[SDC] Chart cleanup for AAF/TLS removal
Use latest helm templates and remove TLS/AAF related parts
Issue-ID: OOM-3121
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Change-Id: I453d9bfb471462a3c2f4825a3a542c61df353cf5
diff --git a/kubernetes/sdc/components/sdc-wfd-be/Chart.yaml b/kubernetes/sdc/components/sdc-wfd-be/Chart.yaml
index 51e84a6..55b79aa 100644
--- a/kubernetes/sdc/components/sdc-wfd-be/Chart.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-be/Chart.yaml
@@ -20,9 +20,6 @@
version: 12.0.0
dependencies:
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml
index a187e19..da62035 100644
--- a/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml
@@ -1,6 +1,7 @@
{{/*
# Copyright © 2017 Amdocs, AT&T, Bell Canada
# Modifications Copyright © 2018 ZTE
+# Modifications Copyright © 2023 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -17,26 +18,14 @@
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ initContainers:
{{- if .Values.initJob.enabled }}
- name: {{ include "common.name" . }}-job-completion
image: {{ include "repositoryGenerator.image.readiness" . }}
@@ -45,7 +34,7 @@
- /app/ready.py
args:
- --job-name
- - {{ include "common.fullname" . }}-workflow-init
+ - {{ include "common.fullname" . }}
env:
- name: NAMESPACE
valueFrom:
@@ -64,28 +53,13 @@
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{- if .Values.global.aafEnabled }}
- command:
- - sh
- args:
- - "-c"
- - |
- export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export SERVER_SSL_KEY_PASSWORD=$cadi_keystore_password_p12
- export KEYMANAGER_PASS=$cadi_keystore_password_p12
- export SERVER_SSL_TRUST_PASSWORD=$cadi_truststore_password
- export SERVER_SSL_KEYSTORE_PATH={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }}
- export SERVER_SSL_TRUSTSTORE_PATH={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }}
- ./startup.sh
- {{- end }}
- ports:
- - containerPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{ if .Values.liveness.enabled }}
livenessProbe:
tcpSocket:
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
successThreshold: {{ .Values.liveness.successThreshold }}
@@ -93,14 +67,14 @@
{{ end }}
readinessProbe:
tcpSocket:
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
successThreshold: {{ .Values.readiness.successThreshold }}
failureThreshold: {{ .Values.readiness.failureThreshold }}
startupProbe:
tcpSocket:
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }}
periodSeconds: {{ .Values.startup.periodSeconds }}
successThreshold: {{ .Values.startup.successThreshold }}
@@ -128,28 +102,17 @@
valueFrom:
secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: cs_truststore_password}
- name: SDC_PROTOCOL
- value: "{{ (eq "true" (include "common.needTLS" .)) | ternary "HTTPS" "HTTP" }}"
+ value: "HTTP"
- name: SDC_ENDPOINT
- value: "{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.sdcEndpoint.https .Values.config.sdcEndpoint.http }}"
+ value: "{{ .Values.config.sdcEndpoint.http }}"
- name: SDC_USER
value: "{{ .Values.config.sdcExternalUser }}"
- name: SDC_PASSWORD
valueFrom:
secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: wf_external_user_password}
- {{- if (include "common.needTLS" .) }}
- - name: SERVER_SSL_ENABLED
- value: "true"
- - name: SERVER_SSL_KEYSTORE_TYPE
- value: "{{ .Values.config.serverSSLKeyStoreType }}"
- - name: SERVER_SSL_TRUSTSTORE_TYPE
- value: "{{ .Values.config.serverSSLTrustStoreType }}"
- {{- else }}
- name: SERVER_SSL_ENABLED
value: "false"
- {{- end }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
resources: {{ include "common.resources" . | nindent 12 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml
index 171442d..e9e5fcf 100644
--- a/kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml
@@ -1 +1,18 @@
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
{{include "common.ingress" .}}
diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml
index 4184063..9ba05b8 100644
--- a/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml
@@ -18,14 +18,7 @@
{{ if .Values.initJob.enabled }}
apiVersion: batch/v1
kind: Job
-metadata:
- name: {{ include "common.fullname" . }}-workflow-init
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}-job
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
backoffLimit: 20
template:
@@ -43,7 +36,7 @@
- /app/ready.py
args:
- --job-name
- - {{ include "common.release" . }}-sdc-cs-config-cassandra
+ - {{ include "common.release" . }}-sdc-cs
- "-t"
- "20"
env:
diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml
index 2f4129b..895eac1 100644
--- a/kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml
@@ -2,6 +2,7 @@
# Copyright © 2018 Amdocs, Bell Canada
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T, ZTE
+# Modifications Copyright © 2023 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -16,28 +17,4 @@
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- else -}}
- - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.externalPort2 .Values.service.externalPort }}
- targetPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
\ No newline at end of file
diff --git a/kubernetes/sdc/components/sdc-wfd-be/values.yaml b/kubernetes/sdc/components/sdc-wfd-be/values.yaml
index 8e49169..b011a03 100644
--- a/kubernetes/sdc/components/sdc-wfd-be/values.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-be/values.yaml
@@ -18,7 +18,6 @@
#################################################################
global:
nodePortPrefix: 302
- aafEnabled: true
sdc_cassandra:
# This flag allows SDC to instantiate its own cluster, serviceName
# should be sdc-cs if this flag is enabled
@@ -33,29 +32,6 @@
dataCenter: Pod
#################################################################
-# AAF Part
-#################################################################
-certInitializer:
- nameOverride: sdc-wfd-be-cert-init
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: sdc
- fqi: sdc@sdc.onap.org
- public_fqdn: sdc.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- addconfig: true
- keystoreFile: "org.onap.sdc.p12"
- truststoreFile: "org.onap.sdc.trust.jks"
- permission_user: 352070
- permission_group: 35953
- aaf_add_config: |
- echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" > {{ .Values.credsPath }}/mycreds.prop
- echo "cadi_truststore_password=$cadi_truststore_password" >> {{ .Values.credsPath }}/mycreds.prop
-
-#################################################################
# Application configuration defaults.
#################################################################
# application image
@@ -71,7 +47,6 @@
cassandraAuthenticationEnabled: true
cassandraClientPort: 9042
sdcEndpoint:
- https: sdc-be:8443
http: sdc-be:8080
sdcExternalUser: workflow
serverSSLKeyStoreType: jks
@@ -126,20 +101,18 @@
service:
type: NodePort
- portName: http
internalPort: 8080
- externalPort: 8080
- internalPort2: 8443
- externalPort2: 8443
- nodePort: "57" # only one node port. set to http or https port depending on isHttpsEnabled property
+ ports:
+ - name: http
+ port: 8080
+ nodePort: "57"
ingress:
enabled: false
service:
- baseaddr: "sdc-wfd-be-api"
name: "sdc-wfd-be"
- port: 8443
- plain_port: 8080
+ port: 8080
config:
ssl: "redirect"