From 4a5c1bdbe1198a88f96d04c00fee9e2cf2ec1a07 Mon Sep 17 00:00:00 2001 From: Andreas Geissler Date: Wed, 1 Mar 2023 11:23:32 +0100 Subject: [PATCH] [HOLMES] Remove AAF dependency and support SM Delete AAF and certificate entries and change Holmes interfaces to HTTP Add readiness checks for the postgres-init-job to avoid missing DB user Issue-ID: OOM-3101 Signed-off-by: Andreas Geissler Change-Id: Id15cfdbcd753d404ccae912dcd0d057f647917e7 --- .../components/holmes-engine-mgmt/Chart.yaml | 2 +- .../resources/config/application.yaml | 5 --- .../resources/config/engine-d.yml | 4 +- .../holmes-engine-mgmt/templates/deployment.yaml | 9 ++-- .../components/holmes-engine-mgmt/values.yaml | 50 +++++---------------- .../holmes/components/holmes-rule-mgmt/Chart.yaml | 2 +- .../resources/config/application.yaml | 5 --- .../holmes-rule-mgmt/resources/config/rulemgt.yml | 4 +- .../holmes-rule-mgmt/templates/deployment.yaml | 9 ++-- .../holmes/components/holmes-rule-mgmt/values.yaml | 52 ++++++---------------- 10 files changed, 41 insertions(+), 101 deletions(-) diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/Chart.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/Chart.yaml index 1aa4726253..5160145d86 100644 --- a/kubernetes/holmes/components/holmes-engine-mgmt/Chart.yaml +++ b/kubernetes/holmes/components/holmes-engine-mgmt/Chart.yaml @@ -27,7 +27,7 @@ dependencies: - name: repositoryGenerator version: ~12.x-0 repository: '@local' - - name: certInitializer + - name: readinessCheck version: ~12.x-0 repository: '@local' - name: serviceAccount diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/application.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/application.yaml index f818dfd3b0..34c4024059 100644 --- a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/application.yaml +++ b/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/application.yaml @@ -2,11 +2,6 @@ server: port: 9102 servlet: context-path: /api/holmes-engine-mgmt/v1 - ssl: - key-store: /opt/onap/conf/holmes.keystore - key-store-password: holmes - #PKCS12 - key-store-type: JKS logging: config: classpath:logback-spring.xml diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml b/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml index 9e62ccf2f7..9a16390856 100644 --- a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml +++ b/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml @@ -19,10 +19,8 @@ server: applicationContextPath: / adminContextPath: /admin connector: - type: https + type: http port: 9102 - keyStorePath: /opt/onap/conf/holmes.keystore - keyStorePassword: holmes validateCerts: false validatePeers: false diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml index dd7bb4552e..9bf6f39f08 100644 --- a/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml +++ b/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml @@ -33,7 +33,10 @@ spec: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: - initContainers: {{- include "common.certInitializer.initContainer" . | nindent 6 }} + initContainers: + {{- if not .Values.global.postgres.localCluster }} + {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} + {{- end }} - name: {{ include "common.name" . }}-env-config image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -64,7 +67,7 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} resources: {{ include "common.resources" . | nindent 10 }} ports: {{ include "common.containerPorts" . | nindent 10 }} - volumeMounts: {{- include "common.certInitializer.volumeMount" . | nindent 8 }} + volumeMounts: - name: {{ include "common.fullname" . }}-env-config mountPath: /opt/hemconfig - name: {{ include "common.fullname" . }}-config @@ -119,7 +122,7 @@ spec: - name: DB_PORT value: "{{ .Values.config.pgConfig.dbPort }}" serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} + volumes: - name: {{ include "common.fullname" . }}-config configMap: defaultMode: 422 diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml index ce3035e5da..d2ad0d4771 100644 --- a/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml +++ b/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml @@ -20,9 +20,11 @@ ################################################################# global: nodePortPrefixExt: 302 - msbProtocol: https + msbProtocol: http msbServiceName: msb-iag - msbPort: 443 + msbPort: 80 + postgres: + localCluster: false ################################################################# # Application configuration defaults. @@ -31,39 +33,6 @@ global: image: onap/holmes/engine-management:11.0.0 consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0 -################################################################# -# AAF part -################################################################# -certInitializer: - nameOverride: holmes-engine-mgmt-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - # aafDeployCredsExternalSecret: some secret - fqdn: holmes-engine-mgmt - fqi: holmes-engine-mgmt@holmes-engine-mgmt.onap.org - fqi_namespace: org.onap.holmes-engine-mgmt - public_fqdn: holmes-engine-mgmt.onap.org - cadi_longitude: "0.0" - cadi_latitude: "0.0" - app_ns: org.osaaf.aaf - credsPath: /opt/app/osaaf/local - aaf_add_config: | - echo "*** changing them into shell safe ones" - export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) - export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) - cd {{ .Values.credsPath }} - keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \ - -storepass "${cadi_keystore_password_p12}" \ - -keystore {{ .Values.fqi_namespace }}.p12 - keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \ - -storepass "${cadi_truststore_password}" \ - -keystore {{ .Values.fqi_namespace }}.trust.jks - echo "*** save the generated passwords" - echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop - echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop - echo "*** change ownership of certificates to targeted user" - chown -R 1000 . - ################################################################# # Secrets metaconfig ################################################################# @@ -95,7 +64,7 @@ service: type: ClusterIP name: holmes-engine-mgmt ports: - - name: https-rest + - name: http-rest port: &svc_port 9102 # probe configuration parameters @@ -103,7 +72,7 @@ liveness: initialDelaySeconds: 10 periodSeconds: 10 path: /api/holmes-engine-mgmt/v1/healthcheck - scheme: HTTPS + scheme: HTTP port: *svc_port enabled: true @@ -111,7 +80,7 @@ readiness: initialDelaySeconds: 30 periodSeconds: 30 path: /api/holmes-engine-mgmt/v1/healthcheck - scheme: HTTPS + scheme: HTTP port: *svc_port # Segregation for Different environment (Small and Large) @@ -132,6 +101,11 @@ resources: memory: 1Gi unlimited: {} +readinessCheck: + wait_for: + jobs: + - '{{ include "common.release" . }}-holmes-postgres-init-config-job' + #Pods Service Account serviceAccount: nameOverride: holmes-engine-mgmt diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/Chart.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/Chart.yaml index 628f5c6828..09b24908e3 100644 --- a/kubernetes/holmes/components/holmes-rule-mgmt/Chart.yaml +++ b/kubernetes/holmes/components/holmes-rule-mgmt/Chart.yaml @@ -27,7 +27,7 @@ dependencies: - name: repositoryGenerator version: ~12.x-0 repository: '@local' - - name: certInitializer + - name: readinessCheck version: ~12.x-0 repository: '@local' - name: serviceAccount diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/application.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/application.yaml index 18cf3b4966..2ff0fa6d52 100644 --- a/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/application.yaml +++ b/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/application.yaml @@ -2,11 +2,6 @@ server: port: 9101 servlet: context-path: /api/holmes-rule-mgmt/v1 - ssl: - key-store: /opt/onap/conf/holmes.keystore - key-store-password: holmes - #PKCS12 - key-store-type: JKS logging: config: classpath:logback-spring.xml diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml b/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml index 89269dede8..3b7218855a 100644 --- a/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml +++ b/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml @@ -13,10 +13,8 @@ server: applicationContextPath: / adminContextPath: /admin connector: - type: https + type: http port: 9101 - keyStorePath: /opt/onap/conf/holmes.keystore - keyStorePassword: holmes validateCerts: false validatePeers: false diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml index 21a96568cb..8b0cd8406a 100644 --- a/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml +++ b/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml @@ -32,7 +32,10 @@ spec: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: - initContainers: {{- include "common.certInitializer.initContainer" . | nindent 6 }} + initContainers: + {{- if not .Values.global.postgres.localCluster }} + {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} + {{- end }} - name: {{ include "common.name" . }}-env-config image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -62,7 +65,7 @@ spec: image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: {{ include "common.containerPorts" . | nindent 8 }} - volumeMounts: {{- include "common.certInitializer.volumeMount" . | nindent 8 }} + volumeMounts: - name: {{ include "common.fullname" . }}-env-config mountPath: /opt/hrmconfig - name: {{ include "common.fullname" . }}-rule-config @@ -117,7 +120,7 @@ spec: - name: DB_PORT value: "{{ .Values.config.pgConfig.dbPort }}" serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} + volumes: - name: {{ include "common.fullname" . }}-general-config configMap: defaultMode: 422 diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml index bd84c249c9..0a2552719f 100644 --- a/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml +++ b/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml @@ -20,9 +20,11 @@ ################################################################# global: nodePortPrefixExt: 302 - msbProtocol: https + msbProtocol: http msbServiceName: msb-iag - msbPort: 443 + msbPort: 80 + postgres: + localCluster: false ################################################################# # Application configuration defaults. @@ -31,39 +33,6 @@ global: image: onap/holmes/rule-management:11.0.0 consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0 -################################################################# -# AAF part -################################################################# -certInitializer: - nameOverride: holmes-rule-mgmt-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - # aafDeployCredsExternalSecret: some secret - fqdn: holmes-rule-mgmt - fqi: holmes-rule-mgmt@holmes-rule-mgmt.onap.org - fqi_namespace: org.onap.holmes-rule-mgmt - public_fqdn: holmes-rule-mgmt.onap.org - cadi_longitude: "0.0" - cadi_latitude: "0.0" - app_ns: org.osaaf.aaf - credsPath: /opt/app/osaaf/local - aaf_add_config: | - echo "*** changing them into shell safe ones" - export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) - export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) - cd {{ .Values.credsPath }} - keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \ - -storepass "${cadi_keystore_password_p12}" \ - -keystore {{ .Values.fqi_namespace }}.p12 - keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \ - -storepass "${cadi_truststore_password}" \ - -keystore {{ .Values.fqi_namespace }}.trust.jks - echo "*** save the generated passwords" - echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop - echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop - echo "*** change ownership of certificates to targeted user" - chown -R 1000 . - ################################################################# # Secrets metaconfig ################################################################# @@ -95,10 +64,10 @@ service: type: NodePort name: holmes-rule-mgmt ports: - - name: https-rest + - name: http-rest port: &svc_port 9101 nodePort: 92 - - name: https-ui + - name: http-ui port: 9104 nodePort: 93 @@ -109,14 +78,14 @@ liveness: periodSeconds: 10 path: /api/holmes-rule-mgmt/v1/healthcheck enabled: true - scheme: HTTPS + scheme: HTTP readiness: initialDelaySeconds: 30 port: *svc_port periodSeconds: 30 path: /api/holmes-rule-mgmt/v1/healthcheck - scheme: HTTPS + scheme: HTTP # Segregation for Different environment (Small and Large) resources: @@ -136,6 +105,11 @@ resources: memory: 512Mi unlimited: {} +readinessCheck: + wait_for: + jobs: + - '{{ include "common.release" . }}-holmes-postgres-init-config-job' + #Pods Service Account serviceAccount: nameOverride: holmes-rule-mgmt -- 2.16.6