[HOLMES] Remove AAF dependency and support SM
Delete AAF and certificate entries and change Holmes interfaces to HTTP
Add readiness checks for the postgres-init-job to avoid missing DB user
Issue-ID: OOM-3101
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Change-Id: Id15cfdbcd753d404ccae912dcd0d057f647917e7
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/Chart.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/Chart.yaml
index 1aa4726..5160145 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/Chart.yaml
+++ b/kubernetes/holmes/components/holmes-engine-mgmt/Chart.yaml
@@ -27,7 +27,7 @@
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
- - name: certInitializer
+ - name: readinessCheck
version: ~12.x-0
repository: '@local'
- name: serviceAccount
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/application.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/application.yaml
index f818dfd..34c4024 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/application.yaml
+++ b/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/application.yaml
@@ -2,11 +2,6 @@
port: 9102
servlet:
context-path: /api/holmes-engine-mgmt/v1
- ssl:
- key-store: /opt/onap/conf/holmes.keystore
- key-store-password: holmes
- #PKCS12
- key-store-type: JKS
logging:
config: classpath:logback-spring.xml
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml b/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml
index 9e62ccf..9a16390 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml
+++ b/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml
@@ -19,10 +19,8 @@
applicationContextPath: /
adminContextPath: /admin
connector:
- type: https
+ type: http
port: 9102
- keyStorePath: /opt/onap/conf/holmes.keystore
- keyStorePassword: holmes
validateCerts: false
validatePeers: false
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml
index dd7bb45..9bf6f39 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml
+++ b/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml
@@ -33,7 +33,10 @@
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers: {{- include "common.certInitializer.initContainer" . | nindent 6 }}
+ initContainers:
+ {{- if not .Values.global.postgres.localCluster }}
+ {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
+ {{- end }}
- name: {{ include "common.name" . }}-env-config
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
@@ -64,7 +67,7 @@
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources: {{ include "common.resources" . | nindent 10 }}
ports: {{ include "common.containerPorts" . | nindent 10 }}
- volumeMounts: {{- include "common.certInitializer.volumeMount" . | nindent 8 }}
+ volumeMounts:
- name: {{ include "common.fullname" . }}-env-config
mountPath: /opt/hemconfig
- name: {{ include "common.fullname" . }}-config
@@ -119,7 +122,7 @@
- name: DB_PORT
value: "{{ .Values.config.pgConfig.dbPort }}"
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+ volumes:
- name: {{ include "common.fullname" . }}-config
configMap:
defaultMode: 422
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml
index ce3035e..d2ad0d4 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml
+++ b/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml
@@ -20,9 +20,11 @@
#################################################################
global:
nodePortPrefixExt: 302
- msbProtocol: https
+ msbProtocol: http
msbServiceName: msb-iag
- msbPort: 443
+ msbPort: 80
+ postgres:
+ localCluster: false
#################################################################
# Application configuration defaults.
@@ -32,39 +34,6 @@
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: holmes-engine-mgmt-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: holmes-engine-mgmt
- fqi: holmes-engine-mgmt@holmes-engine-mgmt.onap.org
- fqi_namespace: org.onap.holmes-engine-mgmt
- public_fqdn: holmes-engine-mgmt.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- aaf_add_config: |
- echo "*** changing them into shell safe ones"
- export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- cd {{ .Values.credsPath }}
- keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
- -storepass "${cadi_keystore_password_p12}" \
- -keystore {{ .Values.fqi_namespace }}.p12
- keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \
- -storepass "${cadi_truststore_password}" \
- -keystore {{ .Values.fqi_namespace }}.trust.jks
- echo "*** save the generated passwords"
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
- echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop
- echo "*** change ownership of certificates to targeted user"
- chown -R 1000 .
-
-#################################################################
# Secrets metaconfig
#################################################################
secrets:
@@ -95,7 +64,7 @@
type: ClusterIP
name: holmes-engine-mgmt
ports:
- - name: https-rest
+ - name: http-rest
port: &svc_port 9102
# probe configuration parameters
@@ -103,7 +72,7 @@
initialDelaySeconds: 10
periodSeconds: 10
path: /api/holmes-engine-mgmt/v1/healthcheck
- scheme: HTTPS
+ scheme: HTTP
port: *svc_port
enabled: true
@@ -111,7 +80,7 @@
initialDelaySeconds: 30
periodSeconds: 30
path: /api/holmes-engine-mgmt/v1/healthcheck
- scheme: HTTPS
+ scheme: HTTP
port: *svc_port
# Segregation for Different environment (Small and Large)
@@ -132,6 +101,11 @@
memory: 1Gi
unlimited: {}
+readinessCheck:
+ wait_for:
+ jobs:
+ - '{{ include "common.release" . }}-holmes-postgres-init-config-job'
+
#Pods Service Account
serviceAccount:
nameOverride: holmes-engine-mgmt
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/Chart.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/Chart.yaml
index 628f5c6..09b2490 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/Chart.yaml
+++ b/kubernetes/holmes/components/holmes-rule-mgmt/Chart.yaml
@@ -27,7 +27,7 @@
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
- - name: certInitializer
+ - name: readinessCheck
version: ~12.x-0
repository: '@local'
- name: serviceAccount
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/application.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/application.yaml
index 18cf3b4..2ff0fa6 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/application.yaml
+++ b/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/application.yaml
@@ -2,11 +2,6 @@
port: 9101
servlet:
context-path: /api/holmes-rule-mgmt/v1
- ssl:
- key-store: /opt/onap/conf/holmes.keystore
- key-store-password: holmes
- #PKCS12
- key-store-type: JKS
logging:
config: classpath:logback-spring.xml
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml b/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml
index 89269de..3b72188 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml
+++ b/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml
@@ -13,10 +13,8 @@
applicationContextPath: /
adminContextPath: /admin
connector:
- type: https
+ type: http
port: 9101
- keyStorePath: /opt/onap/conf/holmes.keystore
- keyStorePassword: holmes
validateCerts: false
validatePeers: false
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml
index 21a9656..8b0cd84 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml
+++ b/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml
@@ -32,7 +32,10 @@
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers: {{- include "common.certInitializer.initContainer" . | nindent 6 }}
+ initContainers:
+ {{- if not .Values.global.postgres.localCluster }}
+ {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
+ {{- end }}
- name: {{ include "common.name" . }}-env-config
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
@@ -62,7 +65,7 @@
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports: {{ include "common.containerPorts" . | nindent 8 }}
- volumeMounts: {{- include "common.certInitializer.volumeMount" . | nindent 8 }}
+ volumeMounts:
- name: {{ include "common.fullname" . }}-env-config
mountPath: /opt/hrmconfig
- name: {{ include "common.fullname" . }}-rule-config
@@ -117,7 +120,7 @@
- name: DB_PORT
value: "{{ .Values.config.pgConfig.dbPort }}"
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+ volumes:
- name: {{ include "common.fullname" . }}-general-config
configMap:
defaultMode: 422
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml
index bd84c24..0a25527 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml
+++ b/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml
@@ -20,9 +20,11 @@
#################################################################
global:
nodePortPrefixExt: 302
- msbProtocol: https
+ msbProtocol: http
msbServiceName: msb-iag
- msbPort: 443
+ msbPort: 80
+ postgres:
+ localCluster: false
#################################################################
# Application configuration defaults.
@@ -32,39 +34,6 @@
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: holmes-rule-mgmt-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: holmes-rule-mgmt
- fqi: holmes-rule-mgmt@holmes-rule-mgmt.onap.org
- fqi_namespace: org.onap.holmes-rule-mgmt
- public_fqdn: holmes-rule-mgmt.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- aaf_add_config: |
- echo "*** changing them into shell safe ones"
- export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- cd {{ .Values.credsPath }}
- keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
- -storepass "${cadi_keystore_password_p12}" \
- -keystore {{ .Values.fqi_namespace }}.p12
- keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \
- -storepass "${cadi_truststore_password}" \
- -keystore {{ .Values.fqi_namespace }}.trust.jks
- echo "*** save the generated passwords"
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
- echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop
- echo "*** change ownership of certificates to targeted user"
- chown -R 1000 .
-
-#################################################################
# Secrets metaconfig
#################################################################
secrets:
@@ -95,10 +64,10 @@
type: NodePort
name: holmes-rule-mgmt
ports:
- - name: https-rest
+ - name: http-rest
port: &svc_port 9101
nodePort: 92
- - name: https-ui
+ - name: http-ui
port: 9104
nodePort: 93
@@ -109,14 +78,14 @@
periodSeconds: 10
path: /api/holmes-rule-mgmt/v1/healthcheck
enabled: true
- scheme: HTTPS
+ scheme: HTTP
readiness:
initialDelaySeconds: 30
port: *svc_port
periodSeconds: 30
path: /api/holmes-rule-mgmt/v1/healthcheck
- scheme: HTTPS
+ scheme: HTTP
# Segregation for Different environment (Small and Large)
resources:
@@ -136,6 +105,11 @@
memory: 512Mi
unlimited: {}
+readinessCheck:
+ wait_for:
+ jobs:
+ - '{{ include "common.release" . }}-holmes-postgres-init-config-job'
+
#Pods Service Account
serviceAccount:
nameOverride: holmes-rule-mgmt