From 0fcefb64c2bd0be21f0d20b1d6fa6a4600a51a37 Mon Sep 17 00:00:00 2001 From: Andreas Geissler Date: Mon, 20 Feb 2023 12:00:42 +0100 Subject: [OOF] Make OOF ServiceMesh compatible Update the OSDF image version to 3.0.8 and remove the AAF related configuration options Issue-ID: OOM-2990 Signed-off-by: Andreas Geissler Change-Id: Ib2b5085fa51eacb5ddc0e62dc29c2df9838c9c74 --- kubernetes/oof/Chart.yaml | 6 +- kubernetes/oof/components/oof-has/Chart.yaml | 4 - .../oof-has/components/oof-has-api/Chart.yaml | 7 +- .../oof-has-api/templates/deployment.yaml | 83 +------------- .../components/oof-has-api/templates/service.yaml | 28 +---- .../oof-has/components/oof-has-api/values.yaml | 35 ++---- .../components/oof-has-controller/Chart.yaml | 3 + .../oof-has-controller/templates/deployment.yaml | 66 +---------- .../components/oof-has-controller/values.yaml | 9 +- .../oof-has/components/oof-has-data/Chart.yaml | 3 + .../oof-has-data/templates/deployment.yaml | 75 +------------ .../oof-has/components/oof-has-data/values.yaml | 9 +- .../components/oof-has-reservation/Chart.yaml | 3 + .../oof-has-reservation/templates/deployment.yaml | 63 +---------- .../components/oof-has-reservation/values.yaml | 9 +- .../oof-has/components/oof-has-solver/Chart.yaml | 3 + .../oof-has-solver/templates/deployment.yaml | 63 +---------- .../oof-has/components/oof-has-solver/values.yaml | 9 +- .../oof-has/resources/config/aai_cert.cer | 25 ----- .../oof-has/resources/config/aai_key.key | 30 ----- .../components/oof-has/resources/config/bundle.pem | 26 ----- .../oof-has/resources/config/conductor.conf | 122 ++------------------- .../components/oof-has/resources/config/nginx.conf | 9 -- kubernetes/oof/components/oof-has/values.yaml | 27 +---- .../oof-templates/templates/_certificate.tpl | 11 -- .../oof/resources/config/certs/aaf_root_ca.cer | 31 ------ .../config/certs/intermediate_root_ca.pem | 27 ----- .../oof/resources/config/conf/common_config.yaml | 2 - .../oof/resources/config/conf/osdf_config.yaml | 25 ++--- kubernetes/oof/templates/deployment.yaml | 70 +----------- kubernetes/oof/templates/ingress.yaml | 18 +++ kubernetes/oof/templates/service.yaml | 28 +---- kubernetes/oof/values.yaml | 55 +++------- 33 files changed, 134 insertions(+), 850 deletions(-) delete mode 100755 kubernetes/oof/components/oof-has/resources/config/aai_cert.cer delete mode 100755 kubernetes/oof/components/oof-has/resources/config/aai_key.key delete mode 100755 kubernetes/oof/components/oof-has/resources/config/bundle.pem delete mode 100644 kubernetes/oof/components/oof-templates/templates/_certificate.tpl delete mode 100755 kubernetes/oof/resources/config/certs/aaf_root_ca.cer delete mode 100644 kubernetes/oof/resources/config/certs/intermediate_root_ca.pem (limited to 'kubernetes') diff --git a/kubernetes/oof/Chart.yaml b/kubernetes/oof/Chart.yaml index 3d5441dd4c..fabc2e55e7 100755 --- a/kubernetes/oof/Chart.yaml +++ b/kubernetes/oof/Chart.yaml @@ -24,9 +24,6 @@ dependencies: - name: common version: ~12.x-0 repository: '@local' - - name: certInitializer - version: ~12.x-0 - repository: '@local' - name: oof-has version: ~12.x-0 repository: 'file://components/oof-has' @@ -40,3 +37,6 @@ dependencies: - name: serviceAccount version: ~12.x-0 repository: '@local' + - name: readinessCheck + version: ~12.x-0 + repository: '@local' diff --git a/kubernetes/oof/components/oof-has/Chart.yaml b/kubernetes/oof/components/oof-has/Chart.yaml index 0b3a324c9a..8fd5dbd2ad 100755 --- a/kubernetes/oof/components/oof-has/Chart.yaml +++ b/kubernetes/oof/components/oof-has/Chart.yaml @@ -24,10 +24,6 @@ dependencies: - name: common version: ~12.x-0 repository: '@local' - - name: music - version: ~12.x-0 - repository: '@local' - condition: music.enabled - name: etcd version: ~12.x-0 repository: '@local' diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/Chart.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/Chart.yaml index 39d3f0c89f..a7a1d1f172 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-api/Chart.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/Chart.yaml @@ -24,9 +24,6 @@ dependencies: - name: common version: ~12.x-0 repository: '@local' - - name: certInitializer - version: ~12.x-0 - repository: '@local' - name: oof-templates version: ~12.x-0 repository: 'file://../../../oof-templates' @@ -36,3 +33,7 @@ dependencies: - name: serviceAccount version: ~12.x-0 repository: '@local' + - name: readinessCheck + version: ~12.x-0 + repository: '@local' + diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml index 4e38c830f0..10793cafc6 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml @@ -18,67 +18,15 @@ apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - selector: - matchLabels: - app: {{ include "common.name" . }} + selector: {{- include "common.selectors" . | nindent 4 }} replicas: {{ .Values.replicaCount }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - - name: {{ include "common.name" . }}-readiness - command: - - /app/ready.py - args: - - --container-name - - oof-has-controller - {{- if (include "common.needTLS" .) }} - - --container-name - - aaf-service - {{- end }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - {{- if (include "common.needTLS" .) }} - - name: {{ include "common.name" . }}-has-sms-readiness - command: - - sh - - -c - - resp="FAILURE"; - until [ $resp = "200" ]; do - resp=$(curl -s -o /dev/null -k --write-out %{http_code} https://aaf-sms.{{ include "common.namespace" . }}:10443/v1/sms/domain/has/secret); - echo $resp; - sleep 2; - done - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.curl" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - {{- end }} -{{ include "common.certInitializer.initContainer" . | indent 6 }} - + {{ include "common.readinessCheck.waitFor" . | nindent 6 }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }} @@ -112,11 +60,6 @@ spec: - mountPath: /usr/local/bin/log.conf name: {{ .Values.global.commonConfigPrefix }}-config subPath: log.conf - {{- if (include "common.needTLS" .) }} - - mountPath: /usr/local/bin/AAF_RootCA.cer - name: {{ include "common.fullname" . }}-onap-certs - subPath: aaf_root_ca.cer - {{- end }} resources: {{ include "common.resources" . | indent 12 }} - name: {{ include "common.name" . }}-nginx @@ -127,13 +70,10 @@ spec: args: - "-c" - | - {{- if (include "common.needTLS" .) }} - grep -v '^$' /opt/bitnami/nginx/ssl/local/org.onap.oof.crt > /tmp/oof.crt - cat /tmp/oof.crt /tmp/intermediate_root_ca.pem /tmp/AAF_RootCA.cer >> /opt/bitnami/nginx/org.onap.oof.crt - {{- end }} /opt/bitnami/scripts/nginx/entrypoint.sh /opt/bitnami/scripts/nginx/run.sh ports: - containerPort: {{ .Values.service.internalPort }} + name: http {{- if .Values.liveness.enabled }} livenessProbe: tcpSocket: @@ -147,21 +87,12 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: -{{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true - mountPath: /opt/bitnami/nginx/conf/nginx.conf name: {{ .Values.global.commonConfigPrefix }}-config subPath: nginx.conf - {{- if (include "common.needTLS" .) }} - - mountPath: /tmp/AAF_RootCA.cer - name: {{ include "common.fullname" . }}-onap-certs - subPath: aaf_root_ca.cer - - mountPath: /tmp/intermediate_root_ca.pem - name: {{ include "common.fullname" . }}-onap-certs - subPath: intermediate_root_ca.pem - {{- end }} resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -174,7 +105,6 @@ spec: {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime hostPath: path: /etc/localtime @@ -188,8 +118,5 @@ spec: path: conductor.conf - key: log.conf path: log.conf -{{- if (include "common.needTLS" .) }} -{{ include "oof.certificate.volume" . | indent 8 }} -{{- end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/service.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/service.yaml index f13e7cea9b..b77b592c08 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/service.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/service.yaml @@ -1,6 +1,7 @@ {{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T,VMware +# Modifications Copyright © 2023 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,29 +16,4 @@ # limitations under the License. */}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} +{{ include "common.service" . }} diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml index c850cb7752..8b2ebdd23c 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml @@ -22,10 +22,6 @@ global: # global defaults # secrets metaconfig ################################################################# secrets: - - uid: oof-onap-certs - externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' - type: generic - filePaths: '{{ .Values.secretsFilePaths }}' - uid: oof-has-etcd-secret name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret' type: basicAuth @@ -42,16 +38,15 @@ config: service: type: NodePort name: oof-has-api - externalPort: 8091 internalPort: 8091 - nodePort: 75 - portName: http + ports: + - name: http + port: 8091 + nodePort: '75' #backend container info uwsgi: internalPort: 8080 -ingress: - enabled: false replicaCount: 1 nodeSelector: {} affinity: {} @@ -85,24 +80,6 @@ readiness: initialDelaySeconds: 10 periodSeconds: 10 -#sub-charts configuration -certInitializer: - nameOverride: oof-has-cert-initializer - fqdn: "oof.onap" - app_ns: "org.osaaf.aaf" - fqi: "oof@oof.onap.org" - fqi_namespace: org.onap.oof - public_fqdn: "oof.onap.org" - aafDeployFqi: "deployer@people.osaaf.org" - aafDeployPass: demo123456! - cadi_latitude: "0.0" - cadi_longitude: "0.0" - credsPath: /opt/app/osaaf/local - appMountPath: /opt/bitnami/nginx/ssl - aaf_add_config: > - chmod 444 {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key; - - ingress: enabled: false service: @@ -112,6 +89,10 @@ ingress: config: ssl: "redirect" +readinessCheck: + wait_for: + - oof-has-controller + #Pods Service Account serviceAccount: nameOverride: oof-has-api diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/Chart.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/Chart.yaml index 9713d7a497..cfa4c5e37b 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-controller/Chart.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/Chart.yaml @@ -33,3 +33,6 @@ dependencies: - name: serviceAccount version: ~12.x-0 repository: '@local' + - name: readinessCheck + version: ~12.x-0 + repository: '@local' diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml index 92be670db6..ba7d462f6c 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml @@ -17,65 +17,15 @@ apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - selector: - matchLabels: - app: {{ include "common.name" . }} + selector: {{- include "common.selectors" . | nindent 4 }} replicas: {{ .Values.replicaCount }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - - name: {{ include "common.name" . }}-readiness - command: - - /app/ready.py - args: - - --job-name - - {{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job - {{- if (include "common.needTLS" .) }} - - --container-name - - aaf-sms - {{- end }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - {{- if (include "common.needTLS" .) }} - - name: {{ include "common.name" . }}-cont-sms-readiness - command: - - sh - - -c - - resp="FAILURE"; - until [ $resp = "200" ]; do - resp=$(curl -s -o /dev/null -k --write-out %{http_code} https://aaf-sms.{{ include "common.namespace" . }}:10443/v1/sms/domain/has/secret); - echo $resp; - sleep 2; - done - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.curl" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - {{- end }} + {{ include "common.readinessCheck.waitFor" . | nindent 6 }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }} @@ -117,11 +67,6 @@ spec: - mountPath: /usr/local/bin/healthy.sh name: {{ .Values.global.commonConfigPrefix }}-config subPath: healthy.sh - {{- if (include "common.needTLS" .) }} - - mountPath: /usr/local/bin/AAF_RootCA.cer - name: {{ include "common.fullname" . }}-onap-certs - subPath: aaf_root_ca.cer - {{- end }} resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -147,8 +92,5 @@ spec: path: log.conf - key: healthy.sh path: healthy.sh -{{- if (include "common.needTLS" .) }} -{{ include "oof.certificate.volume" . | indent 8 }} -{{- end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml index d6da75fd18..c72dc6c516 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml @@ -20,10 +20,6 @@ global: # Secrets metaconfig ################################################################# secrets: - - uid: oof-onap-certs - externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' - type: generic - filePaths: '{{ .Values.secretsFilePaths }}' - uid: oof-has-etcd-secret name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret' type: basicAuth @@ -72,6 +68,11 @@ readiness: initialDelaySeconds: 10 periodSeconds: 10 +readinessCheck: + wait_for: + jobs: + - '{{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job' + #Pods Service Account serviceAccount: nameOverride: oof-has-controller diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/Chart.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/Chart.yaml index 725545159c..0b0b6e7abe 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-data/Chart.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-data/Chart.yaml @@ -33,3 +33,6 @@ dependencies: - name: serviceAccount version: ~12.x-0 repository: '@local' + - name: readinessCheck + version: ~12.x-0 + repository: '@local' diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml index 72ecd7db2d..6319c99b25 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml @@ -17,62 +17,15 @@ apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - selector: - matchLabels: - app: {{ include "common.name" . }} + selector: {{- include "common.selectors" . | nindent 4 }} replicas: {{ .Values.replicaCount }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - - name: {{ include "common.name" . }}-readiness - command: - - /app/ready.py - args: - - --job-name - - {{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - {{- if (include "common.needTLS" .) }} - - name: {{ include "common.name" . }}-data-sms-readiness - command: - - sh - - -c - - resp="FAILURE"; - until [ $resp = "200" ]; do - resp=$(curl -s -o /dev/null -k --write-out %{http_code} https://aaf-sms.{{ include "common.namespace" . }}:10443/v1/sms/domain/has/secret); - echo $resp; - sleep 2; - done - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.curl" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - {{- end }} - + {{ include "common.readinessCheck.waitFor" . | nindent 6 }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }} @@ -114,17 +67,6 @@ spec: - mountPath: /usr/local/bin/healthy.sh name: {{ .Values.global.commonConfigPrefix }}-config subPath: healthy.sh - {{- if (include "common.needTLS" .) }} - - mountPath: /usr/local/bin/aai_cert.cer - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: aai_cert.cer - - mountPath: /usr/local/bin/aai_key.key - name: {{ .Values.global.commonConfigPrefix }}-config - subPath: aai_key.key - - mountPath: /usr/local/bin/AAF_RootCA.cer - name: {{ include "common.fullname" . }}-onap-certs - subPath: aaf_root_ca.cer - {{- end }} resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -150,14 +92,5 @@ spec: path: log.conf - key: healthy.sh path: healthy.sh - {{- if (include "common.needTLS" .) }} - - key: aai_cert.cer - path: aai_cert.cer - - key: aai_key.key - path: aai_key.key - {{- end }} -{{- if (include "common.needTLS" .) }} -{{ include "oof.certificate.volume" . | indent 8 }} -{{- end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml index 93a335d29d..166b1a4099 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml @@ -20,10 +20,6 @@ global: # secrets metaconfig ################################################################# secrets: - - uid: oof-onap-certs - externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' - type: generic - filePaths: '{{ .Values.secretsFilePaths }}' - uid: oof-has-etcd-secret name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret' type: basicAuth @@ -72,6 +68,11 @@ readiness: initialDelaySeconds: 10 periodSeconds: 10 +readinessCheck: + wait_for: + jobs: + - '{{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job' + #Pods Service Account serviceAccount: nameOverride: oof-has-data diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/Chart.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/Chart.yaml index b8e5521b93..9f60691b5e 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/Chart.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/Chart.yaml @@ -33,3 +33,6 @@ dependencies: - name: serviceAccount version: ~12.x-0 repository: '@local' + - name: readinessCheck + version: ~12.x-0 + repository: '@local' diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml index b90a6f6e89..e7c5d7c9fa 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml @@ -17,62 +17,15 @@ apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - selector: - matchLabels: - app: {{ include "common.name" . }} + selector: {{- include "common.selectors" . | nindent 4 }} replicas: {{ .Values.replicaCount }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - - name: {{ include "common.name" . }}-readiness - command: - - /app/ready.py - args: - - --job-name - - {{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - {{- if (include "common.needTLS" .) }} - - name: {{ include "common.name" . }}-resrv-sms-readiness - command: - - sh - - -c - - resp="FAILURE"; - until [ $resp = "200" ]; do - resp=$(curl -s -o /dev/null -k --write-out %{http_code} https://aaf-sms.{{ include "common.namespace" .}}:10443/v1/sms/domain/has/secret); - echo $resp; - sleep 2; - done - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.curl" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - {{- end }} - + {{ include "common.readinessCheck.waitFor" . | nindent 6 }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }} @@ -114,11 +67,6 @@ spec: - mountPath: /usr/local/bin/healthy.sh name: {{ .Values.global.commonConfigPrefix }}-config subPath: healthy.sh - {{- if (include "common.needTLS" .) }} - - mountPath: /usr/local/bin/AAF_RootCA.cer - name: {{ include "common.fullname" . }}-onap-certs - subPath: aaf_root_ca.cer - {{- end }} resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -144,8 +92,5 @@ spec: path: log.conf - key: healthy.sh path: healthy.sh -{{- if (include "common.needTLS" .) }} -{{ include "oof.certificate.volume" . | indent 8 }} -{{- end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml index 651e832929..3b4b1e2fe6 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml @@ -20,10 +20,6 @@ global: # secrets metaconfig ################################################################# secrets: - - uid: oof-onap-certs - externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' - type: generic - filePaths: '{{ .Values.secretsFilePaths }}' - uid: oof-has-etcd-secret name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret' type: basicAuth @@ -72,6 +68,11 @@ readiness: initialDelaySeconds: 10 periodSeconds: 10 +readinessCheck: + wait_for: + jobs: + - '{{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job' + #Pods Service Account serviceAccount: nameOverride: oof-has-reservation diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/Chart.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/Chart.yaml index 9f5381be53..0262f41062 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-solver/Chart.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/Chart.yaml @@ -33,3 +33,6 @@ dependencies: - name: serviceAccount version: ~12.x-0 repository: '@local' + - name: readinessCheck + version: ~12.x-0 + repository: '@local' diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml index 4499d9806e..3cf0450c06 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml @@ -17,62 +17,15 @@ apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - selector: - matchLabels: - app: {{ include "common.name" . }} + selector: {{- include "common.selectors" . | nindent 4 }} replicas: {{ .Values.replicaCount }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - - name: {{ include "common.name" . }}-readiness - command: - - /app/ready.py - args: - - --job-name - - {{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - {{- if (include "common.needTLS" .) }} - - name: {{ include "common.name" . }}-solvr-sms-readiness - command: - - sh - - -c - - resp="FAILURE"; - until [ $resp = "200" ]; do - resp=$(curl -s -o /dev/null -k --write-out %{http_code} https://aaf-sms.{{ include "common.namespace" . }}:10443/v1/sms/domain/has/secret); - echo $resp; - sleep 2; - done - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.curl" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - {{- end }} - + {{ include "common.readinessCheck.waitFor" . | nindent 6 }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }} @@ -114,11 +67,6 @@ spec: - mountPath: /usr/local/bin/healthy.sh name: {{ .Values.global.commonConfigPrefix }}-config subPath: healthy.sh - {{- if (include "common.needTLS" .) }} - - mountPath: /usr/local/bin/AAF_RootCA.cer - name: {{ include "common.fullname" . }}-onap-certs - subPath: aaf_root_ca.cer - {{- end }} resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -144,8 +92,5 @@ spec: path: log.conf - key: healthy.sh path: healthy.sh -{{- if (include "common.needTLS" .) }} -{{ include "oof.certificate.volume" . | indent 8 }} -{{- end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml index 46ff033c82..0bce2bc1ce 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml @@ -20,10 +20,6 @@ global: # secrets metaconfig ################################################################# secrets: - - uid: oof-onap-certs - externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' - type: generic - filePaths: '{{ .Values.secretsFilePaths }}' - uid: oof-has-etcd-secret name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret' type: basicAuth @@ -72,6 +68,11 @@ readiness: initialDelaySeconds: 10 periodSeconds: 10 +readinessCheck: + wait_for: + jobs: + - '{{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job' + #Pods Service Account serviceAccount: nameOverride: oof-has-solver diff --git a/kubernetes/oof/components/oof-has/resources/config/aai_cert.cer b/kubernetes/oof/components/oof-has/resources/config/aai_cert.cer deleted file mode 100755 index 4c6eb916e6..0000000000 --- a/kubernetes/oof/components/oof-has/resources/config/aai_cert.cer +++ /dev/null @@ -1,25 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEKjCCAxKgAwIBAgIBHjANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJVUzEN -MAsGA1UECgwET05BUDEOMAwGA1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVk -aWF0ZUNBXzEwHhcNMTgwNDI1MTIxMzAxWhcNMTkwNDIwMTIxMzAxWjBtMQswCQYD -VQQGEwJVUzENMAsGA1UECgwET05BUDEZMBcGA1UECwwQb29mQG9vZi5vbmFwLm9y -ZzEOMAwGA1UECwwFT1NBQUYxJDAiBgNVBAMMG29vZi5hcGkuc2ltcGxlZGVtby5v -bmFwLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANGpQUtgLXG3 -dVikd/QC2Q24wzeTOeZzbx3PnidNYZT5K0sJ/TdnZF6O/4+9gXQ6AQS2Q8wfQ009 -MQAA5vhUaq5yZ2K+XAtEFGln1TxTFpGu3WDOwQ800Vw18Dk8WidrkzDJv489Bn1f -SSaPC0IaRB0K1d8BD63ZHgsuEY8lt31DX2wFWJcfN9mxNDzuLTZoLxtxKsedoZKH -rsOOILwXOhwuunfx40i6RQN/pFX6C2i8dtOA5OwUm9Q1RrZ2Tv1Uf4IURriH6bfZ -5n50yxTuL22TMYXsF/ohrdgwacuC0aV9ZSGhIZUJPyHVg7+QTBioHmoUJInVKuIx -kkC4lENbLYUCAwEAAaOB+jCB9zAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIG -wDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgU2VydmVyIENlcnRp -ZmljYXRlMB0GA1UdDgQWBBQwbU5oHU2iYHCoVz4hFCvBW59cdTBUBgNVHSMETTBL -gBQd5lldG54KOKRipsGF8/PP1vGX6qEwpC4wLDEOMAwGA1UECwwFT1NBQUYxDTAL -BgNVBAoMBE9OQVAxCzAJBgNVBAYTAlVTggEBMA4GA1UdDwEB/wQEAwIF4DAdBgNV -HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBADEa -0VuxoFIygeQTqlizpHNwfApPmlAVSKDTWuEu4rhJs8GT61EuWZQPygXEUHCYmGvJ -GMwEGGIDGiQqxMqlqng46gksNJbi1ktXr6Du18qW7gziUd84ve8KcecjZru1Sk1e -UJ/6WEQVE17CHKcnzQZsMDakgP+61VgKbk5NlkeF/Qh4L6/3jY7g+xoXqaId5RT9 -BetmH/cMsj33lxQTs0fcXTbAQd6BX5ug854OJ1mU4ngJnNBdmn9Ow1bB71ohf5Xv -OEYX8+khjgjlmM0u1hBRL4qViv3y2Gzhpm1M8cETMDj4g0zIJytzIYMxO8XvDPCF -YmVZHXJDLsCogSOmmh0= ------END CERTIFICATE----- \ No newline at end of file diff --git a/kubernetes/oof/components/oof-has/resources/config/aai_key.key b/kubernetes/oof/components/oof-has/resources/config/aai_key.key deleted file mode 100755 index 246ff6d8cb..0000000000 --- a/kubernetes/oof/components/oof-has/resources/config/aai_key.key +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIvxjZPeQVkRACAggA -MBQGCCqGSIb3DQMHBAhWqwQCjZFCrASCBMjWG5wsC1WFJISJ5odMHzYOWOKLpaDP -7a/dxnBrV6gId/DTmzoqtiBCmQRqhnUuYok98DNUFGjR9JqztNNOf5eslzqCugsh -zVwCvsJYKvxxJ4Q8tow3DKx28I6EmOvwudMsL9c30OxpEWdlWmyFimu5JDdDvWUH -S0fWKebQETZ7lptiRX2IXhC3Ye6Wu/DowDYc5L4Z/Q8nwncMB3n2ntMX10pBrura -15/R18AvG5cDwcasTXz5WKIB/K2onvJfW0so2M8jApu2DF4MpEIN9Z973uTNFXcL -dgHKWtIl2WO38coedaXUILgsxLSSU27TG4F+7QMGjiKXUSWjN9+TD+8zWye/9OIW -qfVtoh+n7lWtzC3Axo1OmPInCkFb+I7QaDsJgsUn+ZWap7FVJFrYiz20UTzYYgAK -OukCgKiJTHOhTT1k0km34ROPmqOk6mH7IkioUSTmoP362RpIVTbKv2e5GKzhYfkk -27W3RRG/qoZLUTU2AaAyoGZlzXDkBFw2g4vxnhcfHeXX6jyJyQWOOOeRJ5B6uc+Y -4XmKKJvq5pFlxUDmVCZLRzjwpvYPTQwTQQ9t7kEZFI8B7TMkDqv62YlXyoWNDwPq -yLvDwPDicx33AZor8N/eDgIOE+TXQ0vEyphf0c9OcgneeJmEtn7IskEahv32ruMQ -uFAAuIUmQfXPNMXu3MYIUItvZDm3RUk3YJDj9c8YtvxDlzLytHu5QYJ3v7rvo+mG -XKwmnZouaNRLw5Y7Mff07BuTPuttyNadacuJtUjvv8qVOIeuxQ7nku6yqKKLTeJr -8E4/tYyZ15FIo3hWi16h3zyZ9LiHhhe7d2XYSVMuzuD4jkIdHbdgiKsCJn9mI5PF -VpDF34w1Fjwv7Gu32MRMpJijAW10ENaP1O2izr9l8jwo+CLgi5qa6a2YTYAZooqt -UjTLfEIQKbwFbq5L9Eb1uRw1lRR9SxcxdNQdY+mtx0x2BSmXVUEcyi6OG/8Lzf/1 -9VoE5UPfhSE7ogfbL8eraFlQmKL8f3h3Jx/XDvvKC8YXxgooEhV0BsofXmLdF0BK -bhXR1/JptLz8CJjtlBWQkmqj+ONOHFA9/4YHMNn5T1PBLNzQCZSjQXrDKxowLDsI -ozUyZ080c2LrJCf6zj6+fB3LDvHYfJ6LnYASCHJlNS0NVmRPiYB/dmoqF/iyAEjp -cKUUrbhs6U95aPMo0pPSCuhLKiibCo3Vz/9dvGb7pr6aj/ehOjrtKtGlYukBqNkS -RQK2kkL8IO+iPWs3aCnEhfeS+wNBMAtI/TEw6As2zseyb3/SylHjek4s1gs9MPdw -c3o2ArwMzmP0sfFIjYz+AyQm+5i/LSnkNjG0OU9ekGXy7Z4HAcko2Dv8/SmOVapP -cf8c55RUDlYJh9Ltn0W5fuNA6dykV7f9s8BIrZcnzTN+lifNhNlEYYcmyZwlCcX4 -NBLoH+ENW+Q7+nuhGcf52j/XgTaPZ0Eec8ZJdK7FzVDN4DWKM4KHD7DgpkOR7TZl -IKGNtdvb3SaGG83YlJhRkkr0C2KvB0Mz2dkAhOKX3NkBr5fY62IvuMdqD7VDjGAw -h/GBn0k5+gpVP0Uh6yWEla3CjM9GnUuMVcwIUAYSeW2rFu4iapK0gBwguR91cM1N -MA8= ------END ENCRYPTED PRIVATE KEY----- diff --git a/kubernetes/oof/components/oof-has/resources/config/bundle.pem b/kubernetes/oof/components/oof-has/resources/config/bundle.pem deleted file mode 100755 index 60121e751b..0000000000 --- a/kubernetes/oof/components/oof-has/resources/config/bundle.pem +++ /dev/null @@ -1,26 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEVDCCAjygAwIBAgIBATANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB -RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwNDA1MTQxNTQwWhcN -MTgwNjA0MTQxNTQwWjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG -A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzEwggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCY3YPA/YQdz4kaZQzdRzWNjmn33WYAWZ8+ -EIz3PhkEzk7M1q9N7Icx2LvozMj4VH0yGz/HYlliHhw26ZRsjYMSR8zATsXl4oW9 -w9BrjuyvM3w8Ptxe8WbUFF9LJDGyXPeVvcXVo0iyh3QYPWC/AWmomN19MvBFN5vH -AvEG/7qtonViNfISW9Gr9LpXB0foCmUDBu/lV+SwRGajoCPqdZhZ6/L6/yqDvha2 -wsML/UZXlGhXAedt/xOKmT/dSXx/I0vWBVp6Tq4zu87yCvd+I6Tpa5HjttA2I5EV -zdHX+JYBPBBcVCyO9YQOYjJuoVDE4D5etY6dEipKG/KZF/rqAoqZAgMBAAGjZjBk -MB0GA1UdDgQWBBQd5lldG54KOKRipsGF8/PP1vGX6jAfBgNVHSMEGDAWgBRTVTPy -S+vQUbHBeJrBKDF77+rtSTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQE -AwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAmgeiitBDi/YEqFh2Cqp0VIEqw8hiuV87 -rADQWMK4hv5WXl3KJTjFAnWsYFUKrm6s1jNH16FyGExUQgwggob0Vt+MHiUs36jU -kyret/uE5qrjz+/J+i2XG6s1oKcDRVD/jU4qBygZWFBMuwl7sz8IEvaYXGM43s96 -Du3UF9E+V3aMppqkGWz6MnrTmANnWAlDAMeifcoexjrpxiKbp8f49HX1UzwFoeEg -RnVwNqgDWT66yGV6mbNl6FpE/U81RpCRY1ZJDeVTxbqIaG/UPV4hpQ+BEVBDF+cb -rGsvsNYYpWx5srIQ7WtGKIlaDFbfWPwnHDHegzr8ypAS3KNWULE+QXCbHWtB+b0Y -WhP/2F6Jjb+ByvJqQoE+nHEYBeUOZUUZC4IuQFNJ5Wy5P0CNXdheiWhdrBmG02Gy -KMi0FJx6BEoWM2xcdl6bn5j9mhF4TX7zgepNWlgTra4Z8Oz8iqbQk33/s2OKM4ic -6ZezUYhNp+MuUt4Se+ufNcGV65jnUKeROtWzNLwP+xwglEFlG8aNiAORthd7QJuT -Ey2cX7H7f38ENQ5YCriUk1nVLO9F66l/rNRzYZgQzRI3IvDW8vyM2TLW2mcZNsaf -qjFMcCDweV2FRb8eTbmWzzB2/xTVpGzVJqzwgE+U7UtJx5CZS3wPkvXuEgvcg1tY -m1r4NGYFvLM= ------END CERTIFICATE----- \ No newline at end of file diff --git a/kubernetes/oof/components/oof-has/resources/config/conductor.conf b/kubernetes/oof/components/oof-has/resources/config/conductor.conf index d650808036..511c0cd6de 100755 --- a/kubernetes/oof/components/oof-has/resources/config/conductor.conf +++ b/kubernetes/oof/components/oof-has/resources/config/conductor.conf @@ -159,13 +159,13 @@ appkey = "" # # is_aaf_enabled. (boolean value) -is_aaf_enabled = {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} +is_aaf_enabled = false # aaf_cache_expiry_hrs. (integer value) aaf_cache_expiry_hrs = 3 # aaf_url. (string value) -aaf_url = http{{ if (include "common.needTLS" .) }}s{{ end }}://{{.Values.config.aaf.serviceName}}:{{.Values.config.aaf.port}}/authz/perms/user/ +aaf_url = # aaf_cert_file. (string value) #aaf_cert_file = @@ -175,7 +175,7 @@ aaf_url = http{{ if (include "common.needTLS" .) }}s{{ end }}://{{.Values.config # aaf_ca_bundle_file. (string value) #aaf_ca_bundle_file = -aaf_ca_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }} +aaf_ca_bundle_file = # aaf_retries. (integer value) #aaf_retries = 3 @@ -194,11 +194,11 @@ aaf_ca_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_Roo # # is_enabled. (boolean value) -is_enabled = {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} +is_enabled = false # Base URL for SMS, up to and not including the version, and without a trailing # slash. (string value) -aaf_sms_url = http{{ if (include "common.needTLS" .) }}s{{ end }}://{{.Values.config.sms.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.sms.port}} +aaf_sms_url = # Timeout for SMS API Call (integer value) @@ -234,8 +234,7 @@ complex_cache_refresh_interval = 60 # Base URL for A&AI, up to and not including the version, and without a # trailing slash. (string value) -#server_url = https://{{.Values.config.aai.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.aai.port}}/aai -server_url = http{{ if (include "common.needTLS" .) }}s{{ end }}://{{.Values.config.aai.serviceName}}.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.aai.port .Values.config.aai.plainPort }}/aai +server_url = http://{{.Values.config.aai.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.aai.port}}/aai # Timeout for A&AI Rest Call (string value) #aai_rest_timeout = 30 @@ -256,7 +255,7 @@ certificate_key_file = # Certificate Authority Bundle file in pem format. Must contain the appropriate # trust chain for the Certificate file. (string value) #certificate_authority_bundle_file = certificate_authority_bundle.pem -certificate_authority_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }} +certificate_authority_bundle_file = # Username for AAI. (string value) username = OOF @@ -452,102 +451,6 @@ username = password = -[music_api] - -# -# From conductor -# - -# Base URL for Music REST API without a trailing slash. (string value) -#server_url = http://oof-has-music:8080/MUSIC/rest/v2 -server_url = https://{{.Values.config.music.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.music.port}}/MUSIC/rest/v2 -version = v2 - -# DEPRECATED: List of hostnames (round-robin access) (list value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Use server_url instead -#hostnames = - -# DEPRECATED: Port (integer value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Use server_url instead -#port = - -# DEPRECATED: Path (string value) -# This option is deprecated for removal. -# Its value may be silently ignored in the future. -# Reason: Use server_url instead -#path = - -# Socket connection timeout (floating point value) -#connect_timeout = 3.05 - -# Socket read timeout (floating point value) -#read_timeout = 12.05 - -# Lock timeout (integer value) -#lock_timeout = 10 - -# Replication factor (integer value) -#replication_factor = 1 -replication_factor = 1 - -# Use mock API (boolean value) -#mock = false - -# (string value) -#music_topology = SimpleStrategy - -# Name of the first data center (string value) -#first_datacenter_name = - -# Number of replicas in first data center (integer value) -#first_datacenter_replicas = - -# Name of the second data center (string value) -#second_datacenter_name = - -# Number of replicas in second data center (integer value) -#second_datacenter_replicas = - -# Name of the third data center (string value) -#third_datacenter_name = - -# Number of replicas in third data center (integer value) -#third_datacenter_replicas = - -# new or old version (boolean value) -#music_new_version = -music_new_version = True - -# for version (string value) -#music_version = -music_version = "3.2.40" - -# username value that used for creating basic authorization header (string -# value) -#aafuser = -aafuser = conductor - -# password value that used for creating basic authorization header (string -# value) -#aafpass = -aafpass = c0nduct0r - -# AAF namespace field used in MUSIC request header (string value) -#aafns = -aafns = conductor - -# Enabling HTTPs mode (boolean value) -enable_https_mode = True - -# Certificate Authority Bundle file in pem format. Must contain the appropriate -# trust chain for the Certificate file. (string value) -certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer - - [prometheus] # @@ -680,8 +583,7 @@ concurrent = true # Base URL for SDC, up to and not including the version, and without a # trailing slash. (string value) #server_url = https://controller:8443/sdc -#server_url = https://{{.Values.config.sdc.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.sdc.port}}/sdc -server_url = http{{ if (include "common.needTLS" .) }}s{{ end }}://{{.Values.config.sdc.serviceName}}.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.sdc.port .Values.config.sdc.plainPort }}/sdc +server_url = http://{{.Values.config.sdc.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.sdc.port}}/sdc # Timeout for SDC Rest Call (string value) #sdc_rest_timeout = 30 @@ -704,7 +606,7 @@ certificate_key_file = # Certificate Authority Bundle file in pem format. Must contain the appropriate # trust chain for the Certificate file. (string value) #certificate_authority_bundle_file = certificate_authority_bundle.pem -certificate_authority_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }} +certificate_authority_bundle_file = # Username for SDC. (string value) #username = @@ -749,7 +651,7 @@ certificate_key_file = # Certificate Authority Bundle file in pem format. Must contain the appropriate # trust chain for the Certificate file. (string value) #certificate_authority_bundle_file = certificate_authority_bundle.pem -certificate_authority_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }} +certificate_authority_bundle_file = # Username for CPS. (string value) #username = @@ -770,7 +672,7 @@ get_ta_list_url = "/api/v1/execute/ran-coverage-area/get_ta_list" # Base URL for DCAE, up to and not including the version, and without a # trailing slash. (string value) -server_url = http://{{.Values.config.dcae.service}}.{{ include "common.namespace" . }}:{{.Values.config.dcae.port}} +server_url = http://{{.Values.config.dcae.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.dcae.port}} # Timeout for DCAE Rest Call (string value) #dcae_rest_timeout = 30 @@ -793,7 +695,7 @@ certificate_key_file = # Certificate Authority Bundle file in pem format. Must contain the appropriate # trust chain for the Certificate file. (string value) #certificate_authority_bundle_file = certificate_authority_bundle.pem -certificate_authority_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }} +certificate_authority_bundle_file = # Username for DCAE. (string value) #username = diff --git a/kubernetes/oof/components/oof-has/resources/config/nginx.conf b/kubernetes/oof/components/oof-has/resources/config/nginx.conf index 9272e8581c..1c1094dacb 100644 --- a/kubernetes/oof/components/oof-has/resources/config/nginx.conf +++ b/kubernetes/oof/components/oof-has/resources/config/nginx.conf @@ -11,17 +11,8 @@ http { server { -{{ if (include "common.needTLS" .) }} - listen 8091 ssl; - server_name oof; - ssl_certificate /opt/bitnami/nginx/org.onap.oof.crt; - ssl_certificate_key /opt/bitnami/nginx/ssl/local/org.onap.oof.key; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; - ssl_ciphers HIGH:!aNULL:!MD5; -{{ else }} listen 8091; server_name oof; -{{ end }} location / { include /opt/bitnami/nginx/conf/uwsgi_params; diff --git a/kubernetes/oof/components/oof-has/values.yaml b/kubernetes/oof/components/oof-has/values.yaml index 0c5397c5a8..219e236fbf 100755 --- a/kubernetes/oof/components/oof-has/values.yaml +++ b/kubernetes/oof/components/oof-has/values.yaml @@ -27,11 +27,6 @@ global: # Secrets metaconfig ################################################################# secrets: - - uid: oof-onap-certs - name: &oof-certs '{{ include "common.release" . }}-oof-onap-certs' - externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' - type: generic - filePaths: '{{ .Values.secretsFilePaths }}' - uid: oof-has-etcd-root-password name: &root-password '{{ include "common.release" . }}-has-etcd-root-password' type: password @@ -50,31 +45,20 @@ nodePortPrefix: 302 dataRootDir: /dockerdata-nfs config: dbBackend: etcd - aaf: - serviceName: aaf-service - port: 8100 aai: serviceName: aai - port: 8443 - plainPort: 80 + port: 80 msb: serviceName: msb-iag port: 80 - music: - serviceName: music - port: 8443 - sms: - serviceName: aaf-sms - port: 10443 sdc: serviceName: sdc-be - port: 8443 - plainPort: 8080 + port: 8080 cps: - service: cps-tbdmt + serviceName: cps-tbdmt port: 8080 dcae: - service: dcae-slice-analysis-ms + serviceName: dcae-slice-analysis-ms port: 8080 etcd: serviceName: &etcd-service oof-has-etcd @@ -106,7 +90,6 @@ resources: #component overrides oof-has-api: &has-config enabled: true - certSecret: *oof-certs config: etcd: userCredentialsExternalSecret: *user-creds @@ -115,8 +98,6 @@ oof-has-controller: *has-config oof-has-data: *has-config oof-has-reservation: *has-config oof-has-solver: *has-config -music: - enabled: false #etcd subchart configurations etcd: diff --git a/kubernetes/oof/components/oof-templates/templates/_certificate.tpl b/kubernetes/oof/components/oof-templates/templates/_certificate.tpl deleted file mode 100644 index 4da128bcbb..0000000000 --- a/kubernetes/oof/components/oof-templates/templates/_certificate.tpl +++ /dev/null @@ -1,11 +0,0 @@ -{{- define "oof.certificate.volume" -}} -- name: {{ include "common.fullname" . }}-onap-certs - secret: - secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "oof-onap-certs") }} - items: - - key: aaf_root_ca.cer - path: aaf_root_ca.cer - - key: intermediate_root_ca.pem - path: intermediate_root_ca.pem -{{- end -}} - diff --git a/kubernetes/oof/resources/config/certs/aaf_root_ca.cer b/kubernetes/oof/resources/config/certs/aaf_root_ca.cer deleted file mode 100755 index e9a50d7ea0..0000000000 --- a/kubernetes/oof/resources/config/certs/aaf_root_ca.cer +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV -BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx -NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK -DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC -ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7 -XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn -H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM -pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7 -NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg -2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY -wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd -ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM -P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6 -aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY -PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G -A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ -UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN -BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz -L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9 -7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx -c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf -jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2 -RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h -PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF -CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+ -Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A -cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR -ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX -dYY= ------END CERTIFICATE----- diff --git a/kubernetes/oof/resources/config/certs/intermediate_root_ca.pem b/kubernetes/oof/resources/config/certs/intermediate_root_ca.pem deleted file mode 100644 index b67866d160..0000000000 --- a/kubernetes/oof/resources/config/certs/intermediate_root_ca.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB -RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN -MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG -A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL -neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d -o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3 -nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV -v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO -15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw -gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV -M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/ -BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B -AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q -ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl -u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+ -+pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/ -QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht -8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX -kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3 -aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky -uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w -tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep -BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k= ------END CERTIFICATE----- - diff --git a/kubernetes/oof/resources/config/conf/common_config.yaml b/kubernetes/oof/resources/config/conf/common_config.yaml index 5ee95c096d..394bece9d9 100644 --- a/kubernetes/oof/resources/config/conf/common_config.yaml +++ b/kubernetes/oof/resources/config/conf/common_config.yaml @@ -4,8 +4,6 @@ osdf_system: internal: 8699 # inside the Docker container, the app listens to this port external: 8698 # clients use this port on DockerHost osdf_ip_default: 0.0.0.0 -# # Important Note: At deployment time, we need to ensure the port mapping is done - ssl_context: {{ if (include "common.needTLS" .) }}['/opt/osdf/org.onap.oof.crt', '/opt/osdf/osaaf/local/org.onap.oof.key']{{ end }} osdf_temp: # special configuration required for "workarounds" or testing local_policies: diff --git a/kubernetes/oof/resources/config/conf/osdf_config.yaml b/kubernetes/oof/resources/config/conf/osdf_config.yaml index ff62bb6b0a..818d4f340a 100755 --- a/kubernetes/oof/resources/config/conf/osdf_config.yaml +++ b/kubernetes/oof/resources/config/conf/osdf_config.yaml @@ -11,14 +11,14 @@ placementDefaultMinorVersion: {{ .Values.config.placementDefaultMinorVersion }} placementDefaultPatchVersion: {{ .Values.config.placementDefaultPatchVersion }} # Credentials for Conductor -conductorUrl: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.conductorUrl.https .Values.config.conductorUrl.http }} +conductorUrl: {{ .Values.config.conductorUrl.http }} conductorPingWaitTime: {{ .Values.config.conductorPingWaitTime }} conductorMaxRetries: {{ .Values.config.conductorMaxRetries }} # versions to be set in HTTP header conductorMinorVersion: {{ .Values.config.conductorMinorVersion }} # Policy Platform -- requires ClientAuth, Authorization, and Environment -policyPlatformUrl: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.policyPlatformUrl.https .Values.config.policyPlatformUrl.http }} +policyPlatformUrl: {{ .Values.config.policyPlatformUrl.http }} policyPlatformEnv: {{ .Values.config.policyPlatformEnv }} # Credentials for DMaaP @@ -29,19 +29,16 @@ messageReaderTopic: {{ .Values.config.messageReaderTopic }} sdcUrl: {{ .Values.config.sdcUrl }} sdcONAPInstanceID: {{ .Values.config.sdcONAPInstanceID }} -is_aaf_enabled: {{ .Values.config.is_aaf_enabled }} -aaf_cache_expiry_mins: {{ .Values.config.aaf_cache_expiry_mins }} -aaf_url: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.aaf_url.https .Values.config.aaf_url.http }} +is_aaf_enabled: False +aaf_cache_expiry_mins: 5 +aaf_url: aaf_user_roles: - {{- range .Values.config.aaf_user_roles }} - - {{ . }} - {{- end }} # Secret Management Service from AAF -aaf_sms_url: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.aaf_sms_url.https .Values.config.aaf_sms_url.http }}.{{ include "common.namespace" . }}:{{ .Values.config.aaf_sms_port }} -aaf_sms_timeout: {{ .Values.config.aaf_sms_timeout }} -secret_domain: {{ .Values.config.secret_domain }} -aaf_ca_certs: {{ .Values.config.aaf_ca_certs }} +aaf_sms_url: +aaf_sms_timeout: 30 +secret_domain: '' +aaf_ca_certs: '' configClientType: {{ .Values.config.configClientType }} @@ -56,7 +53,7 @@ cpsCellListUrl: {{ .Values.config.cps.cellListUrl }} cpsNbrListUrl: {{ .Values.config.cps.nbrListUrl }} # AAI api -aaiUrl: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.aaiUrl.https .Values.config.aaiUrl.http }} +aaiUrl: {{ .Values.config.aaiUrl.http }} aaiGetLinksUrl: {{ .Values.config.aaiGetLinksUrl }} aaiServiceInstanceUrl : {{ .Values.config.aaiServiceInstanceUrl }} aaiGetControllersUrl: {{ .Values.config.aaiGetControllersUrl }} @@ -65,7 +62,7 @@ aaiGetInterDomainLinksUrl: {{ .Values.config.aaiGetInterDomainLinksUrl }} dslQueryPath: /aai/v23/dsl?format= #DES api -desUrl: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.desUrl.https .Values.config.desUrl.http }} +desUrl: {{ .Values.config.desUrl.http }} desApiPath: {{ .Values.config.desApiPath }} desHeaders: Accept: application/json diff --git a/kubernetes/oof/templates/deployment.yaml b/kubernetes/oof/templates/deployment.yaml index 31884c06bb..2d07cc1f51 100644 --- a/kubernetes/oof/templates/deployment.yaml +++ b/kubernetes/oof/templates/deployment.yaml @@ -18,61 +18,15 @@ apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - selector: - matchLabels: - app: {{ include "common.name" . }} + selector: {{- include "common.selectors" . | nindent 4 }} replicas: {{ .Values.replicaCount }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - - command: - - /app/ready.py - args: - - --container-name - - policy-xacml-pdp - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - {{- if (include "common.needTLS" .) }} - - command: - - sh - - -c - - resp="FAILURE"; - until [ $resp = "200" ]; do - resp=$(curl -s -o /dev/null -k --write-out %{http_code} http{{ if (include "common.needTLS" .) }}s{{ end }}://aaf-sms.{{ include "common.namespace" . }}:10443/v1/sms/domain/osdf/secret); - echo $resp; - sleep 2; - done - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.curl" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-osdf-sms-readiness - {{- end }} -{{ include "common.certInitializer.initContainer" . | indent 6 }} + {{ include "common.readinessCheck.waitFor" . | nindent 6 }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} @@ -82,13 +36,10 @@ spec: args: - "-c" - | - {{- if (include "common.needTLS" .) }} - grep -v '^$' /opt/osdf/osaaf/local/org.onap.oof.crt > /tmp/oof.crt - cat /tmp/oof.crt /opt/app/ssl_cert/intermediate_root_ca.pem /opt/app/ssl_cert/aaf_root_ca.cer >> /opt/osdf/org.onap.oof.crt - {{ end }} python osdfapp.py ports: - containerPort: {{ .Values.service.internalPort }} + name: http # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{- if .Values.liveness.enabled }} @@ -105,21 +56,12 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} env: volumeMounts: -{{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true - mountPath: /opt/osdf/config/osdf_config.yaml name: {{ include "common.fullname" . }}-config subPath: osdf_config.yaml - {{- if (include "common.needTLS" .) }} - - mountPath: /opt/app/ssl_cert/aaf_root_ca.cer - name: {{ include "common.fullname" . }}-onap-certs - subPath: aaf_root_ca.cer - - mountPath: /opt/app/ssl_cert/intermediate_root_ca.pem - name: {{ include "common.fullname" . }}-onap-certs - subPath: intermediate_root_ca.pem - {{- end }} - mountPath: /opt/osdf/config/common_config.yaml name: {{ include "common.fullname" . }}-config subPath: common_config.yaml @@ -141,7 +83,6 @@ spec: {{- end }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime hostPath: path: /etc/localtime @@ -157,6 +98,5 @@ spec: path: log.yml - key: slicing_config.yaml path: slicing_config.yaml -{{ include "oof.certificate.volume" . | indent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/templates/ingress.yaml b/kubernetes/oof/templates/ingress.yaml index 8f87c68f1e..99c7f87970 100644 --- a/kubernetes/oof/templates/ingress.yaml +++ b/kubernetes/oof/templates/ingress.yaml @@ -1 +1,19 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T,VMware +# Modifications Copyright (C) 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + {{ include "common.ingress" . }} diff --git a/kubernetes/oof/templates/service.yaml b/kubernetes/oof/templates/service.yaml index b2da17a23f..418f89ac93 100644 --- a/kubernetes/oof/templates/service.yaml +++ b/kubernetes/oof/templates/service.yaml @@ -15,30 +15,4 @@ # limitations under the License. */}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.name }}{{ if (include "common.needTLS" .) }}s{{ end }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.name }}{{ if (include "common.needTLS" .) }}s{{ end }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} +{{ include "common.service" . }} \ No newline at end of file diff --git a/kubernetes/oof/values.yaml b/kubernetes/oof/values.yaml index f6867bd8bf..87202e16dd 100644 --- a/kubernetes/oof/values.yaml +++ b/kubernetes/oof/values.yaml @@ -19,23 +19,11 @@ global: nodePortPrefix: 302 persistence: {} -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: oof-onap-certs - name: &oof-certs '{{ include "common.release" . }}-oof-onap-certs' - externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' - type: generic - filePaths: - - resources/config/certs/intermediate_root_ca.pem - - resources/config/certs/aaf_root_ca.cer - ################################################################# # Application configuration defaults. ################################################################# # application image -image: onap/optf-osdf:3.0.7 +image: onap/optf-osdf:3.0.8 pullPolicy: Always # flag to enable debugging - application support required @@ -57,7 +45,6 @@ config: # Url and credentials for Conductor. conductorUrl: - https: https://oof-has-api:8091/v1/plans/ http: http://oof-has-api:8091/v1/plans/ conductorPingWaitTime: 10 conductorMaxRetries: 30 @@ -65,7 +52,6 @@ config: conductorMinorVersion: 0 # Url and credentials for the Policy Platform policyPlatformUrl: - https: https://policy-xacml-pdp:6969/policy/pdpx/v1/decision # Policy Dev platform URL http: http://policy-xacml-pdp:8080/policy/pdpx/v1/decision policyPlatformEnv: TEST # Environment for policy platform # Credentials for the message reader - A placeholder. @@ -74,28 +60,14 @@ config: # Credentials for the SDC interface - A placeholder. sdcUrl: NA sdcONAPInstanceID: NA - #AAF Authentication - is_aaf_enabled: False - aaf_cache_expiry_mins: 5 - aaf_url: - https: https://aaf-service:8100 - http: http://aaf-service:8080 - aaf_user_roles: - - '/placement:org.onap.oof.access|*|read ALL' - - '/pci:org.onap.oof.access|*|read ALL' - # Secret Management Service from AAF - aaf_sms_url: - https: https://aaf-sms - http: http://aaf-sms - aaf_sms_port: 10443 - aaf_sms_timeout: 30 - secret_domain: osdf - aaf_ca_certs: /opt/app/ssl_cert/aaf_root_ca.cer + configClientType: cps + # config db api configDbUrl: http://configdb:8080 configDbGetCellListUrl: 'api/sdnc-config-db/v3/getCellList' configDbGetNbrListUrl: 'api/sdnc-config-db/v3/getNbrList' + # cps api cps: url: cps-tbdmt:8080/execute @@ -104,8 +76,7 @@ config: #aai api aaiUrl: - https: https://aai:8443 - http: http://aai:8080 + http: http://aai:80 aaiGetLinksUrl: /aai/v16/network/logical-links aaiServiceInstanceUrl : /aai/v20/nodes/service-instances/service-instance/ aaiGetControllersUrl: /aai/v19/external-system/esr-thirdparty-sdnc-list @@ -113,7 +84,6 @@ config: aaiGetInterDomainLinksUrl: /aai/v19/network/logical-links?link-type=inter-domain&operational-status=up #des api desUrl: - https: https://des.url:9000 http: http://des.url:8080 desApiPath: /datalake/v1/exposure/ desUsername: '' @@ -133,14 +103,10 @@ certInitializer: fqi: "oof@oof.onap.org" fqi_namespace: org.onap.oof public_fqdn: "oof.onap.org" - aafDeployFqi: "deployer@people.osaaf.org" - aafDeployPass: demo123456! cadi_latitude: "0.0" cadi_longitude: "0.0" credsPath: /opt/app/osaaf/local appMountPath: /opt/osdf/osaaf - aaf_add_config: > - chmod 444 {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key; # Segregation for Different environment (Small and Large) resources: @@ -172,9 +138,11 @@ readiness: service: type: NodePort name: oof-osdf - externalPort: 8698 internalPort: 8699 - nodePort: 48 + ports: + - name: http + port: 8698 + nodePort: '48' ingress: enabled: false service: @@ -188,7 +156,10 @@ ingress: oof-has: enabled: true - certSecret: *oof-certs + +readinessCheck: + wait_for: + - policy-xacml-pdp #Pods Service Account serviceAccount: -- cgit 1.2.3-korg