From 5b65132e0ad056bf96bc2a905576e309ef373e7b Mon Sep 17 00:00:00 2001 From: Sylvain Desbureaux Date: Mon, 7 Dec 2020 15:34:15 +0100 Subject: [AAI] Uses new tpls for repos / images This commit makes AAI chart to use the new generator for repositories and images. Issue-ID: OOM-2364 Signed-off-by: Sylvain Desbureaux Change-Id: I601be377556d16580f2eda6d00d144fb4a21b445 --- .../aai/components/aai-resources/requirements.yaml | 26 +++++ .../aai-resources/templates/deployment.yaml | 107 ++++++++++----------- .../aai/components/aai-resources/values.yaml | 101 ++++++++++++++++++- 3 files changed, 174 insertions(+), 60 deletions(-) create mode 100644 kubernetes/aai/components/aai-resources/requirements.yaml (limited to 'kubernetes/aai/components/aai-resources') diff --git a/kubernetes/aai/components/aai-resources/requirements.yaml b/kubernetes/aai/components/aai-resources/requirements.yaml new file mode 100644 index 0000000000..42641a2e5c --- /dev/null +++ b/kubernetes/aai/components/aai-resources/requirements.yaml @@ -0,0 +1,26 @@ +# Copyright © 2018 Amdocs, AT&T +# Modifications Copyright © 2018 Bell Canada +# Modifications Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~7.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: repositoryGenerator + version: ~7.x-0 + repository: '@local' \ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml index ae328f5911..4c3a0c1649 100644 --- a/kubernetes/aai/components/aai-resources/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml @@ -1175,26 +1175,26 @@ spec: ]' spec: hostname: aai-resources - {{ if .Values.global.initContainers.enabled }} - {{ if .Values.global.installSidecarSecurity }} + {{- if .Values.global.initContainers.enabled }} + {{- if .Values.global.installSidecarSecurity }} hostAliases: - ip: {{ .Values.global.aaf.serverIp }} hostnames: - {{ .Values.global.aaf.serverHostname }} - {{ end }} + {{- end }} initContainers: - command: - {{ if .Values.global.jobs.migration.enabled }} + {{- if .Values.global.jobs.migration.enabled }} - /app/ready.py args: - --job-name - {{ include "common.release" . }}-aai-graphadmin-migration - {{ else if .Values.global.jobs.createSchema.enabled }} + {{- else if .Values.global.jobs.createSchema.enabled }} - /app/ready.py args: - --job-name - {{ include "common.release" . }}-aai-graphadmin-create-db-schema - {{ else }} + {{- else }} - /app/ready.py args: - --container-name @@ -1205,27 +1205,27 @@ spec: {{- end }} - --container-name - aai-schema-service - {{ end }} + {{- end }} env: - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness - {{ if .Values.global.installSidecarSecurity }} + {{- if .Values.global.installSidecarSecurity }} - name: {{ .Values.global.tproxyConfig.name }} - image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.tproxyConfig.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} securityContext: privileged: true - {{ end }} - {{ end }} + {{- end }} + {{- end }} containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: LOCAL_USER_ID @@ -1256,11 +1256,11 @@ spec: - mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties name: {{ include "common.fullname" . }}-config subPath: realm.properties - {{ if .Values.global.installSidecarSecurity }} + {{- if .Values.global.installSidecarSecurity }} - mountPath: /opt/app/aai-resources/resources/etc/auth/aai_policy.json name: {{ include "common.fullname" . }}-aai-policy subPath: aai_policy.json - {{ end }} + {{- end }} - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.keyfile name: {{ include "common.fullname" . }}-aaf-certs subPath: org.onap.aai.keyfile @@ -1291,43 +1291,39 @@ spec: - mountPath: /opt/app/aai-resources/resources/application-keycloak.properties name: {{ include "common.fullname" . }}-config subPath: application-keycloak.properties - {{ $global := . }} - {{ range $job := .Values.global.config.auth.files }} + {{- $global := . }} + {{- range $job := .Values.global.config.auth.files }} - mountPath: /opt/app/aai-resources/resources/etc/auth/{{ . }} name: {{ include "common.fullname" $global }}-auth-truststore-sec subPath: {{ . }} - {{ end }} + {{- end }} ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.internalPort2 }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container - {{ if .Values.liveness.enabled }} + {{- if .Values.liveness.enabled }} livenessProbe: tcpSocket: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end }} + {{- end }} readinessProbe: tcpSocket: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - resources: -{{ include "common.resources" . }} + resources: {{ include "common.resources" . | nindent 12 }} {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end -}} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} + {{- end }} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} + affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} - # side car containers - name: filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + image: {{ include "repositoryGenerator.image.logging" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: /usr/share/filebeat/filebeat.yml @@ -1337,11 +1333,10 @@ spec: name: {{ include "common.fullname" . }}-logs - mountPath: /usr/share/filebeat/data name: {{ include "common.fullname" . }}-filebeat - resources: -{{ include "common.resources" . }} - {{ if .Values.global.installSidecarSecurity }} + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.global.installSidecarSecurity }} - name: {{ .Values.global.rproxy.name }} - image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.rproxy.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: CONFIG_HOME @@ -1386,9 +1381,8 @@ spec: subPath: org.onap.aai.p12 ports: - containerPort: {{ .Values.global.rproxy.port }} - - name: {{ .Values.global.fproxy.name }} - image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}" + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.fproxy.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: CONFIG_HOME @@ -1417,8 +1411,7 @@ spec: subPath: client-cert.p12 ports: - containerPort: {{ .Values.global.fproxy.port }} - {{ end }} - + {{- end }} volumes: - name: aai-common-aai-auth-mount secret: @@ -1435,50 +1428,50 @@ spec: emptyDir: {} - name: {{ include "common.fullname" . }}-config configMap: - name: {{ include "common.fullname" . }}-configmap + name: {{ include "common.fullname" . }}-configmap - name: {{ include "common.fullname" . }}-aaf-properties configMap: - name: {{ include "common.fullname" . }}-aaf-props + name: {{ include "common.fullname" . }}-aaf-props - name: {{ include "common.fullname" . }}-aaf-certs secret: - secretName: {{ include "common.fullname" . }}-aaf-keys + secretName: {{ include "common.fullname" . }}-aaf-keys - name: {{ include "common.fullname" . }}-auth-truststore-sec secret: - secretName: aai-common-truststore - items: - {{ range $job := .Values.global.config.auth.files }} - - key: {{ . }} - path: {{ . }} - {{ end }} - {{ if .Values.global.installSidecarSecurity }} + secretName: aai-common-truststore + items: + {{- range $job := .Values.global.config.auth.files }} + - key: {{ . }} + path: {{ . }} + {{- end }} + {{- if .Values.global.installSidecarSecurity }} - name: {{ include "common.fullname" . }}-aai-policy configMap: - name: {{ include "common.fullname" . }}-aai-policy-configmap + name: {{ include "common.fullname" . }}-aai-policy-configmap - name: {{ include "common.fullname" . }}-rproxy-config configMap: - name: {{ include "common.fullname" . }}-rproxy-config + name: {{ include "common.fullname" . }}-rproxy-config - name: {{ include "common.fullname" . }}-rproxy-log-config configMap: - name: {{ include "common.fullname" . }}-rproxy-log-config + name: {{ include "common.fullname" . }}-rproxy-log-config - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config configMap: - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + name: {{ include "common.fullname" . }}-rproxy-uri-auth-config - name: {{ include "common.fullname" . }}-rproxy-auth-config secret: - secretName: {{ include "common.fullname" . }}-rproxy-auth-config + secretName: {{ include "common.fullname" . }}-rproxy-auth-config - name: {{ include "common.fullname" . }}-rproxy-security-config secret: - secretName: {{ include "common.fullname" . }}-rproxy-security-config + secretName: {{ include "common.fullname" . }}-rproxy-security-config - name: {{ include "common.fullname" . }}-fproxy-config configMap: - name: {{ include "common.fullname" . }}-fproxy-config + name: {{ include "common.fullname" . }}-fproxy-config - name: {{ include "common.fullname" . }}-fproxy-log-config configMap: - name: {{ include "common.fullname" . }}-fproxy-log-config + name: {{ include "common.fullname" . }}-fproxy-log-config - name: {{ include "common.fullname" . }}-fproxy-auth-config secret: - secretName: {{ include "common.fullname" . }}-fproxy-auth-config - {{ end }} + secretName: {{ include "common.fullname" . }}-fproxy-auth-config + {{- end }} restartPolicy: {{ .Values.restartPolicy }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml index 4b77e31084..2685d9a3f5 100644 --- a/kubernetes/aai/components/aai-resources/values.yaml +++ b/kubernetes/aai/components/aai-resources/values.yaml @@ -1,5 +1,5 @@ # Copyright (c) 2018 Amdocs, Bell Canada, AT&T -# Copyright (c) 2020 Nokia +# Copyright (c) 2020 Nokia, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,10 +18,105 @@ # Declare variables to be passed into your templates. global: # global defaults nodePortPrefix: 302 - readinessImage: onap/oom/readiness:3.0.1 + cassandra: + #Service Name of the cassandra cluster to connect to. + #Override it to aai-cassandra if localCluster is enabled. + serviceName: cassandra + + rproxy: + name: reverse-proxy + + initContainers: + enabled: true + + # Specifies a list of jobs to be run + jobs: + # When enabled, it will create the schema based on oxm and edge rules + createSchema: + enabled: true + #migration using helm hooks + migration: + enabled: false + + config: + # Specifies that the cluster connected to a dynamic + # cluster being spinned up by kubernetes deployment + cluster: + cassandra: + dynamic: true + + # Specifies if the basic authorization is enabled + basic: + auth: + enabled: true + username: AAI + passwd: AAI + + # Active spring profiles for the resources microservice + profiles: + active: production,dmaap,aaf-auth + + # Notification event specific properties + notification: + eventType: AAI-EVENT + domain: dev + + # Schema specific properties that include supported versions of api + schema: + # Specifies if the connection should be one way ssl, two way ssl or no auth + service: + client: one-way-ssl + # Specifies which translator to use if it has schema-service, then it will make a rest request to schema service + translator: + list: schema-service + source: + # Specifies which folder to take a look at + name: onap + uri: + # Base URI Path of the application + base: + path: /aai + version: + # Current version of the REST API + api: + default: v21 + # Specifies which version the depth parameter is configurable + depth: v11 + # List of all the supported versions of the API + list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21 + # Specifies from which version related link should appear + related: + link: v11 + # Specifies from which version the app root change happened + app: + root: v11 + # Specifies from which version the xml namespace changed + namespace: + change: v12 + # Specifies from which version the edge label appeared in API + edge: + label: v12 + + # Keystore configuration password and filename + keystore: + filename: aai_keystore + passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 + + # Truststore configuration password and filename + truststore: + filename: aai_keystore + passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 + + # Specifies a list of files to be included in auth volume + auth: + files: + - aai_keystore + + # Specifies which clients should always default to realtime graph connection + realtime: + clients: SDNC,MSO,SO,robot-ete # application image -repository: nexus3.onap.org:10001 image: onap/aai-resources:1.7.2 pullPolicy: Always restartPolicy: Always -- cgit 1.2.3-korg