From 638330d2e88eb6fab3cb59d0b6e6f082b5d36fef Mon Sep 17 00:00:00 2001 From: Andreas Geissler Date: Mon, 20 Mar 2023 15:24:36 +0100 Subject: [NBI] Cleanup the charts regarding AAF/TLS removal Remove AAF related entries in charts and config files Issue-ID: OOM-3118 Signed-off-by: Andreas Geissler Change-Id: I551c6a529bea8efd89ccd1f2f0a30baa91df3a2f --- kubernetes/nbi/Chart.yaml | 3 --- kubernetes/nbi/templates/deployment.yaml | 37 ++++++++----------------------- kubernetes/nbi/tests/deployment_test.yaml | 4 ++-- kubernetes/nbi/values.yaml | 35 ++++------------------------- 4 files changed, 15 insertions(+), 64 deletions(-) diff --git a/kubernetes/nbi/Chart.yaml b/kubernetes/nbi/Chart.yaml index ee1e330072..5f277876a3 100644 --- a/kubernetes/nbi/Chart.yaml +++ b/kubernetes/nbi/Chart.yaml @@ -26,9 +26,6 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' - - name: certInitializer - version: ~12.x-0 - repository: '@local' - name: mongo version: ~12.x-0 repository: '@local' diff --git a/kubernetes/nbi/templates/deployment.yaml b/kubernetes/nbi/templates/deployment.yaml index 9bab15f30c..fcb9b6e1bd 100644 --- a/kubernetes/nbi/templates/deployment.yaml +++ b/kubernetes/nbi/templates/deployment.yaml @@ -25,9 +25,6 @@ spec: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: -{{- if .Values.global.aafEnabled }} - initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} -{{- end }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} @@ -35,36 +32,20 @@ spec: ports: {{ include "common.containerPorts" . | nindent 12 }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container - {{- if .Values.global.aafEnabled }} - command: - - sh - args: - - -c - - | - export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) - export JAVA_OPTS="-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \ - -Dserver.ssl.key-store={{ .Values.certInitializer.credsPath }}/org.onap.nbi.p12 \ - -Dserver.ssl.key-store-type=PKCS12 \ - -Djavax.net.ssl.trustStore={{ .Values.certInitializer.credsPath }}/org.onap.nbi.trust.jks \ - -Dserver.ssl.key-store-password=$cadi_keystore_password_p12 \ - -Djavax.net.ssl.trustStoreType=jks\ - -Djava.security.egd=file:/dev/./urandom -Dserver.port=8443" - exec java -XX:+UseContainerSupport $JAVA_OPTS -jar /opt/onap/app.jar - {{- end }} {{ if .Values.liveness.enabled }} livenessProbe: httpGet: - port: {{ if (include "common.needTLS" .) }}{{ .Values.service.internalPort }}{{ else }}{{ .Values.service.internalPlainPort }}{{ end }} + port: {{ .Values.service.internalPort }} path: {{ .Values.liveness.path }} - scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }} + scheme: HTTP initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end }} readinessProbe: httpGet: - port: {{ if (include "common.needTLS" .) }}{{ .Values.service.internalPort }}{{ else }}{{ .Values.service.internalPlainPort }}{{ end }} + port: {{ .Values.service.internalPort }} path: {{ .Values.readiness.path }} - scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }} + scheme: HTTP initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: @@ -91,15 +72,15 @@ spec: - name: ONAP_K8SCLOUDOWNER value: {{ .Values.config.k8sCloudOwner }} - name: NBI_URL - value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}://nbi.{{ include "common.namespace" . }}:{{ if (include "common.needTLS" .) }}{{ .Values.service.internalPort }}{{ else }}{{ .Values.service.internalPlainPort }}{{ end }}/nbi/api/v4" + value: "http://nbi.{{ include "common.namespace" . }}:{{ .Values.service.internalPort }}/nbi/api/v4" - name: SDC_HOST - value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}://sdc-be.{{ include "common.namespace" . }}:{{ if (include "common.needTLS" .) }}8443{{ else }}8080{{ end }}" + value: "http://sdc-be.{{ include "common.namespace" . }}:8080" - name: SDC_HEADER_ECOMPINSTANCEID value: {{ .Values.config.ecompInstanceId }} - name: SDC_HEADER_AUTHORIZATION value: {{ .Values.sdc_authorization }} - name: AAI_HOST - value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}://aai.{{ include "common.namespace" . }}:{{ if (include "common.needTLS" .) }}8443{{ else }}80{{ end }}" + value: "http://aai.{{ include "common.namespace" . }}:80" - name: AAI_HEADER_AUTHORIZATION value: {{ .Values.aai_authorization }} - name: SO_HOST @@ -118,7 +99,7 @@ spec: value: "msb-discovery.{{ include "common.namespace" . }}" - name: MSB_DISCOVERY_PORT value: "10081" - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 12 }} + volumeMounts: - mountPath: /etc/localtime name: localtime readOnly: true @@ -132,7 +113,7 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} + volumes: - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/nbi/tests/deployment_test.yaml b/kubernetes/nbi/tests/deployment_test.yaml index 7c8a1b0dbb..fe9d0d2977 100644 --- a/kubernetes/nbi/tests/deployment_test.yaml +++ b/kubernetes/nbi/tests/deployment_test.yaml @@ -98,7 +98,7 @@ tests: path: spec.template.spec.containers[0].env content: name: SDC_HOST - value: https://sdc-be.NAMESPACE:8443 + value: http://sdc-be.NAMESPACE:8080 - contains: path: spec.template.spec.containers[0].env content: @@ -113,7 +113,7 @@ tests: path: spec.template.spec.containers[0].env content: name: AAI_HOST - value: https://aai.NAMESPACE:8443 + value: http://aai.NAMESPACE:80 - contains: path: spec.template.spec.containers[0].env content: diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml index dc323675ad..e2b7341b7c 100644 --- a/kubernetes/nbi/values.yaml +++ b/kubernetes/nbi/values.yaml @@ -24,31 +24,7 @@ global: service: mariadb-galera internalPort: 3306 nameOverride: mariadb-galera - aafEnabled: true - msbEnabled: true - -################################################################# -# AAF part -################################################################# -certInitializer: - nameOverride: nbi-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - # aafDeployCredsExternalSecret: some secret - fqdn: nbi - fqi: nbi@nbi.onap.org - public_fqdn: nbi.onap.org - cadi_longitude: "0.0" - cadi_latitude: "0.0" - app_ns: org.osaaf.aaf - credsPath: /opt/app/osaaf/local - aaf_add_config: > - echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" > {{ .Values.credsPath }}/mycreds.prop - echo "cadi_truststore_password=$cadi_truststore_password" >> {{ .Values.credsPath }}/mycreds.prop - -aafConfig: - permission_user: 1000 - permission_group: 999 + msbEnabled: false ################################################################# # Secrets metaconfig @@ -150,12 +126,10 @@ service: type: NodePort portName: api name: nbi - internalPort: 8443 - internalPlainPort: 8080 + internalPort: 8080 ports: - name: http - port: 8443 - plain_port: 8080 + port: 8080 nodePort: '74' ingress: @@ -163,8 +137,7 @@ ingress: service: - baseaddr: "nbi-api" name: "nbi" - port: 8443 - plain_port: 8080 + port: 8080 config: ssl: "redirect" # Resource Limit flavor -By Default using small -- cgit 1.2.3-korg