From 2af5079ba7cc09fda2c19a3f627299b3ef655227 Mon Sep 17 00:00:00 2001 From: Andreas Geissler Date: Mon, 27 Mar 2023 17:11:27 +0200 Subject: [SDNC] Chart cleanup from TLS/AAF options Remove checks and add the usage of common templates Add information about external access to SDNC-callhome and add ingress setup for it Issue-ID: OOM-3122 Signed-off-by: Andreas Geissler Change-Id: I7b32832ee31d811c23b4eaa5d43f7aa9d767c353 --- kubernetes/sdnc/templates/sdnrdb-init-job.yaml | 15 +--------- kubernetes/sdnc/templates/service.yaml | 39 +++++++++++--------------- kubernetes/sdnc/templates/statefulset.yaml | 22 ++++----------- 3 files changed, 22 insertions(+), 54 deletions(-) (limited to 'kubernetes/sdnc/templates') diff --git a/kubernetes/sdnc/templates/sdnrdb-init-job.yaml b/kubernetes/sdnc/templates/sdnrdb-init-job.yaml index 9b69481c58..a36b97d39c 100755 --- a/kubernetes/sdnc/templates/sdnrdb-init-job.yaml +++ b/kubernetes/sdnc/templates/sdnrdb-init-job.yaml @@ -23,13 +23,6 @@ spec: metadata: {{ include "common.templateMetadata" . | indent 6}} spec: initContainers: - {{ include "common.certInitializer.initContainer" . | indent 6 }} - {{ if .Values.global.aafEnabled }} - - name: {{ include "common.name" . }}-chown - image: {{ include "repositoryGenerator.image.busybox" . }} - command: ["sh", "-c", "chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certInitializer.credsPath }}"] - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - {{ end }} - name: {{ include "common.name" . }}-readiness command: - /app/ready.py @@ -59,7 +52,7 @@ spec: sleep 90; "{{ .Values.config.binDir }}/startODL.sh" env: - name: SDNC_AAF_ENABLED - value: "{{ .Values.global.aafEnabled}}" + value: "false" - name: SDNC_HOME value: "{{.Values.config.sdncHome}}" - name: ETC_DIR @@ -70,14 +63,9 @@ spec: - name: SDNRINIT value: "true" - name: SDNRDBURL - {{ if .Values.global.aafEnabled -}} - value: "https://{{ .Values.elasticsearch.service.name | default "sdnrdb"}}.{{.Release.Namespace}}:{{.Values.elasticsearch.service.port | default "9200"}}" - {{- else -}} value: "http://{{ .Values.elasticsearch.service.name | default "sdnrdb"}}.{{.Release.Namespace}}:{{.Values.elasticsearch.service.port | default "9200"}}" - {{- end }} - name: SDNRDBPARAMETER value: "-k" - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} resources: {{ include "common.resources" . | nindent 10 }} {{- if include "common.onServiceMesh" . }} - name: sdnrdb-service-mesh-wait-for-job-container @@ -117,7 +105,6 @@ spec: configMap: name: {{ include "common.fullname" . }}-properties defaultMode: 0644 -{{ include "common.certInitializer.volumes" . | nindent 6 }} restartPolicy: Never imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdnc/templates/service.yaml b/kubernetes/sdnc/templates/service.yaml index 1fe4ee3ded..3490dff9ab 100644 --- a/kubernetes/sdnc/templates/service.yaml +++ b/kubernetes/sdnc/templates/service.yaml @@ -38,17 +38,14 @@ metadata: } ]' spec: - type: NodePort + type: {{ if (include "common.ingressEnabled" .) }}ClusterIP{{ else }}NodePort{{ end }} ports: - name: "{{ .Values.service.portName }}-restconf" - {{ if not .Values.global.aafEnabled }} port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - {{- else -}} - port: {{ .Values.service.externalPort4 }} - targetPort: {{ .Values.service.internalPort4 }} - {{ end }} + {{ if not (include "common.ingressEnabled" .) }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }} + {{ end }} {{ if .Values.config.sdnr.enabled }} sessionAffinity: ClientIP {{ end }} @@ -111,15 +108,13 @@ metadata: statefulset.kubernetes.io/pod-name: {{ include "common.fullname" . }}-0 spec: ports: - - name: {{ .Values.service.portName }}-0-port-{{ .Values.service.internalPort4 }} - port: {{ .Values.service.clusterPort2 }} - targetPort: {{ .Values.service.internalPort4 }} - nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.geoNodePort4 }} - name: {{ .Values.service.portName }}-0-port-{{ .Values.service.internalPort }} port: {{ .Values.service.clusterPort3 }} targetPort: {{ .Values.service.internalPort }} + {{ if not (include "common.ingressEnabled" .) }} nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.geoNodePort1 }} - type: NodePort + {{ end }} + type: {{ if (include "common.ingressEnabled" .) }}ClusterIP{{ else }}NodePort{{ end }} selector: statefulset.kubernetes.io/pod-name: {{ include "common.fullname" . }}-0 {{ end }} @@ -134,15 +129,13 @@ metadata: statefulset.kubernetes.io/pod-name: {{ include "common.fullname" . }}-1 spec: ports: - - name: {{ .Values.service.portName }}-1-port-{{ .Values.service.internalPort4 }} - port: {{ .Values.service.clusterPort2 }} - targetPort: {{ .Values.service.internalPort4 }} - nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.geoNodePort5 }} - name: {{ .Values.service.portName }}-1-port-{{ .Values.service.internalPort }} port: {{ .Values.service.clusterPort3 }} targetPort: {{ .Values.service.internalPort }} + {{ if not (include "common.ingressEnabled" .) }} nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.geoNodePort2 }} - type: NodePort + {{ end }} + type: {{ if (include "common.ingressEnabled" .) }}ClusterIP{{ else }}NodePort{{ end }} selector: statefulset.kubernetes.io/pod-name: {{ include "common.fullname" . }}-1 {{ end }} @@ -157,15 +150,13 @@ metadata: statefulset.kubernetes.io/pod-name: {{ include "common.fullname" . }}-2 spec: ports: - - name: {{ .Values.service.portName }}-2-port-{{ .Values.service.internalPort4 }} - port: {{ .Values.service.clusterPort2 }} - targetPort: {{ .Values.service.internalPort4 }} - nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.geoNodePort6 }} - name: {{ .Values.service.portName }}-2-port-{{ .Values.service.internalPort }} port: {{ .Values.service.clusterPort3 }} targetPort: {{ .Values.service.internalPort }} + {{ if not (include "common.ingressEnabled" .) }} nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.geoNodePort3 }} - type: NodePort + {{ end }} + type: {{ if (include "common.ingressEnabled" .) }}ClusterIP{{ else }}NodePort{{ end }} selector: statefulset.kubernetes.io/pod-name: {{ include "common.fullname" . }}-2 {{ end }} @@ -183,13 +174,15 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} spec: - type: NodePort + type: {{ if (include "common.ingressEnabled" .) }}ClusterIP{{ else }}NodePort{{ end }} ports: - name: "{{ .Values.service.portName }}-callhome" port: {{ .Values.service.callHomePort }} targetPort: {{ .Values.service.callHomePort }} + {{ if not (include "common.ingressEnabled" .) }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.callHomeNodePort }} + {{ end }} selector: app.kubernetes.io/name: {{ include "common.name" . }} app.kubernetes.io/instance: {{ include "common.release" . }} -{{ end }} +{{ end }} \ No newline at end of file diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml index d252c9a3fb..8a844f4e9d 100644 --- a/kubernetes/sdnc/templates/statefulset.yaml +++ b/kubernetes/sdnc/templates/statefulset.yaml @@ -20,13 +20,10 @@ apiVersion: apps/v1 kind: StatefulSet metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - serviceName: {{ include "common.servicename" . }}-cluster - replicas: {{ .Values.replicaCount }} selector: {{- include "common.selectors" . | nindent 4 }} + serviceName: {{ include "common.servicename" . }}-cluster podManagementPolicy: Parallel + replicas: {{ .Values.replicaCount }} template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: @@ -116,7 +113,6 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oauth-token-secret" "key" "password") | indent 10 }} - name: KEYCLOAK_SECRET {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keycloak-secret" "key" "password") | indent 10 }} - - name: ENABLE_ODLUX_RBAC value: "{{ .Values.config.sdnr.oauth.odluxRbac.enabled | default "true" }}" {{ end }} @@ -152,8 +148,7 @@ spec: image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness - {{ end -}} -{{ include "common.certInitializer.initContainer" . | indent 6 }} + {{ end }} - name: {{ include "common.name" . }}-chown image: {{ include "repositoryGenerator.image.busybox" . }} command: @@ -165,11 +160,7 @@ spec: mkdir {{ .Values.persistence.mdsalPath }}/snapshots mkdir {{ .Values.persistence.mdsalPath }}/daexim chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.persistence.mdsalPath }} -{{- if .Values.global.aafEnabled }} - chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certInitializer.credsPath }} -{{- end }} volumeMounts: -{{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: {{ .Values.persistence.mdsalPath }} name: {{ include "common.fullname" . }}-data containers: @@ -268,7 +259,7 @@ spec: - name: GEO_ENABLED value: "{{ .Values.config.geoEnabled}}" - name: SDNC_AAF_ENABLED - value: "{{ .Values.global.aafEnabled}}" + value: "false" - name: SDNC_REPLICAS value: "{{ .Values.replicaCount }}" - name: MYSQL_HOST @@ -298,8 +289,7 @@ spec: - name: SDNRONLY value: "{{ .Values.config.sdnr.sdnronly | default "false" }}" - name: SDNRDBURL - {{- $prefix := ternary "https" "http" .Values.global.aafEnabled}} - value: "{{$prefix}}://{{ .Values.elasticsearch.service.name | default "sdnrdb"}}.{{.Release.Namespace}}:{{.Values.elasticsearch.service.port | default "9200"}}" + value: "http://{{ .Values.elasticsearch.service.name | default "sdnrdb"}}.{{.Release.Namespace}}:{{.Values.elasticsearch.service.port | default "9200"}}" {{- if .Values.config.sdnr.sdnrdbTrustAllCerts }} - name: SDNRDBTRUSTALLCERTS value: "true" @@ -334,7 +324,6 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ves-collector-secret" "key" "password") | indent 12 }} volumeMounts: -{{ include "common.certInitializer.volumeMount" . | indent 10 }} {{- if .Values.global.cmpv2Enabled }} {{ include "common.certManager.volumeMounts" . | indent 10 }} {{- end }} @@ -441,7 +430,6 @@ spec: - name: {{ include "common.fullname" . }}-data emptyDir: {} {{ else }} -{{ include "common.certInitializer.volumes" . | nindent 8 }} {{- if .Values.global.cmpv2Enabled }} {{ include "common.certManager.volumes" . | nindent 8 }} {{- end }} -- cgit 1.2.3-korg