From dd34eadb816e1089a7121dda9810e902caf3e6c4 Mon Sep 17 00:00:00 2001 From: Andreas Geissler Date: Mon, 20 Mar 2023 17:16:45 +0100 Subject: [SDC] Chart cleanup for AAF/TLS removal Use latest helm templates and remove TLS/AAF related parts Issue-ID: OOM-3121 Signed-off-by: Andreas Geissler Change-Id: I453d9bfb471462a3c2f4825a3a542c61df353cf5 --- kubernetes/sdc/components/sdc-wfd-be/Chart.yaml | 3 -- .../sdc-wfd-be/templates/deployment.yaml | 61 +++++----------------- .../components/sdc-wfd-be/templates/ingress.yaml | 17 ++++++ .../sdc/components/sdc-wfd-be/templates/job.yaml | 11 +--- .../components/sdc-wfd-be/templates/service.yaml | 27 +--------- kubernetes/sdc/components/sdc-wfd-be/values.yaml | 37 ++----------- 6 files changed, 38 insertions(+), 118 deletions(-) (limited to 'kubernetes/sdc/components/sdc-wfd-be') diff --git a/kubernetes/sdc/components/sdc-wfd-be/Chart.yaml b/kubernetes/sdc/components/sdc-wfd-be/Chart.yaml index 51e84a690e..55b79aa127 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/Chart.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/Chart.yaml @@ -20,9 +20,6 @@ name: sdc-wfd-be version: 12.0.0 dependencies: - - name: certInitializer - version: ~12.x-0 - repository: '@local' - name: repositoryGenerator version: ~12.x-0 repository: '@local' diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml index a187e19a75..da620359da 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml @@ -1,6 +1,7 @@ {{/* # Copyright © 2017 Amdocs, AT&T, Bell Canada # Modifications Copyright © 2018 ZTE +# Modifications Copyright © 2023 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,26 +18,14 @@ apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - selector: - matchLabels: - app: {{ include "common.name" . }} + selector: {{- include "common.selectors" . | nindent 4 }} replicas: {{ .Values.replicaCount }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: - initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} + initContainers: {{- if .Values.initJob.enabled }} - name: {{ include "common.name" . }}-job-completion image: {{ include "repositoryGenerator.image.readiness" . }} @@ -45,7 +34,7 @@ spec: - /app/ready.py args: - --job-name - - {{ include "common.fullname" . }}-workflow-init + - {{ include "common.fullname" . }} env: - name: NAMESPACE valueFrom: @@ -64,28 +53,13 @@ spec: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - {{- if .Values.global.aafEnabled }} - command: - - sh - args: - - "-c" - - | - export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) - export SERVER_SSL_KEY_PASSWORD=$cadi_keystore_password_p12 - export KEYMANAGER_PASS=$cadi_keystore_password_p12 - export SERVER_SSL_TRUST_PASSWORD=$cadi_truststore_password - export SERVER_SSL_KEYSTORE_PATH={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} - export SERVER_SSL_TRUSTSTORE_PATH={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} - ./startup.sh - {{- end }} - ports: - - containerPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} + ports: {{ include "common.containerPorts" . | nindent 12 }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{ if .Values.liveness.enabled }} livenessProbe: tcpSocket: - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} + port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} successThreshold: {{ .Values.liveness.successThreshold }} @@ -93,14 +67,14 @@ spec: {{ end }} readinessProbe: tcpSocket: - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} + port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} successThreshold: {{ .Values.readiness.successThreshold }} failureThreshold: {{ .Values.readiness.failureThreshold }} startupProbe: tcpSocket: - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} + port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }} periodSeconds: {{ .Values.startup.periodSeconds }} successThreshold: {{ .Values.startup.successThreshold }} @@ -128,28 +102,17 @@ spec: valueFrom: secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: cs_truststore_password} - name: SDC_PROTOCOL - value: "{{ (eq "true" (include "common.needTLS" .)) | ternary "HTTPS" "HTTP" }}" + value: "HTTP" - name: SDC_ENDPOINT - value: "{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.sdcEndpoint.https .Values.config.sdcEndpoint.http }}" + value: "{{ .Values.config.sdcEndpoint.http }}" - name: SDC_USER value: "{{ .Values.config.sdcExternalUser }}" - name: SDC_PASSWORD valueFrom: secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: wf_external_user_password} - {{- if (include "common.needTLS" .) }} - - name: SERVER_SSL_ENABLED - value: "true" - - name: SERVER_SSL_KEYSTORE_TYPE - value: "{{ .Values.config.serverSSLKeyStoreType }}" - - name: SERVER_SSL_TRUSTSTORE_TYPE - value: "{{ .Values.config.serverSSLTrustStoreType }}" - {{- else }} - name: SERVER_SSL_ENABLED value: "false" - {{- end }} - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} resources: {{ include "common.resources" . | nindent 12 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml index 171442dfdc..e9e5fcf1d1 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml @@ -1 +1,18 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2023 Deutsche Telekom +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + {{include "common.ingress" .}} diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml index 4184063f73..9ba05b8631 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml @@ -18,14 +18,7 @@ {{ if .Values.initJob.enabled }} apiVersion: batch/v1 kind: Job -metadata: - name: {{ include "common.fullname" . }}-workflow-init - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }}-job - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: backoffLimit: 20 template: @@ -43,7 +36,7 @@ spec: - /app/ready.py args: - --job-name - - {{ include "common.release" . }}-sdc-cs-config-cassandra + - {{ include "common.release" . }}-sdc-cs - "-t" - "20" env: diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml index 2f4129b03f..895eac1794 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml @@ -2,6 +2,7 @@ # Copyright © 2018 Amdocs, Bell Canada # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T, ZTE +# Modifications Copyright © 2023 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,28 +17,4 @@ # limitations under the License. */}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} - {{- else -}} - - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.externalPort2 .Values.service.externalPort }} - targetPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} - name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} +{{ include "common.service" . }} \ No newline at end of file diff --git a/kubernetes/sdc/components/sdc-wfd-be/values.yaml b/kubernetes/sdc/components/sdc-wfd-be/values.yaml index 8e4916901b..b011a03969 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/values.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/values.yaml @@ -18,7 +18,6 @@ ################################################################# global: nodePortPrefix: 302 - aafEnabled: true sdc_cassandra: # This flag allows SDC to instantiate its own cluster, serviceName # should be sdc-cs if this flag is enabled @@ -32,29 +31,6 @@ global: clusterName: cassandra dataCenter: Pod -################################################################# -# AAF Part -################################################################# -certInitializer: - nameOverride: sdc-wfd-be-cert-init - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - fqdn: sdc - fqi: sdc@sdc.onap.org - public_fqdn: sdc.onap.org - cadi_longitude: "0.0" - cadi_latitude: "0.0" - app_ns: org.osaaf.aaf - credsPath: /opt/app/osaaf/local - addconfig: true - keystoreFile: "org.onap.sdc.p12" - truststoreFile: "org.onap.sdc.trust.jks" - permission_user: 352070 - permission_group: 35953 - aaf_add_config: | - echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" > {{ .Values.credsPath }}/mycreds.prop - echo "cadi_truststore_password=$cadi_truststore_password" >> {{ .Values.credsPath }}/mycreds.prop - ################################################################# # Application configuration defaults. ################################################################# @@ -71,7 +47,6 @@ config: cassandraAuthenticationEnabled: true cassandraClientPort: 9042 sdcEndpoint: - https: sdc-be:8443 http: sdc-be:8080 sdcExternalUser: workflow serverSSLKeyStoreType: jks @@ -126,20 +101,18 @@ startup: service: type: NodePort - portName: http internalPort: 8080 - externalPort: 8080 - internalPort2: 8443 - externalPort2: 8443 - nodePort: "57" # only one node port. set to http or https port depending on isHttpsEnabled property + ports: + - name: http + port: 8080 + nodePort: "57" ingress: enabled: false service: - baseaddr: "sdc-wfd-be-api" name: "sdc-wfd-be" - port: 8443 - plain_port: 8080 + port: 8080 config: ssl: "redirect" -- cgit 1.2.3-korg