X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Faai%2Fcharts%2Faai-resources%2Ftemplates%2Fdeployment.yaml;h=0a46c487178678bd825bdf532f068ad0de93b69b;hb=5c2fe5c4f4e6ee6cd987a154d68697211623fdb7;hp=4dcfa2cf9cc06b31f125dc8d3ca0289ccb0a6dec;hpb=eaa96057dd72822bdefeee20fd655c12681648b2;p=oom.git diff --git a/kubernetes/aai/charts/aai-resources/templates/deployment.yaml b/kubernetes/aai/charts/aai-resources/templates/deployment.yaml index 4dcfa2cf9c..0a46c48717 100644 --- a/kubernetes/aai/charts/aai-resources/templates/deployment.yaml +++ b/kubernetes/aai/charts/aai-resources/templates/deployment.yaml @@ -70,6 +70,17 @@ spec: "visualRange": "1", "path": "/aai/v13/cloud-infrastructure" }, + { + "serviceName": "_aai-cloudInfrastructure", + "version": "v14", + "url": "/aai/v14/cloud-infrastructure", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v14/cloud-infrastructure" + }, { "serviceName": "_aai-business", "version": "v11", @@ -103,6 +114,17 @@ spec: "visualRange": "1", "path": "/aai/v13/business" }, + { + "serviceName": "_aai-business", + "version": "v14", + "url": "/aai/v14/business", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v14/business" + }, { "serviceName": "_aai-actions", "version": "v11", @@ -136,6 +158,17 @@ spec: "visualRange": "1", "path": "/aai/v13/actions" }, + { + "serviceName": "_aai-actions", + "version": "v14", + "url": "/aai/v14/actions", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v14/actions" + }, { "serviceName": "_aai-service-design-and-creation", "version": "v11", @@ -169,6 +202,17 @@ spec: "visualRange": "1", "path": "/aai/v13/service-design-and-creation" }, + { + "serviceName": "_aai-service-design-and-creation", + "version": "v14", + "url": "/aai/v14/service-design-and-creation", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v14/service-design-and-creation" + }, { "serviceName": "_aai-network", "version": "v11", @@ -202,6 +246,17 @@ spec: "visualRange": "1", "path": "/aai/v13/network" }, + { + "serviceName": "_aai-network", + "version": "v14", + "url": "/aai/v14/network", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v14/network" + }, { "serviceName": "_aai-externalSystem", "version": "v11", @@ -212,7 +267,7 @@ spec: "lb_policy":"ip_hash", "visualRange": "1", "path": "/aai/v11/external-system" - }, + }, { "serviceName": "_aai-externalSystem", "version": "v12", @@ -223,7 +278,7 @@ spec: "lb_policy":"ip_hash", "visualRange": "1", "path": "/aai/v12/external-system" - }, + }, { "serviceName": "_aai-externalSystem", "version": "v13", @@ -235,6 +290,17 @@ spec: "visualRange": "1", "path": "/aai/v13/external-system" }, + { + "serviceName": "_aai-externalSystem", + "version": "v14", + "url": "/aai/v14/external-system", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v14/external-system" + }, { "serviceName": "aai-cloudInfrastructure", "version": "v11", @@ -265,6 +331,16 @@ spec: "lb_policy":"ip_hash", "visualRange": "1" }, + { + "serviceName": "aai-cloudInfrastructure", + "version": "v14", + "url": "/aai/v14/cloud-infrastructure", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, { "serviceName": "aai-business", "version": "v11", @@ -295,6 +371,16 @@ spec: "lb_policy":"ip_hash", "visualRange": "1" }, + { + "serviceName": "aai-business", + "version": "v14", + "url": "/aai/v14/business", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, { "serviceName": "aai-actions", "version": "v11", @@ -325,6 +411,16 @@ spec: "lb_policy":"ip_hash", "visualRange": "1" }, + { + "serviceName": "aai-actions", + "version": "v14", + "url": "/aai/v14/actions", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, { "serviceName": "aai-service-design-and-creation", "version": "v11", @@ -355,6 +451,16 @@ spec: "lb_policy":"ip_hash", "visualRange": "1" }, + { + "serviceName": "aai-service-design-and-creation", + "version": "v14", + "url": "/aai/v14/service-design-and-creation", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, { "serviceName": "aai-network", "version": "v11", @@ -385,6 +491,16 @@ spec: "lb_policy":"ip_hash", "visualRange": "1" }, + { + "serviceName": "aai-network", + "version": "v14", + "url": "/aai/v14/network", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, { "serviceName": "aai-externalSystem", "version": "v11", @@ -394,7 +510,7 @@ spec: "enable_ssl": true, "lb_policy":"ip_hash", "visualRange": "1" - }, + }, { "serviceName": "aai-externalSystem", "version": "v12", @@ -404,7 +520,7 @@ spec: "enable_ssl": true, "lb_policy":"ip_hash", "visualRange": "1" - }, + }, { "serviceName": "aai-externalSystem", "version": "v13", @@ -414,11 +530,27 @@ spec: "enable_ssl": true, "lb_policy":"ip_hash", "visualRange": "1" + }, + { + "serviceName": "aai-externalSystem", + "version": "v14", + "url": "/aai/v14/external-system", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" } ]' spec: hostname: aai-resources {{ if .Values.global.initContainers.enabled }} + {{ if .Values.global.installSidecarSecurity }} + hostAliases: + - ip: {{ .Values.global.aaf.serverIp }} + hostnames: + - {{ .Values.global.aaf.serverHostname }} + {{ end }} initContainers: - command: {{ if .Values.global.jobs.createSchema.enabled }} @@ -431,6 +563,8 @@ spec: args: - --container-name - aai-cassandra + - --container-name + - aai-schema-service {{ end }} env: - name: NAMESPACE @@ -441,6 +575,13 @@ spec: image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness + {{ if .Values.global.installSidecarSecurity }} + - name: {{ .Values.global.tproxyConfig.name }} + image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + securityContext: + privileged: true + {{ end }} {{ end }} containers: - name: {{ include "common.name" . }} @@ -475,6 +616,11 @@ spec: - mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties name: {{ include "common.fullname" . }}-realm-conf subPath: realm.properties + {{ if .Values.global.installSidecarSecurity }} + - mountPath: /opt/app/aai-resources/resources/etc/auth/aai_policy.json + name: {{ include "common.fullname" . }}-aai-policy + subPath: aai_policy.json + {{ end }} - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.keyfile name: {{ include "common.fullname" . }}-aaf-certs subPath: org.onap.aai.keyfile @@ -497,7 +643,7 @@ spec: name: {{ include "common.fullname" . }}-aaf-certs subPath: org.onap.aai.p12 - mountPath: /opt/app/aai-resources/resources/aaf/truststoreONAPall.jks - name: {{ include "common.fullname" . }}-aaf-certs + name: aai-common-aai-auth-mount subPath: truststoreONAPall.jks - mountPath: /opt/app/aai-resources/resources/application.properties name: {{ include "common.fullname" . }}-springapp-conf @@ -526,7 +672,7 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} resources: -{{ include "common.resources" . | indent 12 }} +{{ include "common.resources" . }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 8 }} @@ -548,8 +694,92 @@ spec: name: {{ include "common.fullname" . }}-logs - mountPath: /usr/share/filebeat/data name: {{ include "common.fullname" . }}-filebeat + resources: +{{ include "common.resources" . }} + {{ if .Values.global.installSidecarSecurity }} + - name: {{ .Values.global.rproxy.name }} + image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: CONFIG_HOME + value: "/opt/app/rproxy/config" + - name: KEY_STORE_PASSWORD + value: {{ .Values.sidecar.keyStorePassword }} + - name: spring_profiles_active + value: {{ .Values.global.rproxy.activeSpringProfiles }} + volumeMounts: + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/forward-proxy.properties + subPath: forward-proxy.properties + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/primary-service.properties + subPath: primary-service.properties + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/reverse-proxy.properties + subPath: reverse-proxy.properties + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/cadi.properties + subPath: cadi.properties + - name: {{ include "common.fullname" . }}-rproxy-log-config + mountPath: /opt/app/rproxy/config/logback-spring.xml + subPath: logback-spring.xml + - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + mountPath: /opt/app/rproxy/config/auth/uri-authorization.json + subPath: uri-authorization.json + - name: {{ include "common.fullname" . }}-rproxy-auth-config + mountPath: /opt/app/rproxy/config/auth/tomcat_keystore + subPath: tomcat_keystore + - name: {{ include "common.fullname" . }}-rproxy-auth-config + mountPath: /opt/app/rproxy/config/auth/client-cert.p12 + subPath: client-cert.p12 + - name: {{ include "common.fullname" . }}-rproxy-auth-config + mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks + subPath: aaf_truststore.jks + - name: {{ include "common.fullname" . }}-rproxy-security-config + mountPath: /opt/app/rproxy/config/security/keyfile + subPath: keyfile + - name: {{ include "common.fullname" . }}-rproxy-auth-config + mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12 + subPath: org.onap.aai.p12 + ports: + - containerPort: {{ .Values.global.rproxy.port }} + + - name: {{ .Values.global.fproxy.name }} + image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: CONFIG_HOME + value: "/opt/app/fproxy/config" + - name: KEY_STORE_PASSWORD + value: {{ .Values.sidecar.keyStorePassword }} + - name: TRUST_STORE_PASSWORD + value: {{ .Values.sidecar.trustStorePassword }} + - name: spring_profiles_active + value: {{ .Values.global.fproxy.activeSpringProfiles }} + volumeMounts: + - name: {{ include "common.fullname" . }}-fproxy-config + mountPath: /opt/app/fproxy/config/fproxy.properties + subPath: fproxy.properties + - name: {{ include "common.fullname" . }}-fproxy-log-config + mountPath: /opt/app/fproxy/config/logback-spring.xml + subPath: logback-spring.xml + - name: {{ include "common.fullname" . }}-fproxy-auth-config + mountPath: /opt/app/fproxy/config/auth/fproxy_truststore + subPath: fproxy_truststore + - name: {{ include "common.fullname" . }}-fproxy-auth-config + mountPath: /opt/app/fproxy/config/auth/tomcat_keystore + subPath: tomcat_keystore + - name: {{ include "common.fullname" . }}-fproxy-auth-config + mountPath: /opt/app/fproxy/config/auth/client-cert.p12 + subPath: client-cert.p12 + ports: + - containerPort: {{ .Values.global.fproxy.port }} + {{ end }} volumes: + - name: aai-common-aai-auth-mount + secret: + secretName: aai-common-aai-auth - name: localtime hostPath: path: /etc/localtime @@ -589,12 +819,41 @@ spec: name: {{ include "common.fullname" . }}-realm-configmap - name: {{ include "common.fullname" . }}-auth-truststore-sec secret: - secretName: aai-auth-truststore-secret + secretName: aai-common-truststore items: {{ range $job := .Values.global.config.auth.files }} - key: {{ . }} path: {{ . }} {{ end }} + {{ if .Values.global.installSidecarSecurity }} + - name: {{ include "common.fullname" . }}-aai-policy + configMap: + name: {{ include "common.fullname" . }}-aai-policy-configmap + - name: {{ include "common.fullname" . }}-rproxy-config + configMap: + name: {{ include "common.fullname" . }}-rproxy-config + - name: {{ include "common.fullname" . }}-rproxy-log-config + configMap: + name: {{ include "common.fullname" . }}-rproxy-log-config + - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + configMap: + name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + - name: {{ include "common.fullname" . }}-rproxy-auth-config + secret: + secretName: {{ include "common.fullname" . }}-rproxy-auth-config + - name: {{ include "common.fullname" . }}-rproxy-security-config + secret: + secretName: {{ include "common.fullname" . }}-rproxy-security-config + - name: {{ include "common.fullname" . }}-fproxy-config + configMap: + name: {{ include "common.fullname" . }}-fproxy-config + - name: {{ include "common.fullname" . }}-fproxy-log-config + configMap: + name: {{ include "common.fullname" . }}-fproxy-log-config + - name: {{ include "common.fullname" . }}-fproxy-auth-config + secret: + secretName: {{ include "common.fullname" . }}-fproxy-auth-config + {{ end }} restartPolicy: {{ .Values.restartPolicy }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key"