diff options
Diffstat (limited to 'kubernetes')
| -rw-r--r-- | kubernetes/common/common/templates/_ingress.tpl | 86 | ||||
| -rw-r--r-- | kubernetes/common/network-name-gen/values.yaml | 4 | ||||
| -rw-r--r-- | kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml | 10 | ||||
| -rwxr-xr-x | kubernetes/onap/values.yaml | 18 | ||||
| -rw-r--r-- | kubernetes/oof/resources/config/conf/common_config.yaml | 11 | ||||
| -rwxr-xr-x | kubernetes/policy/resources/config/db.sh | 6 | ||||
| -rwxr-xr-x | kubernetes/policy/templates/job.yaml | 12 | ||||
| -rwxr-xr-x | kubernetes/policy/values.yaml | 6 |
8 files changed, 110 insertions, 43 deletions
diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl index d8a944712a..7065338cf9 100644 --- a/kubernetes/common/common/templates/_ingress.tpl +++ b/kubernetes/common/common/templates/_ingress.tpl @@ -23,45 +23,87 @@ {{- define "ingress.config.host" -}} {{- $dot := default . .dot -}} {{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}} +{{- $preaddr := default "" $dot.Values.global.ingress.virtualhost.preaddr -}} +{{- $preaddr := include "common.ingress._overrideIfDefined" (dict "currVal" $preaddr "parent" (default (dict) $dot.Values.ingress) "var" "preaddrOverride") -}} +{{- $postaddr := default "" $dot.Values.global.ingress.virtualhost.postaddr -}} +{{- $postaddr := include "common.ingress._overrideIfDefined" (dict "currVal" $postaddr "parent" (default (dict) $dot.Values.ingress) "var" "postaddrOverride") -}} {{- $burl := (required "'baseurl' param, set to the generic part of the fqdn, is required." $dot.Values.global.ingress.virtualhost.baseurl) -}} {{- $burl := include "common.ingress._overrideIfDefined" (dict "currVal" $burl "parent" (default (dict) $dot.Values.ingress) "var" "baseurlOverride") -}} -{{ printf "%s.%s" $baseaddr $burl }} +{{ printf "%s%s%s.%s" $preaddr $baseaddr $postaddr $burl }} {{- end -}} {{/* - Helper function to add the tls route + Istio Helper function to add the tls route */}} -{{- define "ingress.config.tls" -}} +{{- define "istio.config.tls_simple" -}} {{- $dot := default . .dot -}} -{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}} + tls: {{- if $dot.Values.global.ingress.config }} -{{- if $dot.Values.global.ingress.config.ssl }} -{{- if eq $dot.Values.global.ingress.config.ssl "redirect" }} +{{- if $dot.Values.global.ingress.config.tls }} + credentialName: {{ default "ingress-tls-secret" $dot.Values.global.ingress.config.tls.secret }} +{{- else }} + credentialName: "ingress-tls-secret" +{{- end }} +{{- else }} + credentialName: "ingress-tls-secret" +{{- end }} + mode: SIMPLE +{{- end -}} + +{{/* + Istio Helper function to add the tls route +*/}} +{{- define "istio.config.tls" -}} +{{- $dot := default . .dot -}} +{{- $service := (required "'service' param, set to the specific service, is required." .service) -}} +{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}} +{{- if $service.exposedPort }} +{{- if $service.exposedProtocol }} +{{- if eq $service.exposedProtocol "TLS" }} + {{ include "istio.config.tls_simple" (dict "dot" $dot ) }} +{{- end }} +{{- end }} +{{- else }} +{{- if $dot.Values.global.ingress.config }} +{{- if $dot.Values.global.ingress.config.ssl }} +{{- if eq $dot.Values.global.ingress.config.ssl "redirect" }} tls: httpsRedirect: true - port: number: 443 name: https protocol: HTTPS - tls: -{{- if $dot.Values.global.ingress.config }} -{{- if $dot.Values.global.ingress.config.tls }} - credentialName: {{ default "ingress-tls-secret" $dot.Values.global.ingress.config.tls.secret }} -{{- else }} - credentialName: "ingress-tls-secret" -{{- end }} -{{- else }} - credentialName: "ingress-tls-secret" -{{- end }} - mode: SIMPLE + {{ include "istio.config.tls_simple" (dict "dot" $dot ) }} hosts: - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} +{{- end }} {{- end }} {{- end }} {{- end }} {{- end -}} {{/* + Istio Helper function to add the external port of the service +*/}} +{{- define "istio.config.port" -}} +{{- $dot := default . .dot -}} +{{- if .exposedPort }} + number: {{ .exposedPort }} +{{- if .exposedProtocol }} + name: {{ .baseaddr }} + protocol: {{ .exposedProtocol }} +{{- else }} + name: http + protocol: HTTP +{{- end -}} +{{- else }} + number: 80 + name: http + protocol: HTTP +{{- end -}} +{{- end -}} + +{{/* Helper function to add the route to the service */}} {{- define "ingress.config.port" -}} @@ -88,7 +130,7 @@ {{- end -}} {{/* - Helper function to add the route to the service + Istio Helper function to add the route to the service */}} {{- define "istio.config.route" -}} {{- $dot := default . .dot -}} @@ -196,15 +238,13 @@ metadata: name: {{ $baseaddr }}-gateway spec: selector: - istio: ingressgateway # use Istio default gateway implementation + istio: ingress # use Istio default gateway implementation servers: - port: - number: 80 - name: http - protocol: HTTP + {{- include "istio.config.port" . }} hosts: - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }} - {{ include "ingress.config.tls" (dict "dot" $dot "baseaddr" $baseaddr) }} + {{- include "istio.config.tls" (dict "dot" $dot "service" . "baseaddr" $baseaddr) }} --- apiVersion: networking.istio.io/v1beta1 kind: VirtualService diff --git a/kubernetes/common/network-name-gen/values.yaml b/kubernetes/common/network-name-gen/values.yaml index bfa5637275..dcf85fee39 100644 --- a/kubernetes/common/network-name-gen/values.yaml +++ b/kubernetes/common/network-name-gen/values.yaml @@ -89,7 +89,7 @@ config: polBasicAuthPassword: zb!XztG34 polUrl: https: https://policy-xacml-pdp:6969/policy/pdpx/v1/decision - http: http://policy-xacml-pdp:8080/policy/pdpx/v1/decision + http: http://policy-xacml-pdp:6969/policy/pdpx/v1/decision polEnv: TEST polReqId: xx disableHostVerification: true @@ -98,7 +98,7 @@ config: aaiAuth: QUFJOkFBSQ== aaiUri: https: https://aai:8443/aai/v14/ - http: http://aai:8080/aai/v14/ + http: http://aai:80/aai/v14/ # default number of instances replicaCount: 1 diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml index 6e156023ee..2dfab060ff 100644 --- a/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml +++ b/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml @@ -22,6 +22,16 @@ global: # enable all component's Ingress interfaces enable_all: true # All http requests via ingress will be redirected + virtualhost: + # Default Ingress base URL + # can be overwritten in component by setting ingress.baseurlOverride + baseurl: "simpledemo.onap.org" + # prefix for baseaddr + # can be overwritten in component by setting ingress.preaddrOverride + preaddr: "" + # postfix for baseaddr + # can be overwritten in component by setting ingress.postaddrOverride + postaddr: "" config: ssl: "redirect" # you can set an own Secret containing a certificate diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 15097edcf2..fe14c032d6 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -150,11 +150,23 @@ global: enabled: false # enable all component's Ingress interfaces enable_all: false - # default Ingress base URL - # can be overwritten in component vy setting ingress.baseurlOverride + + # default Ingress base URL and preAddr- and postAddr settings + # Ingress URLs result: + # <preaddr><component.ingress.service.baseaddr><postaddr>.<baseurl> virtualhost: + # Default Ingress base URL + # can be overwritten in component by setting ingress.baseurlOverride baseurl: "simpledemo.onap.org" - # All http requests via ingress will be redirected on Ingress controller + # prefix for baseaddr + # can be overwritten in component by setting ingress.preaddrOverride + preaddr: "" + # postfix for baseaddr + # can be overwritten in component by setting ingress.postaddrOverride + postaddr: "" + + # All http (port 80) requests via ingress will be redirected + # to port 443 on Ingress controller # only valid for Istio Gateway (ServiceMesh enabled) config: ssl: "redirect" diff --git a/kubernetes/oof/resources/config/conf/common_config.yaml b/kubernetes/oof/resources/config/conf/common_config.yaml index d34967617b..5ee95c096d 100644 --- a/kubernetes/oof/resources/config/conf/common_config.yaml +++ b/kubernetes/oof/resources/config/conf/common_config.yaml @@ -113,6 +113,17 @@ policy_info: resources: - nst + nsst_selection: + policy_fetch: by_scope + policy_scope: + - + scope: + - OSDF_GUILIN + services: + - nsst + resources: + - nsst + subnet_selection: policy_fetch: by_scope policy_scope: diff --git a/kubernetes/policy/resources/config/db.sh b/kubernetes/policy/resources/config/db.sh index 866d422c14..36574bc1ad 100755 --- a/kubernetes/policy/resources/config/db.sh +++ b/kubernetes/policy/resources/config/db.sh @@ -17,12 +17,12 @@ # limitations under the License. */}} -mysql() { /usr/bin/mysql -h ${MYSQL_HOST} -P ${MYSQL_USER} "$@"; }; +mysqlcmd() { mysql -h ${MYSQL_HOST} -P ${MYSQL_USER} "$@"; }; for db in migration pooling policyadmin policyclamp operationshistory clampacm do - mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};" - mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;" + mysqlcmd -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};" + mysqlcmd -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;" done mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "FLUSH PRIVILEGES;" diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml index 0df26568e5..eb5968a7ff 100755 --- a/kubernetes/policy/templates/job.yaml +++ b/kubernetes/policy/templates/job.yaml @@ -50,7 +50,7 @@ spec: fieldPath: metadata.namespace containers: - name: {{ include "common.name" . }}-galera-config - image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.mariadb.image }} + image: {{ include "repositoryGenerator.image.mariadb" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: /dbcmd-config/db.sh @@ -76,7 +76,7 @@ spec: {{ include "common.resources" . }} {{- if (include "common.onServiceMesh" .) }} - name: policy-service-mesh-wait-for-job-container - image: nexus3.onap.org:10001/onap/oom/readiness:4.1.0 + image: {{ include "repositoryGenerator.image.quitQuit" . }} imagePullPolicy: Always command: - /bin/sh @@ -125,7 +125,7 @@ spec: initContainers: {{ if .Values.global.postgres.localCluster }}{{ include "common.readinessCheck.waitFor" . | nindent 6 }}{{ end }} containers: - name: {{ include "common.name" . }}-pg-config - image: {{ .Values.repository }}/{{ .Values.postgresImage }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.postgresImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: /docker-entrypoint-initdb.d/db-pg.sh @@ -153,7 +153,7 @@ spec: {{ include "common.resources" . }} {{- if (include "common.onServiceMesh" .) }} - name: policy-service-mesh-wait-for-job-container - image: nexus3.onap.org:10001/onap/oom/readiness:4.1.0 + image: {{ include "repositoryGenerator.image.quitQuit" . }} imagePullPolicy: Always command: - /bin/sh @@ -246,7 +246,7 @@ spec: {{ include "common.resources" . }} {{- if (include "common.onServiceMesh" .) }} - name: policy-service-mesh-wait-for-job-container - image: nexus3.onap.org:10001/onap/oom/readiness:4.1.0 + image: {{ include "repositoryGenerator.image.quitQuit" . }} imagePullPolicy: Always command: - /bin/sh @@ -341,7 +341,7 @@ spec: {{ include "common.resources" . }} {{- if (include "common.onServiceMesh" .) }} - name: policy-service-mesh-wait-for-job-container - image: nexus3.onap.org:10001/onap/oom/readiness:4.1.0 + image: {{ include "repositoryGenerator.image.quitQuit" . }} imagePullPolicy: Always command: - /bin/sh diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index c9e236a65c..1ee31c2c7c 100755 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -168,12 +168,6 @@ policy-gui: # DB configuration defaults. ################################################################# -repository: nexus3.onap.org:10001 -pullPolicy: Always - -mariadb: - image: mariadb:10.5.8 - dbmigrator: image: onap/policy-db-migrator:2.5.1 schema: policyadmin |