[CCSDK] Configure dgbuilder to use certInitializer
This change makes the following fixes to dgbuilder:
* Replace hard-coded certificate with certificate generated by
certInitializer
* Configure dgbuilder to use http instead of https if AAF is
disabled (i.e. global aafEnabled property = false)
* Add resource limits
Issue-ID: SDNC-1356
Signed-off-by: Dan Timoney <dtimoney@att.com>
Change-Id: I8ca97c6a44f62a0abe5b5a6f8564ebcd2e4addb1
diff --git a/kubernetes/appc/values.yaml b/kubernetes/appc/values.yaml
index 57ce1e9..8b3ce26 100644
--- a/kubernetes/appc/values.yaml
+++ b/kubernetes/appc/values.yaml
@@ -133,6 +133,8 @@
dgbuilder:
nameOverride: appc-dgbuilder
+ certInitializer:
+ nameOverride: appc-dgbuilder-cert-initializer
config:
db:
rootPasswordExternalSecret: '{{ include "common.release" . }}-appc-db-root-pass'
diff --git a/kubernetes/common/dgbuilder/requirements.yaml b/kubernetes/common/dgbuilder/requirements.yaml
index 4735901..cf305d4 100644
--- a/kubernetes/common/dgbuilder/requirements.yaml
+++ b/kubernetes/common/dgbuilder/requirements.yaml
@@ -16,3 +16,6 @@
- name: common
version: ~6.x-0
repository: 'file://../common'
+ - name: certInitializer
+ version: ~6.x-0
+ repository: '@local'
diff --git a/kubernetes/common/dgbuilder/resources/config/customSettings.js b/kubernetes/common/dgbuilder/resources/config/customSettings.js
index 42c2e57..b6a1a86 100644
--- a/kubernetes/common/dgbuilder/resources/config/customSettings.js
+++ b/kubernetes/common/dgbuilder/resources/config/customSettings.js
@@ -54,6 +54,8 @@
},
"uiHost": "0.0.0.0",
"version": "0.9.1",
- "performGitPull": "N",
- "enableHttps" : true
+ {{ if .Values.global.aafEnabled }}
+ "enableHttps" : true,
+ {{ end }}
+ "performGitPull": "N"
}
diff --git a/kubernetes/common/dgbuilder/templates/deployment.yaml b/kubernetes/common/dgbuilder/templates/deployment.yaml
index 1c32e12..ec088e9 100644
--- a/kubernetes/common/dgbuilder/templates/deployment.yaml
+++ b/kubernetes/common/dgbuilder/templates/deployment.yaml
@@ -70,6 +70,7 @@
image: "{{ .Values.global.envsubstImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
- command:
- /app/ready.py
args:
@@ -89,7 +90,7 @@
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/bin/bash"]
- args: ["-c", "cd /opt/onap/ccsdk/dgbuilder/ && ./start.sh sdnc1.0 && wait"]
+ args: ["-c", "cd /opt/onap/ccsdk/dgbuilder/ && {{ if .Values.global.aafEnabled}} cp /opt/app/osaaf/local/node-*.pem certs && {{end}}./start.sh sdnc1.0 && wait"]
ports:
- containerPort: {{ .Values.service.internalPort }}
readinessProbe:
@@ -101,6 +102,7 @@
- name: SDNC_CONFIG_DIR
value: /opt/onap/sdnc/data/properties
volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -127,6 +129,7 @@
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
volumes:
+{{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml
index a7e6e24..cf88fe5 100644
--- a/kubernetes/common/dgbuilder/values.yaml
+++ b/kubernetes/common/dgbuilder/values.yaml
@@ -158,21 +158,45 @@
config:
ssl: "redirect"
-resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-# limits:
-# cpu: 2
-# memory: 4Gi
-# requests:
-# cpu: 2
-# memory: 4Gi
+ # dependency / sub-chart configuration
+certInitializer:
+ nameOverride: dgbuilder-cert-initializer
+ truststoreMountpath: /opt/onap/ccsdk/dgbuilder/certs
+ fqdn: "sdnc"
+ app_ns: "org.osaaf.aaf"
+ fqi: "sdnc@sdnc.onap.org"
+ fqi_namespace: org.onap.sdnc
+ public_fqdn: "dgbuilder.onap.org"
+ aafDeployFqi: "deployer@people.osaaf.org"
+ aafDeployPass: demo123456!
+ cadi_latitude: "38.0"
+ cadi_longitude: "-72.0"
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: >
+ cd /opt/app/osaaf/local;
+ /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} | grep cadi_keystore_password= | cut -d= -f 2 > {{ .Values.credsPath }}/.pass 2>&1 ;
+ cp {{ .Values.fqi_namespace }}.crt node-cert.pem;
+ cp {{ .Values.fqi_namespace }}.key node-key.pem;
+ chmod go+r node-*.pem
+
+#Resource Limit flavor -By Default using small
+flavor: small
+#segregation for different envionment (Small and Large)
+
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 2Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 8Gi
+ requests:
+ cpu: 2
+ memory: 4Gi
+ unlimited: {}
+
diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index aee6f25..f1e6821 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -283,6 +283,8 @@
dgbuilder:
enabled: true
nameOverride: sdnc-dgbuilder
+ certInitializer:
+ nameOverride: sdnc-dgbuilder-cert-initializer
config:
db:
dbName: *sdncDbName