X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Faai%2Fcharts%2Faai-resources%2Ftemplates%2Fdeployment.yaml;h=f6f8039835893c3b40b237236e6369ad4b3b6079;hb=32836876a5b2c54fb0a2492f0cc61a344ea0e58e;hp=c6bb14c4a221d2d3f290e51184280622026ecb3e;hpb=adec0ca4af857e52d689faae9520547d9ad26d73;p=oom.git diff --git a/kubernetes/aai/charts/aai-resources/templates/deployment.yaml b/kubernetes/aai/charts/aai-resources/templates/deployment.yaml index c6bb14c4a2..0a46c48717 100644 --- a/kubernetes/aai/charts/aai-resources/templates/deployment.yaml +++ b/kubernetes/aai/charts/aai-resources/templates/deployment.yaml @@ -1,4 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -69,6 +70,17 @@ spec: "visualRange": "1", "path": "/aai/v13/cloud-infrastructure" }, + { + "serviceName": "_aai-cloudInfrastructure", + "version": "v14", + "url": "/aai/v14/cloud-infrastructure", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v14/cloud-infrastructure" + }, { "serviceName": "_aai-business", "version": "v11", @@ -102,6 +114,17 @@ spec: "visualRange": "1", "path": "/aai/v13/business" }, + { + "serviceName": "_aai-business", + "version": "v14", + "url": "/aai/v14/business", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v14/business" + }, { "serviceName": "_aai-actions", "version": "v11", @@ -135,6 +158,17 @@ spec: "visualRange": "1", "path": "/aai/v13/actions" }, + { + "serviceName": "_aai-actions", + "version": "v14", + "url": "/aai/v14/actions", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v14/actions" + }, { "serviceName": "_aai-service-design-and-creation", "version": "v11", @@ -168,6 +202,17 @@ spec: "visualRange": "1", "path": "/aai/v13/service-design-and-creation" }, + { + "serviceName": "_aai-service-design-and-creation", + "version": "v14", + "url": "/aai/v14/service-design-and-creation", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v14/service-design-and-creation" + }, { "serviceName": "_aai-network", "version": "v11", @@ -201,6 +246,17 @@ spec: "visualRange": "1", "path": "/aai/v13/network" }, + { + "serviceName": "_aai-network", + "version": "v14", + "url": "/aai/v14/network", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v14/network" + }, { "serviceName": "_aai-externalSystem", "version": "v11", @@ -211,7 +267,7 @@ spec: "lb_policy":"ip_hash", "visualRange": "1", "path": "/aai/v11/external-system" - }, + }, { "serviceName": "_aai-externalSystem", "version": "v12", @@ -222,7 +278,7 @@ spec: "lb_policy":"ip_hash", "visualRange": "1", "path": "/aai/v12/external-system" - }, + }, { "serviceName": "_aai-externalSystem", "version": "v13", @@ -234,6 +290,17 @@ spec: "visualRange": "1", "path": "/aai/v13/external-system" }, + { + "serviceName": "_aai-externalSystem", + "version": "v14", + "url": "/aai/v14/external-system", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v14/external-system" + }, { "serviceName": "aai-cloudInfrastructure", "version": "v11", @@ -264,6 +331,16 @@ spec: "lb_policy":"ip_hash", "visualRange": "1" }, + { + "serviceName": "aai-cloudInfrastructure", + "version": "v14", + "url": "/aai/v14/cloud-infrastructure", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, { "serviceName": "aai-business", "version": "v11", @@ -294,6 +371,16 @@ spec: "lb_policy":"ip_hash", "visualRange": "1" }, + { + "serviceName": "aai-business", + "version": "v14", + "url": "/aai/v14/business", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, { "serviceName": "aai-actions", "version": "v11", @@ -324,6 +411,16 @@ spec: "lb_policy":"ip_hash", "visualRange": "1" }, + { + "serviceName": "aai-actions", + "version": "v14", + "url": "/aai/v14/actions", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, { "serviceName": "aai-service-design-and-creation", "version": "v11", @@ -354,6 +451,16 @@ spec: "lb_policy":"ip_hash", "visualRange": "1" }, + { + "serviceName": "aai-service-design-and-creation", + "version": "v14", + "url": "/aai/v14/service-design-and-creation", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, { "serviceName": "aai-network", "version": "v11", @@ -384,6 +491,16 @@ spec: "lb_policy":"ip_hash", "visualRange": "1" }, + { + "serviceName": "aai-network", + "version": "v14", + "url": "/aai/v14/network", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, { "serviceName": "aai-externalSystem", "version": "v11", @@ -393,7 +510,7 @@ spec: "enable_ssl": true, "lb_policy":"ip_hash", "visualRange": "1" - }, + }, { "serviceName": "aai-externalSystem", "version": "v12", @@ -403,7 +520,7 @@ spec: "enable_ssl": true, "lb_policy":"ip_hash", "visualRange": "1" - }, + }, { "serviceName": "aai-externalSystem", "version": "v13", @@ -413,16 +530,42 @@ spec: "enable_ssl": true, "lb_policy":"ip_hash", "visualRange": "1" + }, + { + "serviceName": "aai-externalSystem", + "version": "v14", + "url": "/aai/v14/external-system", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" } ]' spec: hostname: aai-resources + {{ if .Values.global.initContainers.enabled }} + {{ if .Values.global.installSidecarSecurity }} + hostAliases: + - ip: {{ .Values.global.aaf.serverIp }} + hostnames: + - {{ .Values.global.aaf.serverHostname }} + {{ end }} initContainers: - command: + {{ if .Values.global.jobs.createSchema.enabled }} + - /root/job_complete.py + args: + - --job-name + - {{ .Release.Name }}-aai-graphadmin-create-db-schema + {{ else }} - /root/ready.py args: - --container-name - aai-cassandra + - --container-name + - aai-schema-service + {{ end }} env: - name: NAMESPACE valueFrom: @@ -432,15 +575,23 @@ spec: image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness + {{ if .Values.global.installSidecarSecurity }} + - name: {{ .Values.global.tproxyConfig.name }} + image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + securityContext: + privileged: true + {{ end }} + {{ end }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: LOCAL_USER_ID - value: {{ .Values.config.userId | quote }} + value: {{ .Values.global.config.userId | quote }} - name: LOCAL_GROUP_ID - value: {{ .Values.config.groupId | quote }} + value: {{ .Values.global.config.groupId | quote }} volumeMounts: - mountPath: /etc/localtime name: localtime @@ -462,12 +613,47 @@ spec: - mountPath: /opt/app/aai-resources/resources/localhost-access-logback.xml name: {{ include "common.fullname" . }}-localhost-access-log-conf subPath: localhost-access-logback.xml + - mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties + name: {{ include "common.fullname" . }}-realm-conf + subPath: realm.properties + {{ if .Values.global.installSidecarSecurity }} + - mountPath: /opt/app/aai-resources/resources/etc/auth/aai_policy.json + name: {{ include "common.fullname" . }}-aai-policy + subPath: aai_policy.json + {{ end }} + - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.keyfile + name: {{ include "common.fullname" . }}-aaf-certs + subPath: org.onap.aai.keyfile + - mountPath: /opt/app/aai-resources/resources/aaf/bath_config.csv + name: {{ include "common.fullname" . }}-aaf-certs + subPath: bath_config.csv + - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.props + name: {{ include "common.fullname" . }}-aaf-properties + subPath: org.onap.aai.props + - mountPath: /opt/app/aai-resources/resources/aaf/org.osaaf.location.props + name: {{ include "common.fullname" . }}-aaf-properties + subPath: org.osaaf.location.props + - mountPath: /opt/app/aai-resources/resources/aaf/permissions.properties + name: {{ include "common.fullname" . }}-aaf-properties + subPath: permissions.properties + - mountPath: /opt/app/aai-resources/resources/cadi.properties + name: {{ include "common.fullname" . }}-aaf-properties + subPath: cadi.properties + - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.p12 + name: {{ include "common.fullname" . }}-aaf-certs + subPath: org.onap.aai.p12 + - mountPath: /opt/app/aai-resources/resources/aaf/truststoreONAPall.jks + name: aai-common-aai-auth-mount + subPath: truststoreONAPall.jks - mountPath: /opt/app/aai-resources/resources/application.properties name: {{ include "common.fullname" . }}-springapp-conf subPath: application.properties - - mountPath: /opt/app/aai-resources/resources/etc/auth/aai_keystore - name: {{ include "common.fullname" . }}-auth-sec - subPath: aai_keystore + {{ $global := . }} + {{ range $job := .Values.global.config.auth.files }} + - mountPath: /opt/app/aai-resources/resources/etc/auth/{{ . }} + name: {{ include "common.fullname" $global }}-auth-truststore-sec + subPath: {{ . }} + {{ end }} ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.internalPort2 }} @@ -486,7 +672,7 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} resources: -{{ toYaml .Values.resources | indent 10 }} +{{ include "common.resources" . }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 8 }} @@ -508,8 +694,92 @@ spec: name: {{ include "common.fullname" . }}-logs - mountPath: /usr/share/filebeat/data name: {{ include "common.fullname" . }}-filebeat + resources: +{{ include "common.resources" . }} + {{ if .Values.global.installSidecarSecurity }} + - name: {{ .Values.global.rproxy.name }} + image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: CONFIG_HOME + value: "/opt/app/rproxy/config" + - name: KEY_STORE_PASSWORD + value: {{ .Values.sidecar.keyStorePassword }} + - name: spring_profiles_active + value: {{ .Values.global.rproxy.activeSpringProfiles }} + volumeMounts: + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/forward-proxy.properties + subPath: forward-proxy.properties + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/primary-service.properties + subPath: primary-service.properties + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/reverse-proxy.properties + subPath: reverse-proxy.properties + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/cadi.properties + subPath: cadi.properties + - name: {{ include "common.fullname" . }}-rproxy-log-config + mountPath: /opt/app/rproxy/config/logback-spring.xml + subPath: logback-spring.xml + - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + mountPath: /opt/app/rproxy/config/auth/uri-authorization.json + subPath: uri-authorization.json + - name: {{ include "common.fullname" . }}-rproxy-auth-config + mountPath: /opt/app/rproxy/config/auth/tomcat_keystore + subPath: tomcat_keystore + - name: {{ include "common.fullname" . }}-rproxy-auth-config + mountPath: /opt/app/rproxy/config/auth/client-cert.p12 + subPath: client-cert.p12 + - name: {{ include "common.fullname" . }}-rproxy-auth-config + mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks + subPath: aaf_truststore.jks + - name: {{ include "common.fullname" . }}-rproxy-security-config + mountPath: /opt/app/rproxy/config/security/keyfile + subPath: keyfile + - name: {{ include "common.fullname" . }}-rproxy-auth-config + mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12 + subPath: org.onap.aai.p12 + ports: + - containerPort: {{ .Values.global.rproxy.port }} + + - name: {{ .Values.global.fproxy.name }} + image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: CONFIG_HOME + value: "/opt/app/fproxy/config" + - name: KEY_STORE_PASSWORD + value: {{ .Values.sidecar.keyStorePassword }} + - name: TRUST_STORE_PASSWORD + value: {{ .Values.sidecar.trustStorePassword }} + - name: spring_profiles_active + value: {{ .Values.global.fproxy.activeSpringProfiles }} + volumeMounts: + - name: {{ include "common.fullname" . }}-fproxy-config + mountPath: /opt/app/fproxy/config/fproxy.properties + subPath: fproxy.properties + - name: {{ include "common.fullname" . }}-fproxy-log-config + mountPath: /opt/app/fproxy/config/logback-spring.xml + subPath: logback-spring.xml + - name: {{ include "common.fullname" . }}-fproxy-auth-config + mountPath: /opt/app/fproxy/config/auth/fproxy_truststore + subPath: fproxy_truststore + - name: {{ include "common.fullname" . }}-fproxy-auth-config + mountPath: /opt/app/fproxy/config/auth/tomcat_keystore + subPath: tomcat_keystore + - name: {{ include "common.fullname" . }}-fproxy-auth-config + mountPath: /opt/app/fproxy/config/auth/client-cert.p12 + subPath: client-cert.p12 + ports: + - containerPort: {{ .Values.global.fproxy.port }} + {{ end }} volumes: + - name: aai-common-aai-auth-mount + secret: + secretName: aai-common-aai-auth - name: localtime hostPath: path: /etc/localtime @@ -535,15 +805,55 @@ spec: - name: {{ include "common.fullname" . }}-aaiconfig-conf configMap: name: {{ include "common.fullname" . }}-aaiconfig-configmap + - name: {{ include "common.fullname" . }}-aaf-properties + configMap: + name: {{ include "common.fullname" . }}-aaf-props + - name: {{ include "common.fullname" . }}-aaf-certs + secret: + secretName: {{ include "common.fullname" . }}-aaf-keys - name: {{ include "common.fullname" . }}-springapp-conf configMap: name: {{ include "common.fullname" . }}-springapp-configmap - name: {{ include "common.fullname" . }}-realm-conf configMap: name: {{ include "common.fullname" . }}-realm-configmap - - name: {{ include "common.fullname" . }}-auth-sec + - name: {{ include "common.fullname" . }}-auth-truststore-sec + secret: + secretName: aai-common-truststore + items: + {{ range $job := .Values.global.config.auth.files }} + - key: {{ . }} + path: {{ . }} + {{ end }} + {{ if .Values.global.installSidecarSecurity }} + - name: {{ include "common.fullname" . }}-aai-policy + configMap: + name: {{ include "common.fullname" . }}-aai-policy-configmap + - name: {{ include "common.fullname" . }}-rproxy-config + configMap: + name: {{ include "common.fullname" . }}-rproxy-config + - name: {{ include "common.fullname" . }}-rproxy-log-config + configMap: + name: {{ include "common.fullname" . }}-rproxy-log-config + - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + configMap: + name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + - name: {{ include "common.fullname" . }}-rproxy-auth-config + secret: + secretName: {{ include "common.fullname" . }}-rproxy-auth-config + - name: {{ include "common.fullname" . }}-rproxy-security-config + secret: + secretName: {{ include "common.fullname" . }}-rproxy-security-config + - name: {{ include "common.fullname" . }}-fproxy-config + configMap: + name: {{ include "common.fullname" . }}-fproxy-config + - name: {{ include "common.fullname" . }}-fproxy-log-config + configMap: + name: {{ include "common.fullname" . }}-fproxy-log-config + - name: {{ include "common.fullname" . }}-fproxy-auth-config secret: - secretName: aai-auth-secret + secretName: {{ include "common.fullname" . }}-fproxy-auth-config + {{ end }} restartPolicy: {{ .Values.restartPolicy }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key"