[POLICY] Cleanup of Helmcharts from AAF/TLS options
Remove AAF options and Certificate settings
Disable Istio Sidecar injection for DB jobs due to
problems during DB Migration
Extended the timeouts for clamp-runtime-acm
Issue-ID: OOM-3120
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Change-Id: I802fa2038535524f4696513acd5aa7772e0a3f35
diff --git a/kubernetes/policy/components/policy-apex-pdp/Chart.yaml b/kubernetes/policy/components/policy-apex-pdp/Chart.yaml
index c91569f..f7f0757 100755
--- a/kubernetes/policy/components/policy-apex-pdp/Chart.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/Chart.yaml
@@ -2,6 +2,7 @@
# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021 Nordix Foundation
+# Modification (C) 2023 Deutsche Telekom. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -27,9 +28,6 @@
- name: common
version: ~12.x-0
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
diff --git a/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json
index 9136b6e..2fe354e 100755
--- a/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json
+++ b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json
@@ -5,7 +5,7 @@
"port": 6969,
"userName": "${RESTSERVER_USER}",
"password": "${RESTSERVER_PASSWORD}",
- "https": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
+ "https": "false",
"prometheus": true
},
"pdpStatusParameters":{
diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/service.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/service.yaml
index 6a4d28b..f96e810 100755
--- a/kubernetes/policy/components/policy-apex-pdp/templates/service.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/templates/service.yaml
@@ -1,6 +1,7 @@
{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modification (C) 2023 Deutsche Telekom. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -18,29 +19,4 @@
# ============LICENSE_END=========================================================
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- sessionAffinity: None
+{{ include "common.service" . }}
diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml
index dd1c047..6213fec 100755
--- a/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml
@@ -3,6 +3,7 @@
# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright (C) 2020 AT&T Intellectual Property.
# Modifications Copyright © 2022 Nordix Foundation
+# Modification (C) 2023 Deutsche Telekom. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -22,25 +23,13 @@
apiVersion: apps/v1
kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
serviceName: {{ include "common.servicename" . }}
replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
@@ -49,10 +38,6 @@
- -c
- "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
env:
- - name: TRUSTSTORE_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-pass" "key" "password") | indent 10 }}
- - name: KEYSTORE_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-pass" "key" "password") | indent 10 }}
- name: RESTSERVER_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
- name: RESTSERVER_PASSWORD
@@ -69,40 +54,29 @@
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["sh","-c"]
- args: ["if [ -f {{ .Values.certInitializer.credsPath }}/.ci ]; then \
- . {{ .Values.certInitializer.credsPath }}/.ci; fi;\
- /opt/app/policy/apex-pdp/bin/apexOnapPf.sh -c /home/apexuser/config/OnapPfConfig.json"]
- ports:
- - containerPort: {{ .Values.service.externalPort }}
+ args: ["/opt/app/policy/apex-pdp/bin/apexOnapPf.sh -c /home/apexuser/config/OnapPfConfig.json"]
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ .Values.service.externalPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{- end }}
readinessProbe:
tcpSocket:
- port: {{ .Values.service.externalPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: REPLICAS
value: "{{ .Values.replicaCount }}"
-{{- if not .Values.global.aafEnabled }}
- - name: KEYSTORE_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-pass" "key" "password") | indent 12 }}
- - name: TRUSTSTORE_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-pass" "key" "password") | indent 12 }}
-{{- end }}
volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -121,7 +95,6 @@
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
-{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml
index 10e4da4..3ea694f 100755
--- a/kubernetes/policy/components/policy-apex-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml
@@ -2,6 +2,7 @@
# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright (C) 2019-2021 AT&T Intellectual Property.
# Modifications Copyright © 2022 Nordix Foundation
+# Modification (C) 2023 Deutsche Telekom. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -23,7 +24,6 @@
#################################################################
global:
nodePortPrefix: 302
- aafEnabled: true
persistence: {}
#################################################################
@@ -35,16 +35,6 @@
externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
login: '{{ .Values.restServer.user }}'
password: '{{ .Values.restServer.password }}'
- - uid: truststore-pass
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.trustStorePassword }}'
- passwordPolicy: required
- - uid: keystore-pass
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.keyStorePassword }}'
- passwordPolicy: required
- uid: policy-kafka-user
externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
type: genericKV
@@ -68,29 +58,6 @@
restServer:
user: healthcheck
password: zb!XztG34
-truststore:
- password: Pol1cy_0nap
-certStores:
- keyStorePassword: Pol1cy_0nap
- trustStorePassword: Pol1cy_0nap
-
-certInitializer:
- nameOverride: policy-apex-pdp-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: policy
- fqi: policy@policy.onap.org
- public_fqdn: policy.onap.org
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- app_ns: org.osaaf.aaf
- uid: 101
- gid: 102
- aaf_add_config: >
- echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci;
- echo "export KEYSTORE_PASSWORD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
- chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
# default number of instances
replicaCount: 1
@@ -114,10 +81,10 @@
service:
type: ClusterIP
name: policy-apex-pdp
- portName: http
- externalPort: 6969
internalPort: 6969
- nodePort: 37
+ ports:
+ - name: http
+ port: 6969
ingress:
enabled: false
@@ -157,7 +124,7 @@
enabled: true
port: policy-apex-pdp
interval: 60s
- isHttps: true
+ isHttps: false
basicAuth:
enabled: true
externalSecretNameSuffix: policy-apex-pdp-restserver-creds