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml @@ -22,7 +22,6 @@ global: nodePortPrefixExt: 304 persistence: {} - aafEnabled: false #Strimzi Kafka properties useStrimziKafka: set-via-parent-chart-global-value kafkaTopics: @@ -39,16 +38,6 @@ secrets: login: '{{ .Values.db.user }}' password: '{{ .Values.db.password }}' passwordPolicy: required - - uid: keystore-password - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.keyStorePassword }}' - passwordPolicy: required - - uid: truststore-password - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.trustStorePassword }}' - passwordPolicy: required - uid: runtime-secret type: basicAuth externalSecret: '{{ tpl (default "" .Values.config.appUserExternalSecret) . }}' @@ -56,29 +45,6 @@ secrets: password: '{{ .Values.config.policyAppUserPassword }}' passwordPolicy: required -certStores: - keyStorePassword: Pol1cy_0nap - trustStorePassword: Pol1cy_0nap - -certInitializer: - nameOverride: policy-clamp-runtime-acm-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - fqdn: policy - fqi: policy@policy.onap.org - public_fqdn: policy.onap.org - cadi_latitude: "0.0" - cadi_longitude: "0.0" - credsPath: /opt/app/osaaf/local - app_ns: org.osaaf.aaf - uid: 100 - gid: 101 - aaf_add_config: > - echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci; - echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; - chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); - - ################################################################# # Application configuration defaults. ################################################################# @@ -131,7 +97,7 @@ affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 20 + initialDelaySeconds: 60 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container @@ -139,18 +105,16 @@ liveness: port: http-api readiness: - initialDelaySeconds: 20 + initialDelaySeconds: 60 periodSeconds: 10 port: http-api service: type: ClusterIP name: *componentName - useNodePortExt: true ports: - name: http-api port: 6969 - nodePort: 42 ingress: enabled: false diff --git a/kubernetes/policy/components/policy-distribution/Chart.yaml b/kubernetes/policy/components/policy-distribution/Chart.yaml index 778bfb60c8..8d5790804b 100755 --- a/kubernetes/policy/components/policy-distribution/Chart.yaml +++ b/kubernetes/policy/components/policy-distribution/Chart.yaml @@ -27,9 +27,6 @@ dependencies: - name: common version: ~12.x-0 repository: '@local' - - name: certInitializer - version: ~12.x-0 - repository: '@local' - name: repositoryGenerator version: ~12.x-0 repository: '@local' diff --git a/kubernetes/policy/components/policy-distribution/resources/config/config.json b/kubernetes/policy/components/policy-distribution/resources/config/config.json index 0db30b2fdd..8def9aebd8 100755 --- a/kubernetes/policy/components/policy-distribution/resources/config/config.json +++ b/kubernetes/policy/components/policy-distribution/resources/config/config.json @@ -27,7 +27,7 @@ "port":6969, "userName":"${RESTSERVER_USER}", "password":"${RESTSERVER_PASSWORD}", - "https": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}, + "https": "false", "prometheus": true }, "receptionHandlerParameters":{ @@ -98,7 +98,7 @@ "port": 6969, "userName": "${API_USER}", "password": "${API_PASSWORD}", - "useHttps": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }} + "useHttps": "false" }, "papParameters": { "clientName": "policy-pap", @@ -106,7 +106,7 @@ "port": 6969, "userName": "${PAP_USER}", "password": "${PAP_PASSWORD}", - "useHttps": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }} + "useHttps": "false" }, "deployPolicies": true } diff --git a/kubernetes/policy/components/policy-distribution/templates/deployment.yaml b/kubernetes/policy/components/policy-distribution/templates/deployment.yaml index 7a3f6d78a3..f11fe83ba9 100755 --- a/kubernetes/policy/components/policy-distribution/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-distribution/templates/deployment.yaml @@ -20,24 +20,12 @@ apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - selector: - matchLabels: - app: {{ include "common.name" . }} + selector: {{- include "common.selectors" . | nindent 4 }} replicas: {{ .Values.replicaCount }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - command: @@ -70,7 +58,6 @@ spec: image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config -{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} @@ -81,20 +68,9 @@ spec: secretKeyRef: name: {{ include "common.name" . }}-ku key: sasl.jaas.config -{{- if .Values.global.aafEnabled }} - command: ["sh","-c"] - args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ - /opt/app/policy/distribution/bin/policy-dist.sh /opt/app/policy/distribution/etc/mounted/config.json"] -{{- else }} - - name: KEYSTORE_PASSWD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} - - name: TRUSTSTORE_PASSWD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} command: ["/opt/app/policy/distribution/bin/policy-dist.sh"] args: ["/opt/app/policy/distribution/etc/mounted/config.json"] -{{- end }} - ports: - - containerPort: {{ .Values.service.internalPort }} + ports: {{ include "common.containerPorts" . | nindent 12 }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{- if eq .Values.liveness.enabled true }} @@ -110,7 +86,6 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: -{{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -127,7 +102,6 @@ spec: {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: -{{ include "common.certInitializer.volumes" . | indent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/policy/components/policy-distribution/templates/service.yaml b/kubernetes/policy/components/policy-distribution/templates/service.yaml index f8fa5415ba..ef4f2613cf 100755 --- a/kubernetes/policy/components/policy-distribution/templates/service.yaml +++ b/kubernetes/policy/components/policy-distribution/templates/service.yaml @@ -19,21 +19,4 @@ # ============LICENSE_END========================================================= */}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - ports: - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} +{{ include "common.service" . }} diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml index 457f5b3c77..e744d09920 100755 --- a/kubernetes/policy/components/policy-distribution/values.yaml +++ b/kubernetes/policy/components/policy-distribution/values.yaml @@ -46,16 +46,6 @@ secrets: login: '{{ .Values.sdcBe.user }}' password: '{{ .Values.sdcBe.password }}' passwordPolicy: required - - uid: keystore-password - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.keyStorePassword }}' - passwordPolicy: required - - uid: truststore-password - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.trustStorePassword }}' - passwordPolicy: required ################################################################# # Global configuration defaults. @@ -97,27 +87,6 @@ papParameters: sdcBe: user: policy password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U -certStores: - keyStorePassword: Pol1cy_0nap - trustStorePassword: Pol1cy_0nap - -certInitializer: - nameOverride: policy-distribution-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - fqdn: policy - fqi: policy@policy.onap.org - public_fqdn: policy.onap.org - cadi_latitude: "0.0" - cadi_longitude: "0.0" - credsPath: /opt/app/osaaf/local - app_ns: org.osaaf.aaf - uid: 100 - gid: 101 - aaf_add_config: > - echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci; - echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; - chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); # default number of instances replicaCount: 1 @@ -141,9 +110,10 @@ readiness: service: type: ClusterIP name: policy-distribution - portName: http - externalPort: 6969 internalPort: 6969 + ports: + - name: http + port: 6969 ingress: enabled: false @@ -181,7 +151,7 @@ metrics: enabled: true port: policy-distribution interval: 60s - isHttps: true + isHttps: false basicAuth: enabled: true externalSecretNameSuffix: policy-distribution-restserver-creds diff --git a/kubernetes/policy/components/policy-drools-pdp/Chart.yaml b/kubernetes/policy/components/policy-drools-pdp/Chart.yaml index 465d16bdf0..37a8f85c15 100755 --- a/kubernetes/policy/components/policy-drools-pdp/Chart.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/Chart.yaml @@ -24,9 +24,6 @@ dependencies: - name: common version: ~12.x-0 repository: '@local' - - name: certInitializer - version: ~12.x-0 - repository: '@local' - name: repositoryGenerator version: ~12.x-0 repository: '@local' diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf index a0b8bc7c4a..cf3c54aab4 100755 --- a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf +++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf @@ -49,15 +49,9 @@ MYSQL_CMD= # Liveness LIVENESS_CONTROLLERS=* -# AAF - -AAF={{.Values.aaf.enabled}} -AAF_NAMESPACE=org.onap.policy -AAF_HOST=aaf-locate.{{.Release.Namespace}} - # HTTP Servers -HTTP_SERVER_HTTPS={{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }} +HTTP_SERVER_HTTPS="false" PROMETHEUS=true # PDP-D DMaaP configuration channel @@ -103,7 +97,7 @@ DMAAP_HTTPS="false" # AAI AAI_HOST=aai.{{.Release.Namespace}} -AAI_PORT={{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }} +AAI_PORT=8080 AAI_CONTEXT_URI= # MSO diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/secrets/credentials.conf b/kubernetes/policy/components/policy-drools-pdp/resources/secrets/credentials.conf index a2a34056f1..c535a950b5 100755 --- a/kubernetes/policy/components/policy-drools-pdp/resources/secrets/credentials.conf +++ b/kubernetes/policy/components/policy-drools-pdp/resources/secrets/credentials.conf @@ -18,12 +18,6 @@ # ============LICENSE_END========================================================= */}} -{{- if not .Values.global.aafEnabled }} -KEYSTORE_PASSWD={{.Values.keystore.password}} -{{- end }} - -TRUSTSTORE_PASSWD={{.Values.truststore.password}} - TELEMETRY_USER={{.Values.telemetry.user}} TELEMETRY_PASSWORD={{.Values.telemetry.password}} diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/service.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/service.yaml index 619d0d4441..c7322b1f94 100755 --- a/kubernetes/policy/components/policy-drools-pdp/templates/service.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/templates/service.yaml @@ -15,34 +15,5 @@ # limitations under the License. */}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}-{{ .Values.service.externalPort }} - - port: {{ .Values.service.externalPort2 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}-{{ .Values.service.externalPort2 }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}-{{ .Values.service.externalPort }} - - port: {{ .Values.service.externalPort2 }} - targetPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}-{{ .Values.service.externalPort2 }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} +{{ include "common.service" . }} + diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml index b11dedf201..4ce90dad1a 100755 --- a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml @@ -17,25 +17,13 @@ apiVersion: apps/v1 kind: StatefulSet -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: + selector: {{- include "common.selectors" . | nindent 4 }} serviceName: {{ include "common.servicename" . }} replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ include "common.name" . }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - command: @@ -68,19 +56,13 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness {{- end }} -{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["sh","-c"] - args: ["if [ -f {{ .Values.certInitializer.credsPath }}/.ci ]; then \ - source {{ .Values.certInitializer.credsPath }}/.ci; fi;\ - cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\ - /opt/app/policy/bin/pdpd-cl-entrypoint.sh boot"] - ports: - - containerPort: {{ .Values.service.externalPort }} - - containerPort: {{ .Values.service.externalPort2 }} + args: ["/opt/app/policy/bin/pdpd-cl-entrypoint.sh boot"] + ports: {{ include "common.containerPorts" . | nindent 12 }} {{- if eq .Values.liveness.enabled true }} livenessProbe: httpGet: @@ -92,7 +74,7 @@ spec: {{- end }} readinessProbe: tcpSocket: - port: {{ .Values.service.externalPort }} + port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: @@ -103,7 +85,6 @@ spec: - name: SQL_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} volumeMounts: -{{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -128,7 +109,6 @@ spec: {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: -{{ include "common.certInitializer.volumes" . | indent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml index ec31bfb7d9..7cc347c519 100755 --- a/kubernetes/policy/components/policy-drools-pdp/values.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml @@ -70,50 +70,19 @@ readiness: service: type: ClusterIP name: policy-drools-pdp - portName: http internalPort: 6969 - externalPort: 6969 - nodePort: 17 - internalPort2: 9696 - externalPort2: 9696 - nodePort2: 21 + ports: + - name: http + port: 6969 + - name: http-2 + port: 9696 ingress: enabled: false -# Default installation values to be overridden - -certInitializer: - nameOverride: policy-drools-pdp-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - fqdn: policy - fqi: policy@policy.onap.org - public_fqdn: policy.onap.org - cadi_latitude: "0.0" - cadi_longitude: "0.0" - credsPath: /opt/app/osaaf/local - app_ns: org.osaaf.aaf - uid: 100 - gid: 101 - aaf_add_config: > - echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci; - echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; - echo "export CADI_KEYFILE='{{ .Values.credsPath }}/org.onap.policy.keyfile'" >> {{ .Values.credsPath }}/.ci; - chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); - server: jvmOpts: -server -XshowSettings:vm -aaf: - enabled: "false" - -keystore: - password: Pol1cy_0nap - -truststore: - password: Pol1cy_0nap - telemetry: user: demo@people.osaaf.org password: demo123456! @@ -212,7 +181,7 @@ metrics: enabled: true port: policy-drools-pdp-9696 interval: 60s - isHttps: true + isHttps: false basicAuth: enabled: true externalSecretNameSuffix: policy-drools-pdp-telemetry-creds diff --git a/kubernetes/policy/components/policy-gui/Chart.yaml b/kubernetes/policy/components/policy-gui/Chart.yaml index b2769c3e7a..e1d809d41b 100644 --- a/kubernetes/policy/components/policy-gui/Chart.yaml +++ b/kubernetes/policy/components/policy-gui/Chart.yaml @@ -24,9 +24,6 @@ name: policy-gui version: 12.0.0 dependencies: - - name: certInitializer - version: ~12.x-0 - repository: '@local' - name: repositoryGenerator version: ~12.x-0 repository: '@local' diff --git a/kubernetes/policy/components/policy-gui/resources/config/application.yml b/kubernetes/policy/components/policy-gui/resources/config/application.yml index 9be81d8ddd..f81a1b452a 100644 --- a/kubernetes/policy/components/policy-gui/resources/config/application.yml +++ b/kubernetes/policy/components/policy-gui/resources/config/application.yml @@ -1,18 +1,12 @@ server: port: 2443 ssl: - enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} -# enabled-protocols: TLSv1.2 -# client-auth: want -# key-store: file:${KEYSTORE} -# key-store-password: ${KEYSTORE_PASSWD} -# trust-store: file:${TRUSTSTORE} -# trust-store-password: ${TRUSTSTORE_PASSWD} + enabled: false clamp: url: - disable-ssl-validation: {{ (eq "true" (include "common.needTLS" .)) | ternary false true }} - disable-ssl-hostname-check: {{ (eq "true" (include "common.needTLS" .)) | ternary false true }} + disable-ssl-validation: true + disable-ssl-hostname-check: true apex-editor: upload-url: diff --git a/kubernetes/policy/components/policy-gui/templates/deployment.yaml b/kubernetes/policy/components/policy-gui/templates/deployment.yaml index 8513943150..7a573d0356 100644 --- a/kubernetes/policy/components/policy-gui/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-gui/templates/deployment.yaml @@ -20,24 +20,12 @@ apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: + selector: {{- include "common.selectors" . | nindent 4 }} replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ include "common.name" . }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - command: @@ -46,14 +34,6 @@ spec: - -c - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" env: - - name: KEYSTORE - value: {{ .Values.certStores.keystoreLocation }} - - name: KEYSTORE_PASSWD - value: {{ .Values.certStores.keyStorePassword }} - - name: TRUSTSTORE - value: {{ .Values.certStores.truststoreLocation }} - - name: TRUSTSTORE_PASSWD - value: {{ .Values.certStores.trustStorePassword }} - name: POLICY_LOGS value: {{ .Values.log.path }} volumeMounts: @@ -78,7 +58,6 @@ spec: image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness -{{ include "common.certInitializer.initContainer" . | nindent 6 }} containers: # side car containers {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }} @@ -86,18 +65,8 @@ spec: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} -{{- if not (include "common.onServiceMesh" .) }} - command: ["sh","-c"] - args: ["source {{ .Values.certInitializer.credsPath }}/.ci;/opt/app/policy/gui/bin/policy-gui.sh"] - env: -{{ else }} command: ["/opt/app/policy/gui/bin/policy-gui.sh"] env: - - name: KEYSTORE_PASSWD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} - - name: TRUSTSTORE_PASSWD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} -{{ end }} - name: CLAMP_URL value: http://policy-clamp-runtime-acm:6969 ports: @@ -116,7 +85,7 @@ spec: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} + volumeMounts: - name: logs mountPath: {{ .Values.log.path }} - mountPath: /opt/app/policy/gui/etc/application.yml @@ -135,7 +104,7 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} + volumes: - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }} diff --git a/kubernetes/policy/components/policy-gui/templates/service.yaml b/kubernetes/policy/components/policy-gui/templates/service.yaml index 827e93a4f2..36406228d5 100644 --- a/kubernetes/policy/components/policy-gui/templates/service.yaml +++ b/kubernetes/policy/components/policy-gui/templates/service.yaml @@ -18,29 +18,4 @@ # ============LICENSE_END========================================================= */}} -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} ---- +{{ include "common.service" . }} diff --git a/kubernetes/policy/components/policy-gui/values.yaml b/kubernetes/policy/components/policy-gui/values.yaml index 178aa4e67c..8b41911799 100644 --- a/kubernetes/policy/components/policy-gui/values.yaml +++ b/kubernetes/policy/components/policy-gui/values.yaml @@ -22,52 +22,6 @@ global: # global defaults nodePortPrefix: 304 centralizedLoggingEnabled: true - #AAF service - aafEnabled: true - -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: keystore-password - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.keyStorePassword }}' - passwordPolicy: required - - uid: truststore-password - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.trustStorePassword }}' - passwordPolicy: required - -certStores: - keyStorePassword: Pol1cy_0nap - keystoreLocation: /opt/app/policy/gui/etc/ssl/policy-keystore - truststoreLocation: /opt/app/policy/gui/etc/ssl/policy-truststore - trustStorePassword: Pol1cy_0nap - -################################################################# -# AAF part -################################################################# -certInitializer: - nameOverride: policy-gui-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - fqdn: policy - fqi: policy@policy.onap.org - public_fqdn: policy.onap.org - cadi_latitude: "0.0" - cadi_longitude: "0.0" - credsPath: /opt/app/osaaf/local - app_ns: org.osaaf.aaf - uid: 100 - gid: 101 - aaf_add_config: > - echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci; - echo "export TRUSTSTORE='{{ .Values.credsPath }}/org.onap.policy.trust.jks'" >> {{ .Values.credsPath }}/.ci; - echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; - echo "export TRUSTSTORE_PASSWD='${cadi_truststore_password}'" >> {{ .Values.credsPath }}/.ci; - chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); subChartsOnly: enabled: true @@ -118,9 +72,11 @@ readiness: service: type: NodePort name: policy-gui - portName: http internalPort: 2443 - nodePort: 43 + ports: + - name: http + port: 2443 + nodePort: 43 # see https://wiki.onap.org/display/DW/OOM+NodePort+List diff --git a/kubernetes/policy/components/policy-nexus/templates/deployment.yaml b/kubernetes/policy/components/policy-nexus/templates/deployment.yaml index 4c945f4605..b18be93805 100755 --- a/kubernetes/policy/components/policy-nexus/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-nexus/templates/deployment.yaml @@ -17,24 +17,12 @@ apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - selector: - matchLabels: - app: {{ include "common.name" . }} + selector: {{- include "common.selectors" . | nindent 4 }} replicas: {{ .Values.replicaCount }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - command: ["sh", "-c", "chown -R 200:200 /share"] diff --git a/kubernetes/policy/components/policy-nexus/templates/service.yaml b/kubernetes/policy/components/policy-nexus/templates/service.yaml index 6bec5619f6..6aee4ca230 100755 --- a/kubernetes/policy/components/policy-nexus/templates/service.yaml +++ b/kubernetes/policy/components/policy-nexus/templates/service.yaml @@ -15,28 +15,4 @@ # limitations under the License. */}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} +{{ include "common.service" . }}
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-nexus/values.yaml b/kubernetes/policy/components/policy-nexus/values.yaml index ac0028d1d9..a7fcdaf832 100755 --- a/kubernetes/policy/components/policy-nexus/values.yaml +++ b/kubernetes/policy/components/policy-nexus/values.yaml @@ -56,10 +56,10 @@ readiness: service: type: ClusterIP name: policy-nexus - portName: http - externalPort: 8081 internalPort: 8081 - nodePort: 36 + ports: + - name: http + port: 8081 ingress: enabled: false diff --git a/kubernetes/policy/components/policy-pap/Chart.yaml b/kubernetes/policy/components/policy-pap/Chart.yaml index 41ec369108..ef41d38f08 100755 --- a/kubernetes/policy/components/policy-pap/Chart.yaml +++ b/kubernetes/policy/components/policy-pap/Chart.yaml @@ -28,9 +28,6 @@ dependencies: - name: common version: ~12.x-0 repository: '@local' - - name: certInitializer - version: ~12.x-0 - repository: '@local' - name: repositoryGenerator version: ~12.x-0 repository: '@local' diff --git a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml index 3063136540..7f6f508c03 100644 --- a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml +++ b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml @@ -57,7 +57,7 @@ spring: server: port: 6969 ssl: - enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} + enabled: false servlet: context-path: /policy/pap/v1 @@ -119,14 +119,14 @@ pap: port: 6969 userName: "${API_USER}" password: "${API_PASSWORD}" - useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} + useHttps: false basePath: policy/api/v1/healthcheck - clientName: distribution hostname: policy-distribution port: 6969 userName: "${DISTRIBUTION_USER}" password: "${DISTRIBUTION_PASSWORD}" - useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} + useHttps: false basePath: healthcheck - clientName: dmaap hostname: message-router diff --git a/kubernetes/policy/components/policy-pap/templates/deployment.yaml b/kubernetes/policy/components/policy-pap/templates/deployment.yaml index f29ab865f1..201f48776d 100755 --- a/kubernetes/policy/components/policy-pap/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-pap/templates/deployment.yaml @@ -77,24 +77,12 @@ spec: image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config -{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} -{{- if .Values.global.aafEnabled }} - command: ["sh","-c"] - args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ - /opt/app/policy/pap/bin/policy-pap.sh /opt/app/policy/pap/etc/mounted/papParameters.yaml"] -{{- else }} command: ["/opt/app/policy/pap/bin/policy-pap.sh"] args: ["/opt/app/policy/pap/etc/mounted/papParameters.yaml"] - env: - - name: KEYSTORE_PASSWD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} - - name: TRUSTSTORE_PASSWD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} -{{- end }} ports: {{ include "common.containerPorts" . | nindent 12 }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container @@ -112,14 +100,13 @@ spec: httpHeaders: - name: Authorization value: Basic {{ printf "%s:%s" .Values.restServer.user .Values.restServer.password | b64enc }} - scheme: {{ (eq "true" (include "common.needTLS" .)) | ternary "HTTPS" "HTTP" }} + scheme: "HTTP" successThreshold: {{ .Values.readiness.successThreshold }} failureThreshold: {{ .Values.readiness.failureThreshold }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} timeoutSeconds: {{ .Values.readiness.timeout }} volumeMounts: -{{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -136,7 +123,6 @@ spec: {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: -{{ include "common.certInitializer.volumes" . | indent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml index 665ef789f9..8a638f60bc 100755 --- a/kubernetes/policy/components/policy-pap/values.yaml +++ b/kubernetes/policy/components/policy-pap/values.yaml @@ -25,7 +25,6 @@ global: nodePortPrefixExt: 304 persistence: {} - aafEnabled: true ################################################################# # Secrets metaconfig @@ -55,16 +54,6 @@ secrets: login: '{{ .Values.healthCheckRestClient.distribution.user }}' password: '{{ .Values.healthCheckRestClient.distribution.password }}' passwordPolicy: required - - uid: keystore-password - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.keyStorePassword }}' - passwordPolicy: required - - uid: truststore-password - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.trustStorePassword }}' - passwordPolicy: required - uid: policy-kafka-user externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' type: genericKV @@ -73,29 +62,6 @@ secrets: value: '{{ .Values.config.someConfig }}' policy: generate -certStores: - keyStorePassword: Pol1cy_0nap - trustStorePassword: Pol1cy_0nap - -certInitializer: - nameOverride: policy-pap-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - fqdn: policy - fqi: policy@policy.onap.org - public_fqdn: policy.onap.org - cadi_latitude: "0.0" - cadi_longitude: "0.0" - credsPath: /opt/app/osaaf/local - app_ns: org.osaaf.aaf - uid: 100 - gid: 101 - aaf_add_config: > - echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci; - echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; - chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); - - ################################################################# # Application configuration defaults. ################################################################# @@ -155,11 +121,9 @@ readiness: service: type: ClusterIP name: policy-pap - useNodePortExt: true ports: - name: http-api port: 6969 - nodePort: 42 ingress: enabled: false @@ -197,7 +161,7 @@ metrics: enabled: true port: http-api interval: 60s - isHttps: true + isHttps: false basicAuth: enabled: true externalSecretNameSuffix: policy-pap-user-creds diff --git a/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml b/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml index 4a5e8d15fa..f08e244f9b 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml @@ -27,9 +27,6 @@ dependencies: - name: common version: ~12.x-0 repository: '@local' - - name: certInitializer - version: ~12.x-0 - repository: '@local' - name: repositoryGenerator version: ~12.x-0 repository: '@local' diff --git a/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json b/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json index d049626106..08dcb67182 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json +++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json @@ -26,7 +26,7 @@ "port": 6969, "userName": "${RESTSERVER_USER}", "password": "${RESTSERVER_PASSWORD}", - "https": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}, + "https": "false", "aaf": false, "prometheus": true }, @@ -35,7 +35,7 @@ "port": 6969, "userName": "${API_USER}", "password": "${API_PASSWORD}", - "useHttps": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}, + "useHttps": "false", "aaf": false }, "applicationParameters": { diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml index 30500428bf..ee5a5722c0 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml @@ -20,24 +20,12 @@ apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - selector: - matchLabels: - app: {{ include "common.name" . }} + selector: {{- include "common.selectors" . | nindent 4 }} replicas: {{ .Values.replicaCount }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - command: @@ -80,24 +68,12 @@ spec: image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config -{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} -{{- if .Values.global.aafEnabled }} - command: ["sh","-c"] - args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ - /opt/app/policy/pdpx/bin/policy-pdpx.sh /opt/app/policy/pdpx/etc/mounted/config.json"] -{{- else }} command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"] args: ["/opt/app/policy/pdpx/etc/mounted/config.json"] - env: - - name: KEYSTORE_PASSWD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} - - name: TRUSTSTORE_PASSWD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} -{{- end }} ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -115,7 +91,6 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: -{{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -132,7 +107,6 @@ spec: {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: -{{ include "common.certInitializer.volumes" . | indent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/service.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/service.yaml index 42995c8985..3e76c2ba36 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/templates/service.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/templates/service.yaml @@ -18,22 +18,4 @@ # ============LICENSE_END========================================================= */}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} +{{ include "common.service" . }}
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml index 74be6f3b88..44ae16de1d 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml @@ -21,7 +21,6 @@ ################################################################# global: persistence: {} - aafEnabled: true ################################################################# # Secrets metaconfig @@ -45,39 +44,6 @@ secrets: login: '{{ .Values.apiServer.user }}' password: '{{ .Values.apiServer.password }}' passwordPolicy: required - - uid: keystore-password - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.keyStorePassword }}' - passwordPolicy: required - - uid: truststore-password - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.trustStorePassword }}' - passwordPolicy: required - -certStores: - keyStorePassword: Pol1cy_0nap - trustStorePassword: Pol1cy_0nap - -certInitializer: - nameOverride: policy-xacml-pdp-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - fqdn: policy - fqi: policy@policy.onap.org - public_fqdn: policy.onap.org - cadi_latitude: "0.0" - cadi_longitude: "0.0" - credsPath: /opt/app/osaaf/local - app_ns: org.osaaf.aaf - uid: 100 - gid: 101 - aaf_add_config: > - echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci; - echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; - chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); - ################################################################# # Application configuration defaults. @@ -128,9 +94,10 @@ readiness: service: type: ClusterIP name: policy-xacml-pdp - portName: http - externalPort: 6969 internalPort: 6969 + ports: + - name: http + port: 6969 ingress: enabled: false @@ -168,7 +135,7 @@ metrics: enabled: true port: policy-xacml-pdp interval: 60s - isHttps: true + isHttps: false basicAuth: enabled: true externalSecretNameSuffix: policy-xacml-pdp-restserver-creds diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml index 968ca32d42..4bf9def21e 100755 --- a/kubernetes/policy/templates/job.yaml +++ b/kubernetes/policy/templates/job.yaml @@ -31,6 +31,8 @@ spec: app: {{ include "common.name" . }}-galera-init release: {{ include "common.release" . }} name: {{ include "common.name" . }}-galera-init + annotations: + sidecar.istio.io/inject: "false" spec: imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" @@ -60,8 +62,6 @@ spec: - /bin/sh - -cx - | - {{- if include "common.onServiceMesh" . }} - echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }} /dbcmd-config/db.sh env: - name: MYSQL_ROOT_PASSWORD @@ -73,23 +73,6 @@ spec: - name: MYSQL_PORT value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}" resources: {{ include "common.resources" . | nindent 10 }} - {{- if (include "common.onServiceMesh" .) }} - - name: policy-service-mesh-wait-for-job-container - image: {{ include "repositoryGenerator.image.quitQuit" . }} - imagePullPolicy: Always - command: - - /bin/sh - - "-c" - args: - - echo "waiting 10s for istio side cars to be up"; sleep 10s; - /app/ready.py --service-mesh-check {{ include "common.name" . }}-galera-config -t 45; - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- end }} restartPolicy: Never serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: @@ -118,6 +101,8 @@ spec: app: {{ include "common.name" . }}-pg-init release: {{ include "common.release" . }} name: {{ include "common.name" . }}-pg-init + annotations: + sidecar.istio.io/inject: "false" spec: imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" @@ -134,8 +119,6 @@ spec: - /bin/sh - -cx - | - {{- if include "common.onServiceMesh" . }} - echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }} /docker-entrypoint-initdb.d/db-pg.sh env: - name: PG_ADMIN_PASSWORD @@ -149,23 +132,6 @@ spec: - name: PG_PORT value: "{{ .Values.postgres.service.internalPort }}" resources: {{ include "common.resources" . | nindent 10 }} - {{- if (include "common.onServiceMesh" .) }} - - name: policy-service-mesh-wait-for-job-container - image: {{ include "repositoryGenerator.image.quitQuit" . }} - imagePullPolicy: Always - command: - - /bin/sh - - "-c" - args: - - echo "waiting 10s for istio side cars to be up"; sleep 10s; - /app/ready.py --service-mesh-check {{ include "common.name" . }}-pg-config -t 45; - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- end }} restartPolicy: Never serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: @@ -194,6 +160,8 @@ spec: app: {{ include "common.name" . }}-galera-config release: {{ include "common.release" . }} name: {{ include "common.name" . }}-galera-config + annotations: + sidecar.istio.io/inject: "false" spec: imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" @@ -224,8 +192,6 @@ spec: - /bin/sh - -cx - | - {{- if include "common.onServiceMesh" . }} - echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }} /dbcmd-config/db_migrator_policy_init.sh env: - name: SQL_HOST @@ -241,23 +207,6 @@ spec: - name: SCRIPT_DIRECTORY value: "sql" resources: {{ include "common.resources" . | nindent 10 }} - {{- if (include "common.onServiceMesh" .) }} - - name: policy-service-mesh-wait-for-job-container - image: {{ include "repositoryGenerator.image.quitQuit" . }} - imagePullPolicy: Always - command: - - /bin/sh - - "-c" - args: - - echo "waiting 10s for istio side cars to be up"; sleep 10s; - /app/ready.py --service-mesh-check {{ include "common.name" . }}-galera-db-migrator -t 45; - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- end }} restartPolicy: Never serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: @@ -286,6 +235,8 @@ spec: app: {{ include "common.name" . }}-pg-config release: {{ include "common.release" . }} name: {{ include "common.name" . }}-pg-config + annotations: + sidecar.istio.io/inject: "false" spec: imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" @@ -316,8 +267,6 @@ spec: - /bin/sh - -cx - | - {{- if include "common.onServiceMesh" . }} - echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }} /dbcmd-config/db_migrator_pg_policy_init.sh env: - name: SQL_HOST @@ -335,23 +284,6 @@ spec: - name: PGPASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }} resources: {{ include "common.resources" . | nindent 10 }} - {{- if (include "common.onServiceMesh" .) }} - - name: policy-service-mesh-wait-for-job-container - image: {{ include "repositoryGenerator.image.quitQuit" . }} - imagePullPolicy: Always - command: - - /bin/sh - - "-c" - args: - - echo "waiting 10s for istio side cars to be up"; sleep 10s; - /app/ready.py --service-mesh-check {{ include "common.name" . }}-pg-db-migrator -t 45; - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- end }} restartPolicy: Never serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index 3ff153ac6a..7abd75d832 100755 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -18,7 +18,6 @@ # Global configuration defaults. ################################################################# global: - aafEnabled: false mariadb: # '&mariadbConfig' means we "store" the values for later use in the file # with '*mariadbConfig' pointer. @@ -143,6 +142,8 @@ policy-clamp-ac-http-ppnt: enabled: true policy-clamp-ac-a1pms-ppnt: enabled: true +policy-clamp-ac-kserve-ppnt: + enabled: true policy-clamp-runtime-acm: enabled: true db: *dbSecretsHook diff --git a/kubernetes/sdc/components/sdc-be/Chart.yaml b/kubernetes/sdc/components/sdc-be/Chart.yaml index fe9f39108b..044d725fef 100644 --- a/kubernetes/sdc/components/sdc-be/Chart.yaml +++ b/kubernetes/sdc/components/sdc-be/Chart.yaml @@ -24,9 +24,6 @@ dependencies: - name: common version: ~12.x-0 repository: '@local' - - name: certInitializer - version: ~12.x-0 - repository: '@local' - name: repositoryGenerator version: ~12.x-0 repository: '@local' diff --git a/kubernetes/sdc/components/sdc-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml index d50a83b2fd..d6ea50e84e 100644 --- a/kubernetes/sdc/components/sdc-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml @@ -24,7 +24,7 @@ spec: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: - initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} + initContainers: - name: {{ include "common.name" . }}-readiness command: - /app/ready.py @@ -57,7 +57,7 @@ spec: - /app/ready.py args: - --job-name - - {{ include "common.release" . }}-sdc-onboarding-be-cassandra-init + - {{ include "common.release" . }}-sdc-onboarding-be env: - name: NAMESPACE valueFrom: @@ -71,54 +71,11 @@ spec: requests: cpu: 3m memory: 20Mi - {{- if .Values.global.aafEnabled }} - - name: {{ include "common.name" . }}-update-config - image: {{ include "repositoryGenerator.image.envsubst" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - sh - args: - - "-c" - - | - export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) - export KEYSTORE_PASS=$cadi_keystore_password_p12 - export KEYMANAGER_PASS=$cadi_keystore_password_p12 - export TRUSTSTORE_PASS=$cadi_truststore_password - cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output - cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output - cd /config-input && \ - for PFILE in `find . -not -type d | grep -v -F ..` - do - envsubst <${PFILE} >/config-output/${PFILE} - chmod 0755 /config-output/${PFILE} - done - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 3m - memory: 20Mi - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - - name: sdc-environments-input - mountPath: /config-input/ - - name: sdc-environments - mountPath: /config-output/ - {{- end }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - {{- if .Values.global.aafEnabled }} - command: - - sh - args: - - "-c" - - | - sed -i '/trustStorePassword/d' ${JETTY_BASE}/startup.sh - ${JETTY_BASE}/startup.sh - {{- end }} - ports: {{ include "common.containerPorts" . | nindent 10 }} + ports: {{ include "common.containerPorts" . | nindent 12 }} {{ if eq .Values.liveness.enabled true }} livenessProbe: httpGet: @@ -173,14 +130,6 @@ spec: volumeMounts: - name: sdc-environments mountPath: /app/jetty/chef-solo/environments/ - {{- if .Values.global.aafEnabled }} - - name: sdc-environments - mountPath: /app/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.p12 - subPath: org.onap.sdc.p12 - - name: sdc-environments - mountPath: /app/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.trust.jks - subPath: org.onap.sdc.trust.jks - {{- end }} - name: localtime mountPath: /etc/localtime readOnly: true @@ -196,7 +145,7 @@ spec: # side car containers {{ include "common.log.sidecar" . | nindent 8 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} + volumes: - name: localtime hostPath: path: /etc/localtime @@ -205,10 +154,6 @@ spec: configMap: name : {{ include "common.fullname" . }}-logging-configmap - name: sdc-environments - {{- if .Values.global.aafEnabled }} - emptyDir: { medium: "Memory" } - - name: sdc-environments-input - {{- end }} configMap: name: {{ include "common.release" . }}-sdc-environments-configmap defaultMode: 0755 diff --git a/kubernetes/sdc/components/sdc-be/templates/ingress.yaml b/kubernetes/sdc/components/sdc-be/templates/ingress.yaml index 8f87c68f1e..90875ab5cc 100644 --- a/kubernetes/sdc/components/sdc-be/templates/ingress.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/ingress.yaml @@ -1 +1,18 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2023 Deutsche Telekom +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + {{ include "common.ingress" . }} diff --git a/kubernetes/sdc/components/sdc-be/templates/job.yaml b/kubernetes/sdc/components/sdc-be/templates/job.yaml index 5f70991e6f..fc7e108024 100644 --- a/kubernetes/sdc/components/sdc-be/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/job.yaml @@ -17,10 +17,7 @@ apiVersion: batch/v1 kind: Job -metadata: - name: {{ include "common.fullname" . }}-config-backend - namespace: {{ include "common.namespace" . }} - labels: {{- include "common.labels" . | nindent 4 }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: backoffLimit: 20 template: diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml index e0493c6d7d..7b5b2b0efc 100644 --- a/kubernetes/sdc/components/sdc-be/values.yaml +++ b/kubernetes/sdc/components/sdc-be/values.yaml @@ -19,7 +19,6 @@ ################################################################# global: nodePortPrefix: 302 - aafEnabled: true sdc_cassandra: #This flag allows SDC to instantiate its own cluster, serviceName #should be sdc-cs if this flag is enabled @@ -52,26 +51,6 @@ debugEnabled: false env: name: &env AUTO -certInitializer: - nameOverride: sdc-be-cert-init - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - fqdn: sdc - fqi: sdc@sdc.onap.org - public_fqdn: sdc.onap.org - cadi_longitude: "0.0" - cadi_latitude: "0.0" - app_ns: org.osaaf.aaf - credsPath: /opt/app/osaaf/local - addconfig: true - keystoreFile: "org.onap.sdc.p12" - truststoreFile: "org.onap.sdc.trust.jks" - permission_user: 352070 - permission_group: 35953 - aaf_add_config: | - echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" > {{ .Values.credsPath }}/mycreds.prop - echo "cadi_truststore_password=$cadi_truststore_password" >> {{ .Values.credsPath }}/mycreds.prop - ################################################################# # SDC Config part ################################################################# @@ -126,36 +105,32 @@ startup: service: type: NodePort name: sdc-be - both_tls_and_plain: true internalPort: 8080 - msb: - - port: 8443 - url: "/sdc/v1" - version: "v1" - protocol: "REST" - visualRange: "1" - serviceName: sdc - enable_ssl: true - - port: 8080 - url: "/sdc/v1" - version: "v1" - protocol: "REST" - visualRange: "1" - serviceName: sdc-deprecated ports: - name: tcp-api - port: 8443 - plain_port: 8080 + port: 8080 port_protocol: http nodePort: '04' + annotations: + msb.onap.org/service-info: | + {{ if .Values.global.msbEnabled -}}[ + { + "serviceName": "sdc-be", + "version": "v1", + "url": "/sdc/v1", + "path":"/sdc/v1", + "protocol": "REST", + "visualRange":"1", + "port": "{{ .Values.service.internalPort }}", + } + ]{{ end }} ingress: enabled: false service: - baseaddr: "sdc-be-api" name: "sdc-be" - port: 8443 - plain_port: 8080 + port: 8080 config: ssl: "redirect" diff --git a/kubernetes/sdc/components/sdc-cs/templates/job.yaml b/kubernetes/sdc/components/sdc-cs/templates/job.yaml index 0eeeff52da..31ab047c7a 100644 --- a/kubernetes/sdc/components/sdc-cs/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-cs/templates/job.yaml @@ -17,14 +17,7 @@ apiVersion: batch/v1 kind: Job -metadata: - name: {{ include "common.fullname" . }}-config-cassandra - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }}-job - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: backoffLimit: 20 template: diff --git a/kubernetes/sdc/components/sdc-fe/Chart.yaml b/kubernetes/sdc/components/sdc-fe/Chart.yaml index 7b646bdf30..c8e53e0ba5 100644 --- a/kubernetes/sdc/components/sdc-fe/Chart.yaml +++ b/kubernetes/sdc/components/sdc-fe/Chart.yaml @@ -21,9 +21,6 @@ name: sdc-fe version: 12.0.0 dependencies: - - name: certInitializer - version: ~12.x-0 - repository: '@local' - name: repositoryGenerator version: ~12.x-0 repository: '@local' diff --git a/kubernetes/sdc/components/sdc-fe/resources/config/plugins/plugins-configuration.yaml b/kubernetes/sdc/components/sdc-fe/resources/config/plugins/plugins-configuration.yaml index cc91960dbf..1648555ffc 100644 --- a/kubernetes/sdc/components/sdc-fe/resources/config/plugins/plugins-configuration.yaml +++ b/kubernetes/sdc/components/sdc-fe/resources/config/plugins/plugins-configuration.yaml @@ -1,10 +1,6 @@ pluginsList: - pluginId: WORKFLOW - {{- if (include "common.needTLS" .) }} - pluginDiscoveryUrl: "{{ .Values.config.plugins.workflow_discovery_url.https }}" - {{- else }} pluginDiscoveryUrl: "{{ .Values.config.plugins.workflow_discovery_url.http }}" - {{- end }} pluginSourceUrl: "{{ .Values.config.plugins.workflow_source_url }}" pluginStateUrl: "workflowDesigner" pluginDisplayOptions: diff --git a/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml index 599e32e175..6bebe6f3fb 100644 --- a/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml @@ -1,6 +1,7 @@ {{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T, ZTE +# Modifications Copyright © 2023 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,26 +18,14 @@ apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - selector: - matchLabels: - app: {{ include "common.name" . }} + selector: {{- include "common.selectors" . | nindent 4 }} replicas: {{ .Values.replicaCount }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: - initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} + initContainers: - name: {{ include "common.name" . }}-job-completion image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}" @@ -44,7 +33,7 @@ spec: - /app/ready.py args: - --job-name - - {{ include "common.release" . }}-sdc-be-config-backend + - {{ include "common.release" . }}-sdc-be - "-t" - "35" env: @@ -60,60 +49,15 @@ spec: requests: cpu: 3m memory: 20Mi - {{- if .Values.global.aafEnabled }} - - name: {{ include "common.name" . }}-update-config - image: {{ include "repositoryGenerator.image.envsubst" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - sh - args: - - "-c" - - | - export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) - export KEYSTORE_PASS=$cadi_keystore_password_p12 - export KEYMANAGER_PASS=$cadi_keystore_password_p12 - export TRUSTSTORE_PASS=$cadi_truststore_password - cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output - cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output - cd /config-input && \ - for PFILE in `find . -not -type d | grep -v -F ..` - do - envsubst <${PFILE} >/config-output/${PFILE} - chmod 0755 /config-output/${PFILE} - done - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - - name: sdc-environments-input - mountPath: /config-input/ - - name: sdc-environments - mountPath: /config-output/ - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 3m - memory: 20Mi - {{- end }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - {{- if .Values.global.aafEnabled }} - command: - - sh - args: - - "-c" - - | - sed -i '/trustStorePassword/d' ${JETTY_BASE}/startup.sh - ${JETTY_BASE}/startup.sh - {{- end }} - ports: - - containerPort: {{ .Values.service.internalPort }} - - containerPort: {{ .Values.service.internalPort2 }} + ports: {{ include "common.containerPorts" . | nindent 12 }} {{ if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: - port: {{ .Values.service.internalPort2 }} + port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} @@ -122,7 +66,7 @@ spec: {{ end }} readinessProbe: tcpSocket: - port: {{ .Values.service.internalPort2 }} + port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} @@ -130,7 +74,7 @@ spec: failureThreshold: {{ .Values.readiness.failureThreshold }} startupProbe: tcpSocket: - port: {{ .Values.service.internalPort2 }} + port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }} periodSeconds: {{ .Values.startup.periodSeconds }} timeoutSeconds: {{ .Values.startup.timeoutSeconds }} @@ -149,14 +93,6 @@ spec: volumeMounts: - name: sdc-environments mountPath: /app/jetty/chef-solo/environments/ - {{- if .Values.global.aafEnabled }} - - name: sdc-environments - mountPath: /app/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.p12 - subPath: org.onap.sdc.p12 - - name: sdc-environments - mountPath: /app/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.trust.jks - subPath: org.onap.sdc.trust.jks - {{- end }} - name: localtime mountPath: /etc/localtime readOnly: true @@ -175,7 +111,7 @@ spec: # side car containers {{ include "common.log.sidecar" . | nindent 8 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} + volumes: - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/sdc/components/sdc-fe/templates/ingress.yaml b/kubernetes/sdc/components/sdc-fe/templates/ingress.yaml index 8f87c68f1e..90875ab5cc 100644 --- a/kubernetes/sdc/components/sdc-fe/templates/ingress.yaml +++ b/kubernetes/sdc/components/sdc-fe/templates/ingress.yaml @@ -1 +1,18 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2023 Deutsche Telekom +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + {{ include "common.ingress" . }} diff --git a/kubernetes/sdc/components/sdc-fe/templates/service.yaml b/kubernetes/sdc/components/sdc-fe/templates/service.yaml index 30c3d1122f..0a349834b4 100644 --- a/kubernetes/sdc/components/sdc-fe/templates/service.yaml +++ b/kubernetes/sdc/components/sdc-fe/templates/service.yaml @@ -1,6 +1,7 @@ {{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T, ZTE +# Modifications Copyright © 2023 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,39 +16,4 @@ # limitations under the License. */}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: - msb.onap.org/service-info: '[ - { - "serviceName": "sdc-gui", - "version": "v1", - "url": "/sdc1", - "protocol": "UI", - "port": "{{ .Values.service.internalPort }}", - "visualRange":"0|1" - } - ]' -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} - {{- else -}} - - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.externalPort2 .Values.service.externalPort }} - targetPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} - name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} +{{ include "common.service" . }}
\ No newline at end of file diff --git a/kubernetes/sdc/components/sdc-fe/values.yaml b/kubernetes/sdc/components/sdc-fe/values.yaml index a9eef905c4..b4a8bd6bfe 100644 --- a/kubernetes/sdc/components/sdc-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-fe/values.yaml @@ -18,30 +18,6 @@ ################################################################# global: nodePortPrefix: 302 - aafEnabled: true - -################################################################# -# AAF Part -################################################################# -certInitializer: - nameOverride: sdc-fe-cert-init - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - fqdn: sdc - fqi: sdc@sdc.onap.org - public_fqdn: sdc.onap.org - cadi_longitude: "0.0" - cadi_latitude: "0.0" - app_ns: org.osaaf.aaf - credsPath: /opt/app/osaaf/local - addconfig: true - keystoreFile: "org.onap.sdc.p12" - truststoreFile: "org.onap.sdc.trust.jks" - permission_user: 352070 - permission_group: 35953 - aaf_add_config: | - echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" > {{ .Values.credsPath }}/mycreds.prop - echo "cadi_truststore_password=$cadi_truststore_password" >> {{ .Values.credsPath }}/mycreds.prop ################################################################# # Application configuration defaults. @@ -54,15 +30,12 @@ config: javaOptions: "-Xmx256m -Xms256m" plugins: dcae_discovery_url: - https: "https://sdc-dcae-fe:9444/dcaed/#/home" http: "http://sdc-dcae-fe:8183/dcaed/#/home" dcae_source_url: "https://sdc.dcae.plugin.simpledemo.onap.org:30264/dcaed/#/home" dcae_dt_discovery_url: - https: "https://sdc-dcae-dt:9446/dcae/#/dcae/home" http: "http://sdc-dcae-dt:8186/dcae/#/dcae/home" dcae_dt_source_url: "https://sdc.dcae.plugin.simpledemo.onap.org:30266/dcae/#/dcae/home" workflow_discovery_url: - https: "https://sdc-wfd-fe:8443/workflows" http: "http://sdc-wfd-fe:8080/workflows" workflow_source_url: "https://sdc.workflow.plugin.simpledemo.onap.org:30256/workflows/" @@ -106,26 +79,32 @@ startup: failureThreshold: 60 service: - #Example service definition with external, internal and node ports. - #Services may use any combination of ports depending on the 'type' of - #service being defined. type: NodePort name: sdc-fe - portName: http internalPort: 8181 - externalPort: 8181 - internalPort2: 9443 - externalPort2: 9443 - nodePort: "07" - + ports: + - name: http + port: 8181 + nodePort: '07' + annotations: + msb.onap.org/service-info: | + {{ if .Values.global.msbEnabled -}}[ + { + "serviceName": "sdc-ui", + "version": "v1", + "url": "/sdc1", + "protocol": "UI", + "visualRange":"0|1", + "port": "{{ .Values.service.internalPort }}", + } + ]{{ end }} ingress: enabled: false service: - baseaddr: "sdc-fe-ui" name: "sdc-fe" - port: 9443 - plain_port: 8181 + port: 8181 config: ssl: "redirect" diff --git a/kubernetes/sdc/components/sdc-onboarding-be/Chart.yaml b/kubernetes/sdc/components/sdc-onboarding-be/Chart.yaml index 6032061d13..92f8716d77 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/Chart.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/Chart.yaml @@ -21,9 +21,6 @@ name: sdc-onboarding-be version: 12.0.0 dependencies: - - name: certInitializer - version: ~12.x-0 - repository: '@local' - name: repositoryGenerator version: ~12.x-0 repository: '@local' diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml index 8180cc79f1..6c392ef24c 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml @@ -18,26 +18,14 @@ apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - selector: - matchLabels: - app: {{ include "common.name" . }} + selector: {{- include "common.selectors" . | nindent 4 }} replicas: {{ .Values.replicaCount }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: - initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} + initContainers: - name: {{ include "common.name" . }}-job-completion image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}" @@ -45,7 +33,7 @@ spec: - /app/ready.py args: - --job-name - - {{ include "common.release" . }}-sdc-onboarding-be-cassandra-init + - {{ include "common.release" . }}-sdc-onboarding-be env: - name: NAMESPACE valueFrom: @@ -59,73 +47,16 @@ spec: requests: cpu: 3m memory: 20Mi - {{- if .Values.global.aafEnabled }} - - name: {{ include "common.name" . }}-update-config - image: {{ include "repositoryGenerator.image.envsubst" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - sh - args: - - "-c" - - | - export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) - export KEYSTORE_PASS=$cadi_keystore_password_p12 - export KEYMANAGER_PASS=$cadi_keystore_password_p12 - export TRUSTSTORE_PASS=$cadi_truststore_password - cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output - cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output - cd /config-input && \ - for PFILE in `find . -not -type d | grep -v -F ..` - do - envsubst <${PFILE} >/config-output/${PFILE} - chmod 0755 /config-output/${PFILE} - done - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - - name: sdc-environments-input - mountPath: /config-input/ - - name: sdc-environments - mountPath: /config-output/ - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 3m - memory: 20Mi - {{- end }} - - name: volume-permissions - image: {{ include "repositoryGenerator.image.busybox" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - sh - args: - - "-c" - - | - chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //onboard/cert - securityContext: - runAsUser: 0 - volumeMounts: - - name: cert-storage - mountPath: "/onboard/cert" - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 3m - memory: 20Mi containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - - containerPort: {{ .Values.service.internalPort2 }} + ports: {{ include "common.containerPorts" . | nindent 12 }} {{ if eq .Values.liveness.enabled true }} livenessProbe: httpGet: path: /onboarding-api/v1.0/healthcheck - port: {{ .Values.service.internalPort2 }} + port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} @@ -135,7 +66,7 @@ spec: readinessProbe: httpGet: path: /onboarding-api/v1.0/healthcheck - port: {{ .Values.service.internalPort2 }} + port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} @@ -144,7 +75,7 @@ spec: startupProbe: httpGet: path: /onboarding-api/v1.0/healthcheck - port: {{ .Values.service.internalPort2 }} + port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }} periodSeconds: {{ .Values.startup.periodSeconds }} timeoutSeconds: {{ .Values.startup.timeoutSeconds }} @@ -171,25 +102,15 @@ spec: valueFrom: secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_password} - name: SDC_CERT_DIR - value: {{ .Values.cert.certDir }} + value: "" volumeMounts: - name: sdc-environments mountPath: /app/jetty/chef-solo/environments/ - {{- if .Values.global.aafEnabled }} - - name: sdc-environments - mountPath: /app/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.p12 - subPath: org.onap.sdc.p12 - - name: sdc-environments - mountPath: /app/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.trust.jks - subPath: org.onap.sdc.trust.jks - {{- end }} - name: localtime mountPath: /etc/localtime readOnly: true - name: logs mountPath: /var/log/onap - - name: cert-storage - mountPath: "{{ .Values.cert.certDir }}" - name: logback mountPath: /tmp/logback.xml subPath: logback.xml @@ -200,27 +121,19 @@ spec: # side car containers {{ include "common.log.sidecar" . | nindent 8 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} + volumes: - name: localtime hostPath: path: /etc/localtime - {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: logback configMap: name : {{ include "common.fullname" . }}-logging-configmap - name: sdc-environments - {{- if .Values.global.aafEnabled }} - emptyDir: { medium: "Memory" } - - name: sdc-environments-input - {{- end }} configMap: name: {{ include "common.release" . }}-sdc-environments-configmap defaultMode: 0755 - name: logs emptyDir: {} - - name: cert-storage - persistentVolumeClaim: - claimName: {{ include "common.fullname" . }}-cert imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml index bfc1ef8e7b..41996ff4cd 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml @@ -17,14 +17,7 @@ apiVersion: batch/v1 kind: Job -metadata: - name: {{ include "common.fullname" . }}-cassandra-init - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }}-job - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: backoffLimit: 20 template: @@ -42,7 +35,7 @@ spec: - /app/ready.py args: - --job-name - - {{ include "common.release" . }}-sdc-cs-config-cassandra + - {{ include "common.release" . }}-sdc-cs - "-t" - "20" env: diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/pv.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/pv.yaml deleted file mode 100644 index bc110c3b0f..0000000000 --- a/kubernetes/sdc/components/sdc-onboarding-be/templates/pv.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{/* -# ================================================================================ -# Copyright (C) 2019, Nordix Foundation. All rights reserved. -# ================================================================================ -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -{{- if and .Values.persistence.enabled (not .Values.cert.persistence.existingClaim) -}} -{{- if eq "True" (include "common.needPV" .) -}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} -spec: - capacity: - storage: {{ .Values.cert.persistence.size}} - accessModes: - - {{ .Values.cert.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ .Values.cert.persistence.volumeReclaimPolicy }} - storageClassName: "{{ include "common.fullname" . }}-data" - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.cert.persistence.mountSubPath }} -{{- end -}} -{{- end -}} diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/pvc.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/pvc.yaml deleted file mode 100644 index 006d736b63..0000000000 --- a/kubernetes/sdc/components/sdc-onboarding-be/templates/pvc.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{/* -# ================================================================================ -# Copyright (C) 2019, Nordix Foundation. All rights reserved. -# ================================================================================ -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -{{- if and .Values.cert.persistence.enabled (not .Values.cert.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-cert - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.cert.persistence.annotations }} - annotations: -{{ toYaml .Values.cert.persistence.annotations | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.cert.persistence.accessMode }} - storageClassName: {{ include "common.storageClass" . }} - resources: - requests: - storage: {{ .Values.cert.persistence.size }} -{{- end -}} diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/service.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/service.yaml index ece5a439a3..0a349834b4 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/templates/service.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/service.yaml @@ -1,6 +1,7 @@ {{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T, ZTE +# Modifications Copyright © 2023 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,35 +16,4 @@ # limitations under the License. */}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName | default "http" }}s - - - port: {{ .Values.service.externalPort2 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.service.portName | default "http" }}} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName | default "http" }}s - - port: {{ .Values.service.externalPort2 }} - targetPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.portName | default "http" }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} +{{ include "common.service" . }}
\ No newline at end of file diff --git a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml index b34ce76fc7..2066835fcf 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml @@ -18,7 +18,6 @@ ################################################################# global: nodePortPrefix: 302 - aafEnabled: true persistence: {} sdc_cassandra: #This flag allows SDC to instantiate its own cluster, serviceName @@ -33,29 +32,6 @@ global: dataCenter: Pod ################################################################# -# AAF Part -################################################################# -certInitializer: - nameOverride: sdc-onboarding-be-cert-init - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - fqdn: sdc - fqi: sdc@sdc.onap.org - public_fqdn: sdc.onap.org - cadi_longitude: "0.0" - cadi_latitude: "0.0" - app_ns: org.osaaf.aaf - credsPath: /opt/app/osaaf/local - addconfig: true - keystoreFile: "org.onap.sdc.p12" - truststoreFile: "org.onap.sdc.trust.jks" - permission_user: 352070 - permission_group: 35953 - aaf_add_config: | - echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" > {{ .Values.credsPath }}/mycreds.prop - echo "cadi_truststore_password=$cadi_truststore_password" >> {{ .Values.credsPath }}/mycreds.prop - -################################################################# # Application configuration defaults. ################################################################# # application image @@ -109,12 +85,10 @@ startup: service: type: ClusterIP name: sdc-onboarding-be - portName: http - internalPort: 8445 - externalPort: 8445 - - internalPort2: 8081 - externalPort2: 8081 + internalPort: 8081 + ports: + - name: http + port: 8081 ## Persist data to a persitent volume persistence: @@ -139,17 +113,6 @@ persistence: mountPath: /dockerdata-nfs mountSubPath: /sdc/sdc-cs/CS -##Certificate storage persistence -##This is temporary solution for SDC-1980 -cert: - certDir: /app/jetty/cert - persistence: - enabled: true - size: 10Mi - accessMode: ReadWriteOnce - volumeReclaimPolicy: Retain - mountSubPath: /sdc/onbaording/cert - securityContext: fsGroup: 35953 runAsUser: 352070 diff --git a/kubernetes/sdc/components/sdc-wfd-be/Chart.yaml b/kubernetes/sdc/components/sdc-wfd-be/Chart.yaml index 51e84a690e..55b79aa127 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/Chart.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/Chart.yaml @@ -20,9 +20,6 @@ name: sdc-wfd-be version: 12.0.0 dependencies: - - name: certInitializer - version: ~12.x-0 - repository: '@local' - name: repositoryGenerator version: ~12.x-0 repository: '@local' diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml index a187e19a75..da620359da 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml @@ -1,6 +1,7 @@ {{/* # Copyright © 2017 Amdocs, AT&T, Bell Canada # Modifications Copyright © 2018 ZTE +# Modifications Copyright © 2023 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,26 +18,14 @@ apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - selector: - matchLabels: - app: {{ include "common.name" . }} + selector: {{- include "common.selectors" . | nindent 4 }} replicas: {{ .Values.replicaCount }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: - initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} + initContainers: {{- if .Values.initJob.enabled }} - name: {{ include "common.name" . }}-job-completion image: {{ include "repositoryGenerator.image.readiness" . }} @@ -45,7 +34,7 @@ spec: - /app/ready.py args: - --job-name - - {{ include "common.fullname" . }}-workflow-init + - {{ include "common.fullname" . }} env: - name: NAMESPACE valueFrom: @@ -64,28 +53,13 @@ spec: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - {{- if .Values.global.aafEnabled }} - command: - - sh - args: - - "-c" - - | - export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) - export SERVER_SSL_KEY_PASSWORD=$cadi_keystore_password_p12 - export KEYMANAGER_PASS=$cadi_keystore_password_p12 - export SERVER_SSL_TRUST_PASSWORD=$cadi_truststore_password - export SERVER_SSL_KEYSTORE_PATH={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} - export SERVER_SSL_TRUSTSTORE_PATH={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} - ./startup.sh - {{- end }} - ports: - - containerPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} + ports: {{ include "common.containerPorts" . | nindent 12 }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{ if .Values.liveness.enabled }} livenessProbe: tcpSocket: - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} + port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} successThreshold: {{ .Values.liveness.successThreshold }} @@ -93,14 +67,14 @@ spec: {{ end }} readinessProbe: tcpSocket: - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} + port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} successThreshold: {{ .Values.readiness.successThreshold }} failureThreshold: {{ .Values.readiness.failureThreshold }} startupProbe: tcpSocket: - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} + port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }} periodSeconds: {{ .Values.startup.periodSeconds }} successThreshold: {{ .Values.startup.successThreshold }} @@ -128,28 +102,17 @@ spec: valueFrom: secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: cs_truststore_password} - name: SDC_PROTOCOL - value: "{{ (eq "true" (include "common.needTLS" .)) | ternary "HTTPS" "HTTP" }}" + value: "HTTP" - name: SDC_ENDPOINT - value: "{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.sdcEndpoint.https .Values.config.sdcEndpoint.http }}" + value: "{{ .Values.config.sdcEndpoint.http }}" - name: SDC_USER value: "{{ .Values.config.sdcExternalUser }}" - name: SDC_PASSWORD valueFrom: secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: wf_external_user_password} - {{- if (include "common.needTLS" .) }} - - name: SERVER_SSL_ENABLED - value: "true" - - name: SERVER_SSL_KEYSTORE_TYPE - value: "{{ .Values.config.serverSSLKeyStoreType }}" - - name: SERVER_SSL_TRUSTSTORE_TYPE - value: "{{ .Values.config.serverSSLTrustStoreType }}" - {{- else }} - name: SERVER_SSL_ENABLED value: "false" - {{- end }} - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} resources: {{ include "common.resources" . | nindent 12 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml index 171442dfdc..e9e5fcf1d1 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml @@ -1 +1,18 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2023 Deutsche Telekom +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + {{include "common.ingress" .}} diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml index 4184063f73..9ba05b8631 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml @@ -18,14 +18,7 @@ {{ if .Values.initJob.enabled }} apiVersion: batch/v1 kind: Job -metadata: - name: {{ include "common.fullname" . }}-workflow-init - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }}-job - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: backoffLimit: 20 template: @@ -43,7 +36,7 @@ spec: - /app/ready.py args: - --job-name - - {{ include "common.release" . }}-sdc-cs-config-cassandra + - {{ include "common.release" . }}-sdc-cs - "-t" - "20" env: diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml index 2f4129b03f..895eac1794 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml @@ -2,6 +2,7 @@ # Copyright © 2018 Amdocs, Bell Canada # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T, ZTE +# Modifications Copyright © 2023 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,28 +17,4 @@ # limitations under the License. */}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} - {{- else -}} - - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.externalPort2 .Values.service.externalPort }} - targetPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} - name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} +{{ include "common.service" . }}
\ No newline at end of file diff --git a/kubernetes/sdc/components/sdc-wfd-be/values.yaml b/kubernetes/sdc/components/sdc-wfd-be/values.yaml index 8e4916901b..b011a03969 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/values.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/values.yaml @@ -18,7 +18,6 @@ ################################################################# global: nodePortPrefix: 302 - aafEnabled: true sdc_cassandra: # This flag allows SDC to instantiate its own cluster, serviceName # should be sdc-cs if this flag is enabled @@ -33,29 +32,6 @@ global: dataCenter: Pod ################################################################# -# AAF Part -################################################################# -certInitializer: - nameOverride: sdc-wfd-be-cert-init - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - fqdn: sdc - fqi: sdc@sdc.onap.org - public_fqdn: sdc.onap.org - cadi_longitude: "0.0" - cadi_latitude: "0.0" - app_ns: org.osaaf.aaf - credsPath: /opt/app/osaaf/local - addconfig: true - keystoreFile: "org.onap.sdc.p12" - truststoreFile: "org.onap.sdc.trust.jks" - permission_user: 352070 - permission_group: 35953 - aaf_add_config: | - echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" > {{ .Values.credsPath }}/mycreds.prop - echo "cadi_truststore_password=$cadi_truststore_password" >> {{ .Values.credsPath }}/mycreds.prop - -################################################################# # Application configuration defaults. ################################################################# # application image @@ -71,7 +47,6 @@ config: cassandraAuthenticationEnabled: true cassandraClientPort: 9042 sdcEndpoint: - https: sdc-be:8443 http: sdc-be:8080 sdcExternalUser: workflow serverSSLKeyStoreType: jks @@ -126,20 +101,18 @@ startup: service: type: NodePort - portName: http internalPort: 8080 - externalPort: 8080 - internalPort2: 8443 - externalPort2: 8443 - nodePort: "57" # only one node port. set to http or https port depending on isHttpsEnabled property + ports: + - name: http + port: 8080 + nodePort: "57" ingress: enabled: false service: - baseaddr: "sdc-wfd-be-api" name: "sdc-wfd-be" - port: 8443 - plain_port: 8080 + port: 8080 config: ssl: "redirect" diff --git a/kubernetes/sdc/components/sdc-wfd-fe/Chart.yaml b/kubernetes/sdc/components/sdc-wfd-fe/Chart.yaml index 1b17aa9e91..19e6aa219a 100644 --- a/kubernetes/sdc/components/sdc-wfd-fe/Chart.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/Chart.yaml @@ -20,9 +20,6 @@ name: sdc-wfd-fe version: 12.0.0 dependencies: - - name: certInitializer - version: ~12.x-0 - repository: '@local' - name: repositoryGenerator version: ~12.x-0 repository: '@local' diff --git a/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml index d57309004d..b667af2a60 100644 --- a/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml @@ -16,26 +16,14 @@ apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - selector: - matchLabels: - app: {{ include "common.name" . }} + selector: {{- include "common.selectors" . | nindent 4 }} replicas: {{ .Values.replicaCount }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: - initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} + initContainers: - name: {{ include "common.name" . }}-readiness command: - /app/ready.py @@ -57,52 +45,15 @@ spec: requests: cpu: 3m memory: 20Mi - {{- if .Values.global.aafEnabled }} - - name: {{ include "common.fullname" . }}-move-cert - command: - - /bin/sh - args: - - -c - - | - cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /sdc-certs/{{ .Values.certInitializer.keystoreFile }} - cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /sdc-certs/{{ .Values.certInitializer.truststoreFile }} - cp {{ .Values.certInitializer.credsPath }}/mycreds.prop /sdc-certs/mycreds.prop - image: {{ include "repositoryGenerator.image.busybox" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - - name: sdc-certs - mountPath: /sdc-certs - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 3m - memory: 20Mi - {{- end }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - {{- if .Values.global.aafEnabled }} - command: - - sh - args: - - "-c" - - | - export $(grep '^c' /sdc-certs/mycreds.prop | xargs -0) - export KEYSTORE_PASS=$cadi_keystore_password_p12 - export TRUSTSTORE_PASS=$cadi_truststore_password - export KEYSTORE_PATH=/etc/{{ .Values.certInitializer.keystoreFile }} - export TRUSTSTORE_PATH=/etc/{{ .Values.certInitializer.truststoreFile }} - ./startup.sh - {{- end }} - ports: - - containerPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} + ports: {{ include "common.containerPorts" . | nindent 12 }} {{ if .Values.liveness.enabled }} livenessProbe: tcpSocket: - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} + port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} successThreshold: {{ .Values.liveness.successThreshold }} @@ -110,14 +61,14 @@ spec: {{ end }} readinessProbe: tcpSocket: - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} + port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} successThreshold: {{ .Values.readiness.successThreshold }} failureThreshold: {{ .Values.readiness.failureThreshold }} startupProbe: tcpSocket: - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} + port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }} periodSeconds: {{ .Values.startup.periodSeconds }} successThreshold: {{ .Values.startup.successThreshold }} @@ -128,28 +79,13 @@ spec: - name: JAVA_OPTIONS value: {{ .Values.config.javaOptions }} - name: BACKEND - value: "{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.backendServerURL.https .Values.config.backendServerURL.http }}" + value: "{{ .Values.config.backendServerURL.http }}" - name: IS_HTTPS - value: "{{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}" - {{- if and (include "common.needTLS" .) (eq .Values.security.isDefaultStore false) }} - - name: TRUST_ALL - value: "{{ .Values.config.isTrustAll}}" - {{- end }} + value: "false" volumeMounts: - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime readOnly: true - {{- if .Values.global.aafEnabled }} - - name: sdc-certs - mountPath: /sdc-certs/mycreds.prop - subPath: mycreds.prop - - name: sdc-certs - mountPath: /var/lib/jetty/etc/{{ .Values.certInitializer.keystoreFile }} - subPath: {{ .Values.certInitializer.keystoreFile }} - - name: sdc-certs - mountPath: /var/lib/jetty/etc/{{ .Values.certInitializer.truststoreFile }} - subPath: {{ .Values.certInitializer.truststoreFile }} - {{ end }} resources: {{ include "common.resources" . | nindent 12 }} {{- if .Values.nodeSelector }} nodeSelector: @@ -162,15 +98,10 @@ spec: # side car containers {{ include "common.log.sidecar" . | nindent 8 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} + volumes: - name: {{ include "common.fullname" . }}-localtime hostPath: path: /etc/localtime - {{- if .Values.global.aafEnabled }} - - name: sdc-certs - emptyDir: - medium: "Memory" - {{- end }} {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }} - name: logs emptyDir: {} diff --git a/kubernetes/sdc/components/sdc-wfd-fe/templates/ingress.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/ingress.yaml index 8f87c68f1e..90875ab5cc 100644 --- a/kubernetes/sdc/components/sdc-wfd-fe/templates/ingress.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/ingress.yaml @@ -1 +1,18 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2023 Deutsche Telekom +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + {{ include "common.ingress" . }} diff --git a/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml index 08feb5a6ed..f6b302776c 100644 --- a/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml @@ -1,6 +1,7 @@ {{/* # Copyright © 2018 ZTE # Modifications Copyright © 2018 AT&T, Amdocs, Bell Canada +# Modifications Copyright © 2023 Deutsche Telekom # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -14,39 +15,4 @@ # limitations under the License. */}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: - msb.onap.org/service-info: '[ - { - "serviceName": "wf-gui", - "version": "v1", - "url": "/", - "protocol": "UI", - "port": "{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}", - "visualRange":"0|1" - } - ]' -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} - {{- else -}} - - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.externalPort2 .Values.service.externalPort }} - targetPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} - name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} +{{ include "common.service" . }}
\ No newline at end of file diff --git a/kubernetes/sdc/components/sdc-wfd-fe/values.yaml b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml index 37fdfd7993..9a7f6acfa4 100644 --- a/kubernetes/sdc/components/sdc-wfd-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml @@ -18,30 +18,6 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 - aafEnabled: true - -################################################################# -# AAF Part -################################################################# -certInitializer: - nameOverride: sdc-wfd-fe-cert-init - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - fqdn: sdc - fqi: sdc@sdc.onap.org - public_fqdn: sdc.onap.org - cadi_longitude: "0.0" - cadi_latitude: "0.0" - app_ns: org.osaaf.aaf - credsPath: /opt/app/osaaf/local - addconfig: true - keystoreFile: "org.onap.sdc.p12" - truststoreFile: "org.onap.sdc.trust.jks" - permission_user: 352070 - permission_group: 35953 - aaf_add_config: | - echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" > {{ .Values.credsPath }}/mycreds.prop - echo "cadi_truststore_password=$cadi_truststore_password" >> {{ .Values.credsPath }}/mycreds.prop ################################################################# # Application configuration defaults. @@ -56,7 +32,6 @@ debugEnabled: false config: javaOptions: "-Xmx256m -Xms256m" backendServerURL: - https: "https://sdc-wfd-be:8443" http: "http://sdc-wfd-be:8080" # following flag decides whether to check the certificate on the outgoing proxy request or whether to trust all parties isTrustAll: true @@ -101,26 +76,30 @@ startup: service: type: NodePort internalPort: 8080 - externalPort: 8080 - internalPort2: 8443 - externalPort2: 8443 - portName: sdc-wfd-fe - nodePort: "56" # only one node port. set to http or https port depending on isHttpsEnabled property + ports: + - name: http + port: 8080 + port_protocol: http + nodePort: '56' + annotations: + msb.onap.org/service-info: | + {{ if .Values.global.msbEnabled -}}[ + { + "serviceName": "wf-gui", + "version": "v1", + "url": "/", + "protocol": "UI", + "port": "{{ .Values.service.internalPort }}", + "visualRange":"0|1" + } + ]{{ end }} ingress: enabled: false service: - baseaddr: "sdc-wfd-fe-ui" name: "sdc-wfd-fe" - port: 8443 - plain_port: 8080 - annotations: - ingress.kubernetes.io/secure-backends: "false" - nginx.ingress.kubernetes.io/secure-backends: "false" - nginx.ingress.kubernetes.io/proxy-body-size: "0" - nginx.ingress.kubernetes.io/ssl-redirect: "true" - nginx.ingress.kubernetes.io/backend-protocol: "HTTP" - nginx.ingress.kubernetes.io/rewrite-target: "/workflows/" + port: 8080 # Resource Limit flavor -By Default using small # Segregation for Different environment (Small and Large) diff --git a/kubernetes/sdc/resources/config/environments/AUTO.json b/kubernetes/sdc/resources/config/environments/AUTO.json index 065a756822..2f0bb07219 100755 --- a/kubernetes/sdc/resources/config/environments/AUTO.json +++ b/kubernetes/sdc/resources/config/environments/AUTO.json @@ -8,7 +8,7 @@ "chef_type": "environment", "default_attributes": { - "disableHttp": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}, + "disableHttp": false, "CS_VIP": "{{.Values.global.sdc_cassandra.serviceName}}.{{include "common.namespace" .}}", "BE_VIP": "sdc-be.{{include "common.namespace" .}}", "ONBOARDING_BE_VIP": "sdc-onboarding-be.{{include "common.namespace" .}}", @@ -121,13 +121,6 @@ "username": "user1@sdc.com", "password": "password==" } - {{- if .Values.global.aafEnabled }} - }, - "jetty": { - "keystore_pwd": "${KEYSTORE_PASS}", - "truststore_pwd": "${TRUSTSTORE_PASS}", - "keymanager_pwd": "${KEYMANAGER_PASS}" - {{- end }} } } } diff --git a/kubernetes/sdc/values.yaml b/kubernetes/sdc/values.yaml index 1e11ca6410..cba33628c3 100644 --- a/kubernetes/sdc/values.yaml +++ b/kubernetes/sdc/values.yaml @@ -25,7 +25,6 @@ global: truststore_password: eitLRWo7dCssS05eaWltU2lTODllI3Aw keystore_password: PyhrUCFZdXIhWyohWTUhRV5mKFpLYzMx wf_external_user_password: S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ== - aafEnabled: true sdc_cassandra: #This flag allows SDC to instantiate its own cluster, serviceName #should be "sdc-cs" if this flag is enabled diff --git a/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml b/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml index 8e002e14a5..eefb33989d 100755 --- a/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml @@ -394,6 +394,9 @@ so: adapter: url: http://so-etsi-sol003-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1 auth: {{ .Values.so.sol003.adapter.auth }} +cnfm: + endpoint: + url: http://so-cnfm-lcm.{{ include "common.namespace" . }}:9888 org: onap: so: diff --git a/kubernetes/uui/Chart.yaml b/kubernetes/uui/Chart.yaml index 3c920dc446..ab01381793 100644 --- a/kubernetes/uui/Chart.yaml +++ b/kubernetes/uui/Chart.yaml @@ -30,9 +30,6 @@ dependencies: - name: repositoryGenerator version: ~12.x-0 repository: '@local' - - name: certInitializer - version: ~12.x-0 - repository: '@local' - name: uui-server version: ~12.x-0 repository: 'file://components/uui-server' diff --git a/kubernetes/uui/components/uui-nlp/templates/ingress.yaml b/kubernetes/uui/components/uui-nlp/templates/ingress.yaml index 8f87c68f1e..1471cb1d75 100644 --- a/kubernetes/uui/components/uui-nlp/templates/ingress.yaml +++ b/kubernetes/uui/components/uui-nlp/templates/ingress.yaml @@ -1 +1,17 @@ +{{/* +# Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + {{ include "common.ingress" . }} diff --git a/kubernetes/uui/components/uui-server/Chart.yaml b/kubernetes/uui/components/uui-server/Chart.yaml index a93cb669ba..99ade2256c 100644 --- a/kubernetes/uui/components/uui-server/Chart.yaml +++ b/kubernetes/uui/components/uui-server/Chart.yaml @@ -23,9 +23,6 @@ dependencies: - name: common version: ~12.x-0 repository: '@local' - - name: certInitializer - version: ~12.x-0 - repository: '@local' - name: repositoryGenerator version: ~12.x-0 repository: '@local' diff --git a/kubernetes/uui/components/uui-server/resources/config/application.properties b/kubernetes/uui/components/uui-server/resources/config/application.properties index cb26c750f9..36308c0313 100644 --- a/kubernetes/uui/components/uui-server/resources/config/application.properties +++ b/kubernetes/uui/components/uui-server/resources/config/application.properties @@ -46,10 +46,3 @@ logging.level.*=INFO #enable shutdown endpoints.shutdown.enabled=true endpoints.shutdown.sensitive=false - -{{- if (include "common.needTLS" .) }} -server.ssl.protocol=TLS -server.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 -server.ssl.key-store-password=${KEYSTORE_PASSWORD} -server.ssl.key-store-type=PKCS12 -{{- end }} diff --git a/kubernetes/uui/components/uui-server/templates/deployment.yaml b/kubernetes/uui/components/uui-server/templates/deployment.yaml index b25427a3be..3823a708bf 100644 --- a/kubernetes/uui/components/uui-server/templates/deployment.yaml +++ b/kubernetes/uui/components/uui-server/templates/deployment.yaml @@ -26,7 +26,7 @@ spec: spec: {{ include "common.podSecurityContext" . | indent 6 | trim }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }} - initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} + initContainers: - command: - sh args: @@ -71,7 +71,6 @@ spec: args: - -c - | - export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) bash /uui/run.sh ports: {{ include "common.containerPorts" . | nindent 10 }} # disable liveness probe when breakpoints set in debugger @@ -102,7 +101,7 @@ spec: value: --spring.config.location=file:/config/application.properties - name: POSTGRES_DB_NAME value: {{ .Values.postgres.config.pgDatabase }} - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} + volumeMounts: - mountPath: /uui/run.sh name: entrypoint subPath: run.sh @@ -120,6 +119,5 @@ spec: configMap: name: {{ include "common.fullname" . }}-entrypoint defaultMode: 0755 - {{ include "common.certInitializer.volumes" . | nindent 6 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/uui/components/uui-server/templates/ingress.yaml b/kubernetes/uui/components/uui-server/templates/ingress.yaml index 8f87c68f1e..1f6ec7ab0e 100644 --- a/kubernetes/uui/components/uui-server/templates/ingress.yaml +++ b/kubernetes/uui/components/uui-server/templates/ingress.yaml @@ -1 +1,17 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + {{ include "common.ingress" . }} diff --git a/kubernetes/uui/components/uui-server/values.yaml b/kubernetes/uui/components/uui-server/values.yaml index f5f8f9d095..05c7b3c32c 100644 --- a/kubernetes/uui/components/uui-server/values.yaml +++ b/kubernetes/uui/components/uui-server/values.yaml @@ -37,46 +37,6 @@ secrets: password: '{{ .Values.postgres.config.pgUserPassword }}' passwordPolicy: generate - -################################################################# -# AAF part -################################################################# -certInitializer: - nameOverride: uui-server-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - # aafDeployCredsExternalSecret: some secret - fqdn: uui - fqi: uui@uui.onap.org - fqi_namespace: org.onap.uui - public_fqdn: uui.onap.org - cadi_longitude: "0.0" - cadi_latitude: "0.0" - app_ns: org.osaaf.aaf - credsPath: /opt/app/osaaf/local - aaf_add_config: | - echo "*** changing them into shell safe ones" - export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) - export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) - cd {{ .Values.credsPath }} - keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \ - -storepass "${cadi_keystore_password_p12}" \ - -keystore {{ .Values.fqi_namespace }}.p12 - keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \ - -storepass "${cadi_truststore_password}" \ - -keystore {{ .Values.fqi_namespace }}.trust.jks - echo "*** set key password as same password as keystore password" - keytool -keypasswd -new "${KEYSTORE_PASSWORD}" \ - -keystore {{ .Values.fqi_namespace }}.jks \ - -keypass "${cadi_keystore_password_p12}" \ - -storepass "${KEYSTORE_PASSWORD}" -alias {{ .Values.fqi }} - echo "*** save the generated passwords" - echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop - echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop - echo "*** change ownership of certificates to targeted user" - chown -R 1000 {{ .Values.credsPath }} - - ################################################################# # Application configuration defaults. ################################################################# diff --git a/kubernetes/uui/resources/config/server.xml b/kubernetes/uui/resources/config/server.xml index 9bb10fee67..f464074769 100644 --- a/kubernetes/uui/resources/config/server.xml +++ b/kubernetes/uui/resources/config/server.xml @@ -24,7 +24,7 @@ <Listener className="org.apache.catalina.security.SecurityListener" /> --> <!--APR library loader. Documentation at /docs/apr.html --> - <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="{{ (eq "true" (include "common.needTLS" .)) | ternary "on" "off" }}" /> + <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="off" /> <!-- Prevent memory leaks due to use of particular java/javax APIs--> <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> @@ -61,15 +61,7 @@ APR (HTTP/AJP) Connector: /docs/apr.html Define a non-SSL/TLS HTTP/1.1 Connector on port 8080 --> - {{ if (include "common.needTLS" .) }} - <Connector port="8080" protocol="HTTP/1.1" - connectionTimeout="20000" - redirectPort="8443" /> - - <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12" keystorePass="${KEYSTORE_PASSWORD}" /> - {{ else }} <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" /> - {{ end }} <!-- A "Connector" using the shared thread pool--> <!-- @@ -115,12 +107,7 @@ --> <!-- Define an AJP 1.3 Connector on port 8009 --> - {{ if (include "common.needTLS" .) }} - <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> - {{ else }} <Connector port="8009" protocol="AJP/1.3" secretRequired="false" /> - {{ end }} - <!-- An Engine represents the entry point (within Catalina) that processes every request. The Engine implementation for Tomcat stand alone diff --git a/kubernetes/uui/templates/deployment.yaml b/kubernetes/uui/templates/deployment.yaml index e0d2e71fc8..61b0b2d9fa 100644 --- a/kubernetes/uui/templates/deployment.yaml +++ b/kubernetes/uui/templates/deployment.yaml @@ -23,19 +23,18 @@ spec: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: - initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} + initContainers: - command: - sh args: - -c - | - export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) cd /config-input && for PFILE in `ls -1` do envsubst <${PFILE} >/config/${PFILE} done cat /config/server.xml - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} + volumeMounts: - mountPath: /config-input name: config-input - mountPath: /config @@ -55,10 +54,6 @@ spec: ls -lh /opt/ echo "*** /opt/app" ls -lh /opt/app/ - echo "*** /opt/app/osaaf/" - ls -lh /opt/app/osaaf/ - echo "*** /opt/app/osaaf/local" - ls -lh /opt/app/osaaf/local/ /home/uui/uuiStartup.sh ports: {{ include "common.containerPorts" . | nindent 10 }} # disable liveness probe when breakpoints set in debugger @@ -75,15 +70,13 @@ spec: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} + volumeMounts: - mountPath: /home/uui/server.xml name: config subPath: server.xml - {{ if not (include "common.needTLS" .) }} - mountPath: /home/uui/web.xml name: config subPath: web.xml - {{ end }} env: - name: MSB_ADDR value: {{ tpl .Values.msbaddr . }} @@ -94,7 +87,7 @@ spec: {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | nindent 10 }} {{- end }} - volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} + volumes: - name: config-input configMap: name: {{ include "common.fullname" . }} diff --git a/kubernetes/uui/templates/ingress.yaml b/kubernetes/uui/templates/ingress.yaml index 8f87c68f1e..1f6ec7ab0e 100644 --- a/kubernetes/uui/templates/ingress.yaml +++ b/kubernetes/uui/templates/ingress.yaml @@ -1 +1,17 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + {{ include "common.ingress" . }} diff --git a/kubernetes/uui/values.yaml b/kubernetes/uui/values.yaml index 67f135ced4..ef1af205f8 100644 --- a/kubernetes/uui/values.yaml +++ b/kubernetes/uui/values.yaml @@ -19,39 +19,6 @@ global: uuiPortPrefix: 303 -################################################################# -# AAF part -################################################################# -certInitializer: - nameOverride: uui-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - # aafDeployCredsExternalSecret: some secret - fqdn: uui - fqi: uui@uui.onap.org - fqi_namespace: org.onap.uui - public_fqdn: uui.onap.org - cadi_longitude: "0.0" - cadi_latitude: "0.0" - app_ns: org.osaaf.aaf - credsPath: /opt/app/osaaf/local - aaf_add_config: | - echo "*** changing them into shell safe ones" - export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) - export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) - cd {{ .Values.credsPath }} - keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \ - -storepass "${cadi_keystore_password_p12}" \ - -keystore {{ .Values.fqi_namespace }}.p12 - keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \ - -storepass "${cadi_truststore_password}" \ - -keystore {{ .Values.fqi_namespace }}.trust.jks - echo "*** save the generated passwords" - echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop - echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop - echo "*** change ownership of certificates to targeted user" - chown -R 1000 {{ .Values.credsPath }} - subChartsOnly: enabled: true @@ -94,8 +61,7 @@ service: internalPort: 8080 ports: - name: http - port: 8443 - plain_port: 8080 + port: 8080 nodePort: '98' annotations: msb.onap.org/service-info: | @@ -107,12 +73,8 @@ service: "path":"/iui/usecaseui", "protocol": "UI", "visualRange":"1", - {{ if (include "common.needTLS" .) }} - "port": "{{ include "common.getPort" (dict "global" . "name" "http") }}", - "enable_ssl": true - {{ else }} + "port": "http", "port": "{{ include "common.getPort" (dict "global" . "name" "http" "getPlain" true) }}" - {{ end }} } ]{{ end }} @@ -121,8 +83,7 @@ ingress: service: - baseaddr: "uui-ui" name: "uui" - port: 8443 - plain_port: 8080 + port: 8080 config: ssl: "redirect" |