From 5d1eaf5a34ee222388e3b9a187b3552904708ff6 Mon Sep 17 00:00:00 2001 From: Michael Hwang Date: Fri, 19 Jul 2019 09:52:24 -0400 Subject: Update inventory and sch charts * Switch inventory to serve over https * Have SCH use https when making calls to inventory Issue-ID: DCAEGEN2-913 Issue-ID: DCAEGEN2-1597 Signed-off-by: Michael Hwang Change-Id: Id2dc3b2d6f58d1cbfa56f7eeb32e9b3ddba8b16d --- .../resources/config/config.json | 11 ++++++++- .../dcae-inventory-api/templates/deployment.yaml | 18 ++++++++++++++ .../charts/dcae-inventory-api/values.yaml | 5 +++- .../resources/config/config.json | 2 +- .../templates/deployment.yaml | 28 +++++++++++++++++----- .../charts/dcae-servicechange-handler/values.yaml | 4 +++- 6 files changed, 58 insertions(+), 10 deletions(-) (limited to 'kubernetes') diff --git a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/resources/config/config.json b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/resources/config/config.json index a8329f674b..c8c7dd79f1 100644 --- a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/resources/config/config.json +++ b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/resources/config/config.json @@ -30,5 +30,14 @@ "gzipEnabledForRequests": false, "timeout": "5000milliseconds", "connectionTimeout": "5000milliseconds" + }, + "server": { + "applicationConnectors": [{ + "type": "https", + "port": 8080, + "keyStorePath": "/opt/cert/cert.jks", + "keyStorePassword": "hD:!w:CxF]lGvM6Mz9l^j[7U", + "keyStoreType": "JKS" + }] } - } \ No newline at end of file + } diff --git a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/templates/deployment.yaml b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/templates/deployment.yaml index e3e4aaf5cd..28eeae23a1 100644 --- a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/templates/deployment.yaml +++ b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/templates/deployment.yaml @@ -50,6 +50,19 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + - name: init-tls + env: + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: {} + volumeMounts: + - mountPath: /opt/tls/shared + name: tls-info containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -79,12 +92,15 @@ spec: httpGet: path: {{ .Values.readiness.path }} port: {{ .Values.service.internalPort }} + scheme: {{ .Values.readiness.scheme }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: - name: {{ include "common.fullname" . }}-inv-config mountPath: /opt/config.json subPath: config.json + - mountPath: /opt/cert/ + name: tls-info env: - name: CONSUL_HOST value: consul.{{ include "common.namespace" . }} @@ -92,5 +108,7 @@ spec: - name: {{ include "common.fullname" . }}-inv-config configMap: name: {{ include "common.fullname" . }}-configmap + - emptyDir: {} + name: tls-info imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/values.yaml b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/values.yaml index f12040210b..8e4430c37e 100644 --- a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/values.yaml +++ b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/charts/dcae-inventory-api/values.yaml @@ -24,6 +24,8 @@ global: readinessImage: readiness-check:2.0.0 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + tlsRepository: nexus3.onap.org:10001 + tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3 repositoryCred: user: docker password: docker @@ -42,7 +44,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.inventory-api:3.2.0 +image: onap/org.onap.dcaegen2.platform.inventory-api:3.4.0 pullPolicy: Always @@ -59,6 +61,7 @@ readiness: initialDelaySeconds: 30 periodSeconds: 30 path: /dcae-service-types + scheme: HTTPS service: type: ClusterIP diff --git a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/resources/config/config.json b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/resources/config/config.json index 7ddc800817..4578d4c4ee 100644 --- a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/resources/config/config.json +++ b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/resources/config/config.json @@ -17,6 +17,6 @@ "isFilterInEmptyResources": false }, "dcaeInventoryClient": { - "uri": "http://inventory:8080" + "uri": "https://inventory:8080" } } diff --git a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/templates/deployment.yaml b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/templates/deployment.yaml index 44ebc42412..d948d3425b 100644 --- a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/templates/deployment.yaml +++ b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/templates/deployment.yaml @@ -54,16 +54,23 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + - name: init-tls + env: + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: {} + volumeMounts: + - mountPath: /opt/tls/shared + name: tls-info containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["java"] - args: - - "-jar" - - "/opt/servicechange-handler.jar" - - "prod" - - "/opt/config.json" resources: {{ include "common.resources" . | indent 12 }} # disable liveness probe when breakpoints set in debugger @@ -84,12 +91,21 @@ spec: - name: {{ include "common.fullname" . }}-sch-config mountPath: /opt/config.json subPath: config.json + # NOTE: This is tied to the PATH_TO_CACERT env variable + - mountPath: /opt/cert/ + name: tls-info env: - name: CONSUL_HOST value: consul.{{ include "common.namespace" . }} + - name: PATH_TO_CACERT + value: "/opt/cert/cacert.pem" + - name: SCH_ARGS + value: "prod /opt/config.json" volumes: - name: {{ include "common.fullname" . }}-sch-config configMap: name: {{ include "common.fullname" . }}-configmap + - emptyDir: {} + name: tls-info imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/values.yaml b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/values.yaml index 6e03f52713..5297e22b7a 100644 --- a/kubernetes/dcaegen2/charts/dcae-servicechange-handler/values.yaml +++ b/kubernetes/dcaegen2/charts/dcae-servicechange-handler/values.yaml @@ -24,6 +24,8 @@ global: readinessImage: readiness-check:2.0.0 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + tlsRepository: nexus3.onap.org:10001 + tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3 repositoryCred: user: docker password: docker @@ -40,7 +42,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.servicechange-handler:1.2.0 +image: onap/org.onap.dcaegen2.platform.servicechange-handler:1.3.0 pullPolicy: Always -- cgit 1.2.3-korg