From 4ee97a9f28fcb17b272e4e94931f9528afe797a7 Mon Sep 17 00:00:00 2001 From: Andreas Geissler Date: Fri, 29 Apr 2022 13:01:14 +0200 Subject: [CDS] Service mesh compatibility Patch on CDS charts dedicated to remove https and cert-related calls from all files. This ensure compatibility with patched AAI (IID: OOM-2670) and lays ground for service mesh use. Replaces https://gerrit.onap.org/r/c/oom/+/126099 Correction for CDS-Strimzi support in application properties Issue-ID: OOM-2824 Signed-off-by: Andreas Geissler Change-Id: I522fe60ca748b7e5f731045dac8ca11b13ae2811 --- .../resources/config/application.properties | 24 +++++++++++-------- .../templates/service.yaml | 2 +- .../cds-blueprints-processor/values.yaml | 27 ++++++++++++++-------- .../components/cds-command-executor/values.yaml | 6 ++--- .../cds/components/cds-py-executor/values.yaml | 4 ++-- .../resources/config/application.yaml | 7 ++---- .../cds-sdc-listener/templates/deployment.yaml | 5 ++-- .../cds-sdc-listener/templates/service.yaml | 2 +- .../cds/components/cds-sdc-listener/values.yaml | 2 +- kubernetes/cds/components/cds-ui/values.yaml | 4 ++-- 10 files changed, 46 insertions(+), 37 deletions(-) (limited to 'kubernetes/cds/components') diff --git a/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties b/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties index 0beaf4a42a..b6a3433439 100755 --- a/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties +++ b/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties @@ -101,7 +101,11 @@ blueprintsprocessor.restclient.sdnc.password=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoG # AAI Data REST Client settings blueprintsprocessor.restclient.aai-data.type=basic-auth -blueprintsprocessor.restclient.aai-data.url=https://aai:8443 +{{ if ( include "common.needTLS" .) }} +blueprintsprocessor.restclient.aai-data.url=https://{{ .Values.global.aaiData.ServiceName }}:8443 +{{- else -}} +blueprintsprocessor.restclient.aai-data.url=http://{{ .Values.global.aaiData.ServiceName }}:{{ .Values.global.aaiData.ExternalPlainPort }} +{{- end }} blueprintsprocessor.restclient.aai-data.username=aai@aai.onap.org blueprintsprocessor.restclient.aai-data.password=demo123456! blueprintsprocessor.restclient.aai-data.additionalHeaders.X-TransactionId=cds-transaction-id @@ -111,7 +115,7 @@ blueprintsprocessor.restclient.aai-data.additionalHeaders.Accept=application/jso # Self Service Request Kafka Message Consumer blueprintsprocessor.messageconsumer.self-service-api.kafkaEnable={{ .Values.kafkaRequestConsumer.enabled }} blueprintsprocessor.messageconsumer.self-service-api.type={{ .Values.kafkaRequestConsumer.type }} -{{- if eq .Values.useStrimziKafka true }} +{{ if eq .Values.useStrimziKafka true }} blueprintsprocessor.messageconsumer.self-service-api.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 {{- else -}} blueprintsprocessor.messageconsumer.self-service-api.bootstrapServers={{ .Values.kafkaRequestConsumer.bootstrapServers }} @@ -120,7 +124,7 @@ blueprintsprocessor.messageconsumer.self-service-api.groupId={{ .Values.kafkaReq blueprintsprocessor.messageconsumer.self-service-api.topic={{ .Values.kafkaRequestConsumer.topic }} blueprintsprocessor.messageconsumer.self-service-api.clientId={{ .Values.kafkaRequestConsumer.clientId }} blueprintsprocessor.messageconsumer.self-service-api.pollMillSec={{ .Values.kafkaRequestConsumer.pollMillSec }} -{{- if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }} +{{ if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }} # SCRAM blueprintsprocessor.messageconsumer.self-service-api.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }} blueprintsprocessor.messageconsumer.self-service-api.scramPassword=${JAAS_PASS} @@ -128,14 +132,14 @@ blueprintsprocessor.messageconsumer.self-service-api.scramPassword=${JAAS_PASS} # Self Service Response Kafka Message Producer blueprintsprocessor.messageproducer.self-service-api.type={{ .Values.kafkaRequestProducer.type }} -{{- if eq .Values.useStrimziKafka true }} +{{ if eq .Values.useStrimziKafka true }} blueprintsprocessor.messageproducer.self-service-api.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 {{- else -}} blueprintsprocessor.messageproducer.self-service-api.bootstrapServers={{ .Values.kafkaRequestProducer.bootstrapServers }} {{- end }} blueprintsprocessor.messageproducer.self-service-api.clientId={{ .Values.kafkaRequestProducer.clientId }} blueprintsprocessor.messageproducer.self-service-api.topic={{ .Values.kafkaRequestProducer.topic }} -{{- if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }} +{{ if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }} # SCRAM blueprintsprocessor.messageproducer.self-service-api.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }} blueprintsprocessor.messageproducer.self-service-api.scramPassword=${JAAS_PASS} @@ -146,14 +150,14 @@ blueprintsprocessor.messageproducer.self-service-api.scramPassword=${JAAS_PASS} ## Audit request blueprintsprocessor.messageproducer.self-service-api.audit.kafkaEnable={{ .Values.kafkaAuditRequest.enabled }} blueprintsprocessor.messageproducer.self-service-api.audit.request.type={{ .Values.kafkaAuditRequest.type }} -{{- if eq .Values.useStrimziKafka true }} +{{ if eq .Values.useStrimziKafka true }} blueprintsprocessor.messageproducer.self-service-api.audit.request.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 {{- else -}} blueprintsprocessor.messageproducer.self-service-api.audit.request.bootstrapServers={{ .Values.kafkaAuditRequest.bootstrapServers }} {{- end }} blueprintsprocessor.messageproducer.self-service-api.audit.request.clientId={{ .Values.kafkaAuditRequest.clientId }} blueprintsprocessor.messageproducer.self-service-api.audit.request.topic={{ .Values.kafkaAuditRequest.topic }} -{{- if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }} +{{ if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }} # SCRAM blueprintsprocessor.messageproducer.self-service-api.audit.request.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }} blueprintsprocessor.messageproducer.self-service-api.audit.request.scramPassword=${JAAS_PASS} @@ -161,14 +165,14 @@ blueprintsprocessor.messageproducer.self-service-api.audit.request.scramPassword ## Audit response blueprintsprocessor.messageproducer.self-service-api.audit.response.type={{ .Values.kafkaAuditResponse.type }} -{{- if eq .Values.useStrimziKafka true }} +{{ if eq .Values.useStrimziKafka true }} blueprintsprocessor.messageproducer.self-service-api.audit.response.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 {{- else -}} blueprintsprocessor.messageproducer.self-service-api.audit.response.bootstrapServers={{ .Values.kafkaAuditRequest.bootstrapServers }} {{- end }} blueprintsprocessor.messageproducer.self-service-api.audit.response.clientId={{ .Values.kafkaAuditResponse.clientId }} blueprintsprocessor.messageproducer.self-service-api.audit.response.topic={{ .Values.kafkaAuditResponse.topic }} -{{- if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }} +{{ if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }} # SCRAM blueprintsprocessor.messageproducer.self-service-api.audit.response.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }} blueprintsprocessor.messageproducer.self-service-api.audit.response.scramPassword=${JAAS_PASS} @@ -194,7 +198,7 @@ endpoints.user.name=eHbVUbJAj4AG2522cSbrOQ== endpoints.user.password=eHbVUbJAj4AG2522cSbrOQ== #BaseUrls for health check blueprint processor services -blueprintprocessor.healthcheck.baseUrl=http://localhost:8080/ +blueprintprocessor.healthcheck.baseUrl=http://cds-blueprints-processor-http:8080/ blueprintprocessor.healthcheck.mapping-service-name-with-service-link=[Execution service,/api/v1/execution-service/health-check],[Resources service,/api/v1/resources/health-check],[Template service,/api/v1/template/health-check] #BaseUrls for health check Cds Listener services diff --git a/kubernetes/cds/components/cds-blueprints-processor/templates/service.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/service.yaml index 5d2e438e1e..153740c553 100755 --- a/kubernetes/cds/components/cds-blueprints-processor/templates/service.yaml +++ b/kubernetes/cds/components/cds-blueprints-processor/templates/service.yaml @@ -33,7 +33,7 @@ spec: {{- if eq .Values.service.http.type "NodePort"}} nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.http.nodePort }} {{- end}} - name: {{ .Values.service.http.portName | default "http" }} + name: {{ .Values.service.http.portName | default "http" }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} diff --git a/kubernetes/cds/components/cds-blueprints-processor/values.yaml b/kubernetes/cds/components/cds-blueprints-processor/values.yaml index af9482b663..c2745ca7e3 100755 --- a/kubernetes/cds/components/cds-blueprints-processor/values.yaml +++ b/kubernetes/cds/components/cds-blueprints-processor/values.yaml @@ -28,10 +28,17 @@ global: persistence: mountPath: /dockerdata-nfs - #This configuration specifies Service and port for SDNC OAM interface + # This configuration specifies Service and port for SDNC OAM interface sdncOamService: sdnc-oam sdncOamPort: 8282 + # This concerns CDS/AAI communication through HTTP when TLS is not being needed + # Port value should match the one in aai/values.yml : service.externalPlainPort + aaiData: + ExternalPlainPort: 80 # when TLS is not needed + ServiceName: aai # domain + # http://aai:80 or https://aai:443 + #AAF is enabled by default #aafEnabled: true @@ -108,7 +115,7 @@ config: dbService: mariadb-galera dbPort: 3306 dbName: sdnctl - #dbRootPass: Custom root password + # dbRootPass: Custom root password dbRootPassExternalSecret: '{{ include "common.mariadb.secret.rootPassSecretName" ( dict "dot" . "chartName" .Values.config.sdncDB.dbService ) }}' cdsDB: dbServer: cds-db @@ -170,12 +177,12 @@ startup: periodSeconds: 10 liveness: - initialDelaySeconds: 0 + initialDelaySeconds: 1 periodSeconds: 20 - timeoutSeconds: 20 + timeoutSeconds: 30 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container - enabled: true + enabled: false readiness: initialDelaySeconds: 120 @@ -185,17 +192,17 @@ readiness: service: http: type: ClusterIP - portName: blueprints-processor-http + portName: http internalPort: 8080 externalPort: 8080 grpc: type: ClusterIP - portName: blueprints-processor-grpc + portName: grpc internalPort: 9111 externalPort: 9111 cluster: type: ClusterIP - portName: blueprints-processor-cluster + portName: tcp-cluster internalPort: 5701 externalPort: 5701 @@ -223,8 +230,8 @@ ingress: - baseaddr: "blueprintsprocessorhttp" name: "cds-blueprints-processor-http" port: 8080 - config: - ssl: "none" + config: + ssl: "none" logback: rootLogLevel: INFO diff --git a/kubernetes/cds/components/cds-command-executor/values.yaml b/kubernetes/cds/components/cds-command-executor/values.yaml index b0c1e35cba..e2511401f3 100755 --- a/kubernetes/cds/components/cds-command-executor/values.yaml +++ b/kubernetes/cds/components/cds-command-executor/values.yaml @@ -63,11 +63,11 @@ readiness: service: type: ClusterIP grpc: - portName: command-executor-grpc + portName: grpc internalPort: 50051 externalPort: 50051 metrics: - portName: command-executor-metrics + portName: tcp-metrics internalPort: 10005 externalPort: 10005 @@ -105,7 +105,7 @@ serviceAccount: metrics: serviceMonitor: enabled: false - port: command-executor-metrics + port: tcp-metrics path: /actuator/prometheus basicAuth: enabled: false diff --git a/kubernetes/cds/components/cds-py-executor/values.yaml b/kubernetes/cds/components/cds-py-executor/values.yaml index 9dc4a3181e..a1eb0a0818 100755 --- a/kubernetes/cds/components/cds-py-executor/values.yaml +++ b/kubernetes/cds/components/cds-py-executor/values.yaml @@ -60,9 +60,9 @@ service: type: ClusterIP ports: - port: 50052 - name: executor-grpc + name: grpc-executor - port: 50053 - name: manager-grpc + name: grpc-manager secrets: - uid: api-credentials diff --git a/kubernetes/cds/components/cds-sdc-listener/resources/config/application.yaml b/kubernetes/cds/components/cds-sdc-listener/resources/config/application.yaml index 7ef5959a1b..3710f5f510 100644 --- a/kubernetes/cds/components/cds-sdc-listener/resources/config/application.yaml +++ b/kubernetes/cds/components/cds-sdc-listener/resources/config/application.yaml @@ -1,6 +1,6 @@ listenerservice: config: - asdcAddress: sdc-be.{{include "common.namespace" .}}:8443 #SDC-BE + asdcAddress: sdc-be.{{include "common.namespace" .}}:{{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }} #SDC-BE messageBusAddress: message-router.{{include "common.namespace" .}} #Message-Router user: cds #SDC-username password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U #SDC-password @@ -14,7 +14,7 @@ listenerservice: keyStorePath: activateServerTLSAuth : false isUseHttpsWithDmaap: false - isUseHttpsWithSDC: true + isUseHttpsWithSDC: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} archivePath: /opt/app/onap/sdc-listener/ grpcAddress: cds-blueprints-processor-grpc grpcPort: 9111 @@ -24,14 +24,11 @@ listenerservice: httpsProxyPort: 0 httpProxyPort: 0 - - cdslistener: healthcheck: baseUrl: http://localhost:9000/ mapping-service-name-with-service-link: "[SDC Listener service,/api/v1/sdclistener/healthcheck]" - management: endpoint: health: diff --git a/kubernetes/cds/components/cds-sdc-listener/templates/deployment.yaml b/kubernetes/cds/components/cds-sdc-listener/templates/deployment.yaml index 4ac847005e..3a6d76165b 100644 --- a/kubernetes/cds/components/cds-sdc-listener/templates/deployment.yaml +++ b/kubernetes/cds/components/cds-sdc-listener/templates/deployment.yaml @@ -63,18 +63,19 @@ spec: value: {{ .Values.config.appConfigDir }} ports: - containerPort: {{ .Values.service.http.internalPort }} + name: {{ .Values.service.http.portName }} {{ if .Values.liveness.enabled }} livenessProbe: httpGet: path: /api/v1/sdclistener/healthcheck - port: {{ .Values.service.http.internalPort }} + port: {{ .Values.service.http.portName }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{end}} readinessProbe: httpGet: path: /api/v1/sdclistener/healthcheck - port: {{ .Values.service.http.internalPort }} + port: {{ .Values.service.http.portName }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: diff --git a/kubernetes/cds/components/cds-sdc-listener/templates/service.yaml b/kubernetes/cds/components/cds-sdc-listener/templates/service.yaml index af837f2b3a..42bd2b33e9 100644 --- a/kubernetes/cds/components/cds-sdc-listener/templates/service.yaml +++ b/kubernetes/cds/components/cds-sdc-listener/templates/service.yaml @@ -31,7 +31,7 @@ spec: {{- if eq .Values.service.type "NodePort"}} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} {{- end}} - name: {{ .Values.service.http.portName | default "http" }} + name: {{ .Values.service.http.portName | default "http" }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} diff --git a/kubernetes/cds/components/cds-sdc-listener/values.yaml b/kubernetes/cds/components/cds-sdc-listener/values.yaml index ac1e3b4dde..1499ad5b04 100644 --- a/kubernetes/cds/components/cds-sdc-listener/values.yaml +++ b/kubernetes/cds/components/cds-sdc-listener/values.yaml @@ -62,7 +62,7 @@ readiness: service: type: ClusterIP http: - portName: cds-sdc-listener-http + portName: http internalPort: 8080 externalPort: 8080 diff --git a/kubernetes/cds/components/cds-ui/values.yaml b/kubernetes/cds/components/cds-ui/values.yaml index 05f766e186..14fc014920 100644 --- a/kubernetes/cds/components/cds-ui/values.yaml +++ b/kubernetes/cds/components/cds-ui/values.yaml @@ -105,8 +105,8 @@ ingress: - baseaddr: "cdsui" name: "cds-ui" port: 3000 - config: - ssl: "redirect" + config: + ssl: "redirect" # Resource Limit flavor -By Default using small flavor: small -- cgit 1.2.3-korg