From f10c5555b94780a402c5d62dce1e60dfe12390ec Mon Sep 17 00:00:00 2001 From: Andreas Geissler Date: Tue, 21 Mar 2023 18:09:46 +0100 Subject: [POLICY] Cleanup of Helmcharts from AAF/TLS options Remove AAF options and Certificate settings Disable Istio Sidecar injection for DB jobs due to problems during DB Migration Extended the timeouts for clamp-runtime-acm Issue-ID: OOM-3120 Signed-off-by: Andreas Geissler Change-Id: I802fa2038535524f4696513acd5aa7772e0a3f35 --- kubernetes/policy/components/policy-gui/Chart.yaml | 3 -- .../policy-gui/resources/config/application.yml | 12 ++--- .../policy-gui/templates/deployment.yaml | 41 +++-------------- .../components/policy-gui/templates/service.yaml | 27 +---------- .../policy/components/policy-gui/values.yaml | 52 ++-------------------- 5 files changed, 13 insertions(+), 122 deletions(-) (limited to 'kubernetes/policy/components/policy-gui') diff --git a/kubernetes/policy/components/policy-gui/Chart.yaml b/kubernetes/policy/components/policy-gui/Chart.yaml index b2769c3e7a..e1d809d41b 100644 --- a/kubernetes/policy/components/policy-gui/Chart.yaml +++ b/kubernetes/policy/components/policy-gui/Chart.yaml @@ -24,9 +24,6 @@ name: policy-gui version: 12.0.0 dependencies: - - name: certInitializer - version: ~12.x-0 - repository: '@local' - name: repositoryGenerator version: ~12.x-0 repository: '@local' diff --git a/kubernetes/policy/components/policy-gui/resources/config/application.yml b/kubernetes/policy/components/policy-gui/resources/config/application.yml index 9be81d8ddd..f81a1b452a 100644 --- a/kubernetes/policy/components/policy-gui/resources/config/application.yml +++ b/kubernetes/policy/components/policy-gui/resources/config/application.yml @@ -1,18 +1,12 @@ server: port: 2443 ssl: - enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} -# enabled-protocols: TLSv1.2 -# client-auth: want -# key-store: file:${KEYSTORE} -# key-store-password: ${KEYSTORE_PASSWD} -# trust-store: file:${TRUSTSTORE} -# trust-store-password: ${TRUSTSTORE_PASSWD} + enabled: false clamp: url: - disable-ssl-validation: {{ (eq "true" (include "common.needTLS" .)) | ternary false true }} - disable-ssl-hostname-check: {{ (eq "true" (include "common.needTLS" .)) | ternary false true }} + disable-ssl-validation: true + disable-ssl-hostname-check: true apex-editor: upload-url: diff --git a/kubernetes/policy/components/policy-gui/templates/deployment.yaml b/kubernetes/policy/components/policy-gui/templates/deployment.yaml index 8513943150..7a573d0356 100644 --- a/kubernetes/policy/components/policy-gui/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-gui/templates/deployment.yaml @@ -20,24 +20,12 @@ apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: + selector: {{- include "common.selectors" . | nindent 4 }} replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ include "common.name" . }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - command: @@ -46,14 +34,6 @@ spec: - -c - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" env: - - name: KEYSTORE - value: {{ .Values.certStores.keystoreLocation }} - - name: KEYSTORE_PASSWD - value: {{ .Values.certStores.keyStorePassword }} - - name: TRUSTSTORE - value: {{ .Values.certStores.truststoreLocation }} - - name: TRUSTSTORE_PASSWD - value: {{ .Values.certStores.trustStorePassword }} - name: POLICY_LOGS value: {{ .Values.log.path }} volumeMounts: @@ -78,7 +58,6 @@ spec: image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness -{{ include "common.certInitializer.initContainer" . | nindent 6 }} containers: # side car containers {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }} @@ -86,18 +65,8 @@ spec: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} -{{- if not (include "common.onServiceMesh" .) }} - command: ["sh","-c"] - args: ["source {{ .Values.certInitializer.credsPath }}/.ci;/opt/app/policy/gui/bin/policy-gui.sh"] - env: -{{ else }} command: ["/opt/app/policy/gui/bin/policy-gui.sh"] env: - - name: KEYSTORE_PASSWD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} - - name: TRUSTSTORE_PASSWD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} -{{ end }} - name: CLAMP_URL value: http://policy-clamp-runtime-acm:6969 ports: @@ -116,7 +85,7 @@ spec: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} + volumeMounts: - name: logs mountPath: {{ .Values.log.path }} - mountPath: /opt/app/policy/gui/etc/application.yml @@ -135,7 +104,7 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} + volumes: - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }} diff --git a/kubernetes/policy/components/policy-gui/templates/service.yaml b/kubernetes/policy/components/policy-gui/templates/service.yaml index 827e93a4f2..36406228d5 100644 --- a/kubernetes/policy/components/policy-gui/templates/service.yaml +++ b/kubernetes/policy/components/policy-gui/templates/service.yaml @@ -18,29 +18,4 @@ # ============LICENSE_END========================================================= */}} -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} ---- +{{ include "common.service" . }} diff --git a/kubernetes/policy/components/policy-gui/values.yaml b/kubernetes/policy/components/policy-gui/values.yaml index 178aa4e67c..8b41911799 100644 --- a/kubernetes/policy/components/policy-gui/values.yaml +++ b/kubernetes/policy/components/policy-gui/values.yaml @@ -22,52 +22,6 @@ global: # global defaults nodePortPrefix: 304 centralizedLoggingEnabled: true - #AAF service - aafEnabled: true - -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: keystore-password - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.keyStorePassword }}' - passwordPolicy: required - - uid: truststore-password - type: password - externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' - password: '{{ .Values.certStores.trustStorePassword }}' - passwordPolicy: required - -certStores: - keyStorePassword: Pol1cy_0nap - keystoreLocation: /opt/app/policy/gui/etc/ssl/policy-keystore - truststoreLocation: /opt/app/policy/gui/etc/ssl/policy-truststore - trustStorePassword: Pol1cy_0nap - -################################################################# -# AAF part -################################################################# -certInitializer: - nameOverride: policy-gui-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - fqdn: policy - fqi: policy@policy.onap.org - public_fqdn: policy.onap.org - cadi_latitude: "0.0" - cadi_longitude: "0.0" - credsPath: /opt/app/osaaf/local - app_ns: org.osaaf.aaf - uid: 100 - gid: 101 - aaf_add_config: > - echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci; - echo "export TRUSTSTORE='{{ .Values.credsPath }}/org.onap.policy.trust.jks'" >> {{ .Values.credsPath }}/.ci; - echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; - echo "export TRUSTSTORE_PASSWD='${cadi_truststore_password}'" >> {{ .Values.credsPath }}/.ci; - chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); subChartsOnly: enabled: true @@ -118,9 +72,11 @@ readiness: service: type: NodePort name: policy-gui - portName: http internalPort: 2443 - nodePort: 43 + ports: + - name: http + port: 2443 + nodePort: 43 # see https://wiki.onap.org/display/DW/OOM+NodePort+List -- cgit 1.2.3-korg