From 93b32fa69f35af6a8751ce8ac9d2d8ec7740e283 Mon Sep 17 00:00:00 2001 From: Krzysztof Kuzmicki Date: Wed, 2 Mar 2022 12:23:04 +0100 Subject: [ROBOT] ADD CMPv2 test cases that use helm based components Add CMPv2 helm based test cases Signed-off-by: Krzysztof Kuzmicki Issue-ID: INT-1895 Change-Id: Ifbbf80452cd4b65e4b5df5586bfc72c1ecaac731 --- robot/assets/helm/ves-client/Chart.yaml | 37 +++++ robot/assets/helm/ves-client/resources/cert.p12 | 0 robot/assets/helm/ves-client/resources/p12.pass | 1 + robot/assets/helm/ves-client/resources/trust.jks | 0 .../helm/ves-client/resources/truststore.pass | 1 + .../assets/helm/ves-client/templates/_helpers.tpl | 175 +++++++++++++++++++++ .../helm/ves-client/templates/certificate.yaml | 28 ++++ .../helm/ves-client/templates/deployment.yaml | 21 +++ robot/assets/helm/ves-client/templates/secret.yaml | 7 + .../assets/helm/ves-client/templates/service.yaml | 15 ++ robot/assets/helm/ves-client/values.yaml | 133 ++++++++++++++++ 11 files changed, 418 insertions(+) create mode 100644 robot/assets/helm/ves-client/Chart.yaml create mode 100644 robot/assets/helm/ves-client/resources/cert.p12 create mode 100644 robot/assets/helm/ves-client/resources/p12.pass create mode 100644 robot/assets/helm/ves-client/resources/trust.jks create mode 100644 robot/assets/helm/ves-client/resources/truststore.pass create mode 100644 robot/assets/helm/ves-client/templates/_helpers.tpl create mode 100644 robot/assets/helm/ves-client/templates/certificate.yaml create mode 100644 robot/assets/helm/ves-client/templates/deployment.yaml create mode 100644 robot/assets/helm/ves-client/templates/secret.yaml create mode 100644 robot/assets/helm/ves-client/templates/service.yaml create mode 100644 robot/assets/helm/ves-client/values.yaml (limited to 'robot/assets/helm') diff --git a/robot/assets/helm/ves-client/Chart.yaml b/robot/assets/helm/ves-client/Chart.yaml new file mode 100644 index 00000000..14d36ba0 --- /dev/null +++ b/robot/assets/helm/ves-client/Chart.yaml @@ -0,0 +1,37 @@ +apiVersion: v2 +name: ves-client +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +appVersion: 1.0.1 +dependencies: + - name: mongodb + version: 10.x + repository: https://charts.bitnami.com/bitnami + condition: mongodb.enabled + - name: certInitializer + version: ~x.x-0 + repository: '@chart-museum' + - name: common + version: ~x.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@chart-museum' diff --git a/robot/assets/helm/ves-client/resources/cert.p12 b/robot/assets/helm/ves-client/resources/cert.p12 new file mode 100644 index 00000000..e69de29b diff --git a/robot/assets/helm/ves-client/resources/p12.pass b/robot/assets/helm/ves-client/resources/p12.pass new file mode 100644 index 00000000..25acfbf5 --- /dev/null +++ b/robot/assets/helm/ves-client/resources/p12.pass @@ -0,0 +1 @@ +collector \ No newline at end of file diff --git a/robot/assets/helm/ves-client/resources/trust.jks b/robot/assets/helm/ves-client/resources/trust.jks new file mode 100644 index 00000000..e69de29b diff --git a/robot/assets/helm/ves-client/resources/truststore.pass b/robot/assets/helm/ves-client/resources/truststore.pass new file mode 100644 index 00000000..25acfbf5 --- /dev/null +++ b/robot/assets/helm/ves-client/resources/truststore.pass @@ -0,0 +1 @@ +collector \ No newline at end of file diff --git a/robot/assets/helm/ves-client/templates/_helpers.tpl b/robot/assets/helm/ves-client/templates/_helpers.tpl new file mode 100644 index 00000000..e8940d78 --- /dev/null +++ b/robot/assets/helm/ves-client/templates/_helpers.tpl @@ -0,0 +1,175 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "ves-client.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "ves-client.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "ves-client.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "ves-client.labels" -}} +helm.sh/chart: {{ include "ves-client.chart" . }} +{{ include "ves-client.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "ves-client.selectorLabels" -}} +app.kubernetes.io/name: {{ include "ves-client.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "ves-client.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "ves-client.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Common namespace +*/}} +{{- define "ves-client.namespace" -}} + {{- default .Release.Namespace .Values.nsPrefix -}} +{{- end -}} + +{{/* +Define dns names in certificate +*/}} +{{- define "ves-client.dnsNames" -}} +{{- range $dnsName := $.Values.certificates.dnsNames }} +- {{ $dnsName }} +{{- end }} +{{- end }} + +{{/* +Define dns names in certificate +*/}} +{{- define "ves-client.init" -}} +{{ if eq .Values.certMethod "wrongCert" }} +- name: {{ include "common.name" . }}-readiness + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: {{ .Values.certInitializer.image }} + imagePullPolicy: {{ .Values.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ .Values.aafVolumeName }} + mountPath: /opt/app/osaaf +{{- end }} +{{- end }} + +{{- define "ves-client.containers" -}} +- env: + - name: MONGO_HOSTNAME + value: {{ .Values.config.mongoDbName | quote }} + - name: USE_CERTIFICATE_FOR_AUTHORIZATION + value: {{ .Values.config.useCerts | quote }} + - name: STRICT_HOSTNAME_VERIFICATION + value: {{ .Values.config.strictHost | quote }} + name: {{ .Values.configMapName }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - containerPort: {{ .Values.service.port }} + protocol: TCP + livenessProbe: + httpGet: + path: /simulator/config + port: 5000 + initialDelaySeconds: 10 + periodSeconds: 30 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /simulator/config + port: 5000 + initialDelaySeconds: 60 + periodSeconds: 15 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + {{ if eq .Values.certMethod "wrongCert" }} + - name: certstore + mountPath: /app/store/cert.p12 + subPath: cert.p12 + - name: certstore + mountPath: /app/store/p12.pass + subPath: p12.pass + - name: {{ .Values.aafVolumeName }} + mountPath: /app/store + {{- end }} + {{ if eq .Values.certMethod "cmpv2" }} + - name: certstore + mountPath: /app/store + {{- end }} +{{- end }} + +{{- define "ves-client.volumes" -}} +{{ if or ( eq .Values.certMethod "cmpv2" ) ( eq .Values.certMethod "wrongCert" ) }} +- name: certstore + projected: + sources: + - secret: + name: ves-client-secret-cmpv2 + items: + - key: keystore.p12 + path: cert.p12 + - key: p12.pass + path: p12.pass + - key: p12.pass + path: truststore.pass + - key: truststore.jks + path: trust.jks +{{- end }} +{{ if eq .Values.certMethod "wrongCert" }} +{{ include "common.certInitializer.volumes" . | nindent 8 }} +- name: {{ .Values.aafVolumeName }} + emptyDir: {} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/robot/assets/helm/ves-client/templates/certificate.yaml b/robot/assets/helm/ves-client/templates/certificate.yaml new file mode 100644 index 00000000..a8bbbd72 --- /dev/null +++ b/robot/assets/helm/ves-client/templates/certificate.yaml @@ -0,0 +1,28 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: '{{ include "ves-client.fullname" . }}-cert' + namespace: {{ include "ves-client.namespace" . }} +spec: + secretName: ves-client-secret-cmpv2 + commonName: {{ include "ves-client.fullname" . }} + renewBefore: {{ .Values.certificates.renewBefore }} + duration: {{ .Values.certificates.duration }} + subject: + organizations: + - {{ .Values.certificates.subject.organization }} + countries: + - {{ .Values.certificates.subject.country }} + localities: + - {{ .Values.certificates.subject.locality }} + provinces: + - {{ .Values.certificates.subject.province }} + organizationalUnits: + - {{ .Values.certificates.subject.organizationalUnit }} + issuerRef: + group: {{ .Values.certificates.issuerRef.group }} + kind: {{ .Values.certificates.issuerRef.kind }} + name: {{ .Values.certificates.issuerRef.name }} + dnsNames: {{ include "ves-client.dnsNames" . | indent 4 }} + keystores: + {{ toYaml .Values.certificates.keystores | nindent 4 }} diff --git a/robot/assets/helm/ves-client/templates/deployment.yaml b/robot/assets/helm/ves-client/templates/deployment.yaml new file mode 100644 index 00000000..8a054f44 --- /dev/null +++ b/robot/assets/helm/ves-client/templates/deployment.yaml @@ -0,0 +1,21 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "ves-client.fullname" . }} + labels: + {{ include "ves-client.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{ include "ves-client.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{ include "ves-client.selectorLabels" . | nindent 8 }} + spec: + initContainers: + {{ include "ves-client.init" . | nindent 8 }} + containers: + {{ include "ves-client.containers" . | nindent 8 }} + volumes: + {{ include "ves-client.volumes" . | nindent 8 }} diff --git a/robot/assets/helm/ves-client/templates/secret.yaml b/robot/assets/helm/ves-client/templates/secret.yaml new file mode 100644 index 00000000..354e52cb --- /dev/null +++ b/robot/assets/helm/ves-client/templates/secret.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: ves-client-secret-cmpv2 +data: + p12.pass: MjNlOTE3NzVjOTE4ZTRmNjY4ZTFhYzgyZDY5ZjExYWU0ZWU0ZGM2MTM3YzUwMzZkZjE3MmEyODJhYTA5 +type: Opaque diff --git a/robot/assets/helm/ves-client/templates/service.yaml b/robot/assets/helm/ves-client/templates/service.yaml new file mode 100644 index 00000000..a118388b --- /dev/null +++ b/robot/assets/helm/ves-client/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.nameOverride }} + labels: + {{ include "ves-client.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: {{ .Values.service.port }} + protocol: TCP + name: {{ .Values.service.name }} + selector: + {{ include "ves-client.selectorLabels" . | nindent 4 }} diff --git a/robot/assets/helm/ves-client/values.yaml b/robot/assets/helm/ves-client/values.yaml new file mode 100644 index 00000000..cc063180 --- /dev/null +++ b/robot/assets/helm/ves-client/values.yaml @@ -0,0 +1,133 @@ +global: + importCustomCertsEnabled: false + +certMethod: "aaf" +aafVolumeName: aaf-vol-store + +replicaCount: 1 + +image: + repository: onap/org.onap.integration.nfsimulator.vesclient + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "ves-client" + +config: + strictHost: false + useCerts: false + mongoDbName: ves-client-db + +templatesDir: "/app/template" +certsDir: "/app/store" + +ingress: + enabled: false + +certInitializer: + nameOverride: vesclient-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: ves-client + fqi: ves-client@vesclient.onap.org + public_fqdn: ves-client.onap.org + fqi_namespace: "org.onap.vesclient" + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + image: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 + mountPath: "/opt/app/osaaf" + appMountPath: "/opt/app/osaaf" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: NodePort + port: 5000 + name: ves-client-port-name + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +mongodb: + fullnameOverride: "ves-client-db" + persistence: + enabled: false + auth: + rootPassword: zXcVbN123! + database: simulator + username: root + +certificates: + name: ves-client-cert + secretName: ves-client-secret + commonName: ves-client + dnsNames: + - ves-client + renewBefore: 720h #30 days + duration: 8760h #365 days + subject: + organization: "Linux-Foundation" + country: "US" + locality: "San-Francisco" + province: "California" + organizationalUnit: "ONAP" +# issuer: +# group: certmanager.onap.org +# kind: CMPv2Issuer +# name: cmpv2-issuer-onap + issuerRef: + group: certmanager.onap.org + kind: CMPv2Issuer + name: cmpv2-issuer-onap + +# ipAddresses: "127.0.0.1" + keystores: + jks: + create: true + passwordSecretRef: + name: ves-client-secret-cmpv2 + key: p12.pass + pkcs12: + create: true + passwordSecretRef: + name: ves-client-secret-cmpv2 + key: p12.pass -- cgit 1.2.3-korg