Merge "[POLICY] Move policy dist to use strimzi templates"
diff --git a/kubernetes/cli/Chart.yaml b/kubernetes/cli/Chart.yaml
index 16885d9..884ee00 100644
--- a/kubernetes/cli/Chart.yaml
+++ b/kubernetes/cli/Chart.yaml
@@ -26,9 +26,6 @@
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
diff --git a/kubernetes/cli/resources/configuration/lighttpd.conf b/kubernetes/cli/resources/configuration/lighttpd.conf
index 0809868..f1735a1 100644
--- a/kubernetes/cli/resources/configuration/lighttpd.conf
+++ b/kubernetes/cli/resources/configuration/lighttpd.conf
@@ -1,6 +1,7 @@
{{/*
# Copyright 2018 Huawei Technologies Co., Ltd.
# Copyright 2021 Huawei Technologies Co., Ltd.
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -18,9 +19,7 @@
server.document-root = "/var/www-data/servers/open-cli/"
server.username = "www-data"
server.groupname = "www-data"
-server.port = 443
-ssl.engine = "enable"
-ssl.pemfile = "{{ .Values.certInitializer.credsPath }}/certs/fullchain.pem"
+server.port = {{ .Values.containerPort }}
mimetype.assign = (
".html" => "text/html",
@@ -38,18 +37,8 @@
"mod_proxy",
"mod_alias",
"mod_compress",
- "mod_redirect",
-# "mod_rewrite",
+ "mod_redirect"
)
-#server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/var/run/lighttpd.pid"
-#compress.cache-dir = "/var/cache/lighttpd/compress/"
-#compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" )
-
-# default listening port for IPv6 falls back to the IPv4 port
-## Use ipv6 if available
-#include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
-#include_shell "/usr/share/lighttpd/create-mime.assign.pl"
-#include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
\ No newline at end of file
diff --git a/kubernetes/cli/templates/NOTES.txt b/kubernetes/cli/templates/NOTES.txt
deleted file mode 100644
index f3fe9c9..0000000
--- a/kubernetes/cli/templates/NOTES.txt
+++ /dev/null
@@ -1,33 +0,0 @@
-# Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
diff --git a/kubernetes/cli/templates/configmap.yaml b/kubernetes/cli/templates/configmap.yaml
index ae515a0..a4c636f 100644
--- a/kubernetes/cli/templates/configmap.yaml
+++ b/kubernetes/cli/templates/configmap.yaml
@@ -1,5 +1,6 @@
{{/*
# Copyright © 2021 Orange
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -16,13 +17,6 @@
apiVersion: v1
kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-lighttpd
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
data:
-{{ tpl (.Files.Glob "resources/configuration/*").AsConfig . | indent 2 }}
\ No newline at end of file
+{{ tpl (.Files.Glob "resources/configuration/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/cli/templates/deployment.yaml b/kubernetes/cli/templates/deployment.yaml
index 0a3f967..06a5168 100644
--- a/kubernetes/cli/templates/deployment.yaml
+++ b/kubernetes/cli/templates/deployment.yaml
@@ -16,50 +16,35 @@
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort1 }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
+ httpGet:
+ port: {{ .Values.liveness.port }}
+ path: {{ .Values.liveness.path }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
+ httpGet:
+ port: {{ .Values.readiness.port }}
+ path: {{ .Values.readiness.path }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts: {{- include "common.certInitializer.volumeMount" . | nindent 10 }}
+ volumeMounts:
- name: lighttpd
- mountPath: "/etc/lighttpd/lighttpd.conf"
+ mountPath: /etc/lighttpd/lighttpd.conf
subPath: lighttpd.conf
readOnly: true
env:
@@ -76,9 +61,9 @@
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+ volumes:
- name: lighttpd
configMap:
- name: {{ include "common.fullname" . }}-lighttpd
+ name: {{ include "common.fullname" . }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/cli/templates/ingress.yaml b/kubernetes/cli/templates/ingress.yaml
index 8f87c68..0deb6ce 100644
--- a/kubernetes/cli/templates/ingress.yaml
+++ b/kubernetes/cli/templates/ingress.yaml
@@ -1 +1,16 @@
+{{/*
+# Modifications Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
{{ include "common.ingress" . }}
diff --git a/kubernetes/cli/templates/service.yaml b/kubernetes/cli/templates/service.yaml
index eaa8508..b33db21 100644
--- a/kubernetes/cli/templates/service.yaml
+++ b/kubernetes/cli/templates/service.yaml
@@ -1,5 +1,6 @@
{{/*
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -14,36 +15,4 @@
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.name }}{{ .Values.service.externalPort }}
- - port: {{ .Values.service.externalPort1 }}
- targetPort: {{ .Values.service.internalPort1 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort1 }}
- name: {{ .Values.service.name }}{{ .Values.service.externalPort1 }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}{{ .Values.service.externalPort }}
- - port: {{ .Values.service.externalPort1 }}
- targetPort: {{ .Values.service.internalPort1 }}
- name: {{ .Values.service.name }}{{ .Values.service.externalPort1 }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
diff --git a/kubernetes/cli/values.yaml b/kubernetes/cli/values.yaml
index db36661..437e04a 100644
--- a/kubernetes/cli/values.yaml
+++ b/kubernetes/cli/values.yaml
@@ -1,4 +1,5 @@
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -16,63 +17,45 @@
# Global configuration defaults.
#################################################################
global:
- nodePortPrefix: 302
-
-#################################################################
-# Certificate configuration
-#################################################################
-certInitializer:
- nameOverride: cli-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: "cli"
- app_ns: "org.osaaf.aaf"
- fqi_namespace: "org.onap.cli"
- fqi: "cli@cli.onap.org"
- public_fqdn: "aaf.osaaf.org"
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- credsPath: /opt/app/osaaf/local
- aaf_add_config: |
- echo "*** transform AAF certs into pem files"
- mkdir -p {{ .Values.credsPath }}/certs
- keytool -exportcert -rfc -file {{ .Values.credsPath }}/certs/cacert.pem \
- -keystore {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.trust.jks \
- -alias ca_local_0 \
- -storepass $cadi_truststore_password
- openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \
- -nokeys -out {{ .Values.credsPath }}/certs/cert.pem \
- -passin pass:$cadi_keystore_password_p12 \
- -passout pass:$cadi_keystore_password_p12
- echo "*** generating needed file"
- cat {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key \
- {{ .Values.credsPath }}/certs/cert.pem \
- {{ .Values.credsPath }}/certs/cacert.pem \
- > {{ .Values.credsPath }}/certs/fullchain.pem;
- cat {{ .Values.credsPath }}/certs/fullchain.pem
- echo "*** change ownership of certificates to targeted user"
- chown -R 33 {{ .Values.credsPath }}
-
-
+ persistence: {}
#################################################################
# Application configuration defaults.
#################################################################
# application image
image: onap/cli:6.0.1
-pullPolicy: Always
+pullPolicy: IfNotPresent
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+nodeSelector: {}
+affinity: {}
+
+# Resource Limit flavor -By Default using small
flavor: small
+# default number of instances
+replicaCount: 1
# application configuration
config:
climode: daemon
-# default number of instances
-replicaCount: 1
+containerPort: &svc_port 8080
+service:
+ type: ClusterIP
+ name: cli
+ ports:
+ - name: http
+ port: *svc_port
+ targetPort: *svc_port
-nodeSelector: {}
-
-affinity: {}
+ingress:
+ enabled: true
+ service:
+ - baseaddr: "cli-api"
+ path: "/"
+ name: "cps"
+ port: *svc_port
# probe configuration parameters
liveness:
@@ -81,32 +64,15 @@
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
+ port: *svc_port
+ path: /
readiness:
initialDelaySeconds: 10
periodSeconds: 10
+ port: *svc_port
+ path: /
-service:
- type: NodePort
- name: cli
- externalPort: 443
- externalPort1: 9443
- internalPort: "443"
- internalPort1: 9443
- nodePort: "60"
- nodePort1: "71"
-
-ingress:
- enabled: false
- service:
- - baseaddr: "cli-api"
- name: "cli"
- port: 443
- - baseaddr: "cli2-api"
- name: cli
- port: 9443
- config:
- ssl: "redirect"
# Configure resource requests and limits
# ref: http://kubernetes.io/docs/user-guide/compute-resources/
diff --git a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py
index c57685a..ff97755 100644
--- a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py
+++ b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py
@@ -143,8 +143,8 @@
GLOBAL_NBI_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}'
GLOBAL_NBI_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "nbi" "port" ( ternary 8443 8080 (eq "true" (include "common.needTLS" . )))) }}'
# cli info - everything is from the private oam network (also called onap private network)
-GLOBAL_CLI_SERVER_PROTOCOL = "https"
-GLOBAL_CLI_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "cli" "port" 443) }}'
+GLOBAL_CLI_SERVER_PROTOCOL = "http"
+GLOBAL_CLI_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "cli" "port" 8080) }}'
# dcae info - everything is from the private oam network (also called onap private network)
GLOBAL_DCAE_SERVER_PROTOCOL = "http"
GLOBAL_DCAE_HEALTH_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcae-healthcheck" "port" 80) }}'