[POLICY] Cleanup of Helmcharts from AAF/TLS options
Remove AAF options and Certificate settings
Disable Istio Sidecar injection for DB jobs due to
problems during DB Migration
Extended the timeouts for clamp-runtime-acm
Issue-ID: OOM-3120
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Change-Id: I802fa2038535524f4696513acd5aa7772e0a3f35
diff --git a/kubernetes/policy/components/policy-gui/Chart.yaml b/kubernetes/policy/components/policy-gui/Chart.yaml
index b2769c3..e1d809d 100644
--- a/kubernetes/policy/components/policy-gui/Chart.yaml
+++ b/kubernetes/policy/components/policy-gui/Chart.yaml
@@ -24,9 +24,6 @@
version: 12.0.0
dependencies:
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
diff --git a/kubernetes/policy/components/policy-gui/resources/config/application.yml b/kubernetes/policy/components/policy-gui/resources/config/application.yml
index 9be81d8..f81a1b4 100644
--- a/kubernetes/policy/components/policy-gui/resources/config/application.yml
+++ b/kubernetes/policy/components/policy-gui/resources/config/application.yml
@@ -1,18 +1,12 @@
server:
port: 2443
ssl:
- enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
-# enabled-protocols: TLSv1.2
-# client-auth: want
-# key-store: file:${KEYSTORE}
-# key-store-password: ${KEYSTORE_PASSWD}
-# trust-store: file:${TRUSTSTORE}
-# trust-store-password: ${TRUSTSTORE_PASSWD}
+ enabled: false
clamp:
url:
- disable-ssl-validation: {{ (eq "true" (include "common.needTLS" .)) | ternary false true }}
- disable-ssl-hostname-check: {{ (eq "true" (include "common.needTLS" .)) | ternary false true }}
+ disable-ssl-validation: true
+ disable-ssl-hostname-check: true
apex-editor:
upload-url:
diff --git a/kubernetes/policy/components/policy-gui/templates/deployment.yaml b/kubernetes/policy/components/policy-gui/templates/deployment.yaml
index 8513943..7a573d0 100644
--- a/kubernetes/policy/components/policy-gui/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-gui/templates/deployment.yaml
@@ -20,24 +20,12 @@
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
@@ -46,14 +34,6 @@
- -c
- "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
env:
- - name: KEYSTORE
- value: {{ .Values.certStores.keystoreLocation }}
- - name: KEYSTORE_PASSWD
- value: {{ .Values.certStores.keyStorePassword }}
- - name: TRUSTSTORE
- value: {{ .Values.certStores.truststoreLocation }}
- - name: TRUSTSTORE_PASSWD
- value: {{ .Values.certStores.trustStorePassword }}
- name: POLICY_LOGS
value: {{ .Values.log.path }}
volumeMounts:
@@ -78,7 +58,6 @@
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
-{{ include "common.certInitializer.initContainer" . | nindent 6 }}
containers:
# side car containers
{{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }}
@@ -86,18 +65,8 @@
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-{{- if not (include "common.onServiceMesh" .) }}
- command: ["sh","-c"]
- args: ["source {{ .Values.certInitializer.credsPath }}/.ci;/opt/app/policy/gui/bin/policy-gui.sh"]
- env:
-{{ else }}
command: ["/opt/app/policy/gui/bin/policy-gui.sh"]
env:
- - name: KEYSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
- - name: TRUSTSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
-{{ end }}
- name: CLAMP_URL
value: http://policy-clamp-runtime-acm:6969
ports:
@@ -116,7 +85,7 @@
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ volumeMounts:
- name: logs
mountPath: {{ .Values.log.path }}
- mountPath: /opt/app/policy/gui/etc/application.yml
@@ -135,7 +104,7 @@
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
+ volumes:
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}
diff --git a/kubernetes/policy/components/policy-gui/templates/service.yaml b/kubernetes/policy/components/policy-gui/templates/service.yaml
index 827e93a..3640622 100644
--- a/kubernetes/policy/components/policy-gui/templates/service.yaml
+++ b/kubernetes/policy/components/policy-gui/templates/service.yaml
@@ -18,29 +18,4 @@
# ============LICENSE_END=========================================================
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
----
+{{ include "common.service" . }}
diff --git a/kubernetes/policy/components/policy-gui/values.yaml b/kubernetes/policy/components/policy-gui/values.yaml
index 178aa4e..8b41911 100644
--- a/kubernetes/policy/components/policy-gui/values.yaml
+++ b/kubernetes/policy/components/policy-gui/values.yaml
@@ -22,52 +22,6 @@
global: # global defaults
nodePortPrefix: 304
centralizedLoggingEnabled: true
- #AAF service
- aafEnabled: true
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: keystore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.keyStorePassword }}'
- passwordPolicy: required
- - uid: truststore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.trustStorePassword }}'
- passwordPolicy: required
-
-certStores:
- keyStorePassword: Pol1cy_0nap
- keystoreLocation: /opt/app/policy/gui/etc/ssl/policy-keystore
- truststoreLocation: /opt/app/policy/gui/etc/ssl/policy-truststore
- trustStorePassword: Pol1cy_0nap
-
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: policy-gui-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: policy
- fqi: policy@policy.onap.org
- public_fqdn: policy.onap.org
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- app_ns: org.osaaf.aaf
- uid: 100
- gid: 101
- aaf_add_config: >
- echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
- echo "export TRUSTSTORE='{{ .Values.credsPath }}/org.onap.policy.trust.jks'" >> {{ .Values.credsPath }}/.ci;
- echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
- echo "export TRUSTSTORE_PASSWD='${cadi_truststore_password}'" >> {{ .Values.credsPath }}/.ci;
- chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
subChartsOnly:
enabled: true
@@ -118,9 +72,11 @@
service:
type: NodePort
name: policy-gui
- portName: http
internalPort: 2443
- nodePort: 43
+ ports:
+ - name: http
+ port: 2443
+ nodePort: 43
# see https://wiki.onap.org/display/DW/OOM+NodePort+List