From b88c703ff7a3802bce508408e443f9d598527207 Mon Sep 17 00:00:00 2001 From: Fiete Ostkamp Date: Wed, 13 Aug 2025 10:44:36 +0200 Subject: [PATCH] [PORTALNG] 14.1.0 release - fix missing roles in the keycloak userinfo response - change bff client authentication flow to service account to resolve exception for user management - update bff image (0.1.2 -> 0.2.0) - update preferences image (0.2.1 -> 0.3.0) - update history image (0.2.1 -> 0.3.0) - adjust COLLECTOR_HOST env variable to include a http:// prefix - introduce startup probes to allow pods to come up as early as possible (instead of waiting 20 to 30 seconds depending on the initialDelaySeconds) Issue-ID: PORTALNG-157 Change-Id: Ia0b773c37f44cb76d25f8fa214e040125805bf13 Signed-off-by: Fiete Ostkamp --- .../infra_guides/oom_infra_optional_addons.rst | 2 +- kubernetes/authentication/values.yaml | 7 +++++-- kubernetes/portal-ng/Chart.yaml | 2 +- .../portal-ng/components/portal-ng-bff/Chart.yaml | 4 ++-- .../portal-ng-bff/templates/deployment.yaml | 14 +++++++++----- .../portal-ng/components/portal-ng-bff/values.yaml | 16 ++++++++++------ .../components/portal-ng-history/Chart.yaml | 4 ++-- .../portal-ng-history/templates/deployment.yaml | 8 ++++++-- .../components/portal-ng-history/values.yaml | 20 +++++++++++++++----- .../components/portal-ng-preferences/Chart.yaml | 4 ++-- .../portal-ng-preferences/templates/deployment.yaml | 8 ++++++-- .../components/portal-ng-preferences/values.yaml | 20 +++++++++++++++----- .../portal-ng-ui/templates/deployment.yaml | 12 ++++++++---- .../portal-ng/components/portal-ng-ui/values.yaml | 14 ++++++++++++-- 14 files changed, 94 insertions(+), 41 deletions(-) diff --git a/docs/sections/guides/infra_guides/oom_infra_optional_addons.rst b/docs/sections/guides/infra_guides/oom_infra_optional_addons.rst index ce623f3d14..78dfb2974a 100644 --- a/docs/sections/guides/infra_guides/oom_infra_optional_addons.rst +++ b/docs/sections/guides/infra_guides/oom_infra_optional_addons.rst @@ -8,7 +8,7 @@ .. _ONAP Next Generation Security & Logging Architecture: https://lf-onap.atlassian.net/wiki/x/bVn7 .. _Istio setup guide: https://istio.io/latest/docs/setup/install/helm/ .. _Kiali setup guide: https://kiali.io/docs/installation/installation-guide/example-install/ -.. _Kserve setup guide: https://kserve.github.io/website/0.10/admin/kubernetes_deployment/ +.. _Kserve setup guide: https://kserve.github.io/website/docs/admin-guide/kubernetes-deployment .. _K8ssandra setup guide: https://docs.k8ssandra.io/install/ .. _Mariadb-Operator setup guide: https://github.com/mariadb-operator/mariadb-operator .. _Postgres-Operator setup guide: https://github.com/CrunchyData/postgres-operator diff --git a/kubernetes/authentication/values.yaml b/kubernetes/authentication/values.yaml index f6d3c08442..bc04f6a7cd 100644 --- a/kubernetes/authentication/values.yaml +++ b/kubernetes/authentication/values.yaml @@ -293,6 +293,7 @@ realmSettings: claim.name: "sdc_user" jsonType.label: "String" additionalDefaultScopes: + - "basic" - "onap_roles" portal_app: clientId: "portal-app" @@ -307,7 +308,7 @@ realmSettings: post.logout.redirect.uris: 'https://{{ include "ingress.config.host" (dict "dot" . "baseaddr" "portal-ng-ui") }}/*' protocolMappers: - name: "User-Roles" - protocolMapper: "oidc-usermodel-attribute-mapper" + protocolMapper: "oidc-usermodel-realm-role-mapper" config: userinfo.token.claim: "true" id.token.claim: "true" @@ -325,8 +326,10 @@ realmSettings: jsonType.label: "String" portal_bff: clientId: "portal-bff" - protocol: openid-connect secret : pKOuVH1bwRZoNzp5P5t4GV8CqcCJYVtr + standardFlowEnabled: "false" + directAccessGrantsEnabled: "false" + serviceAccountsEnabled: "true" protocolMappers: - name: "Client Host" protocolMapper: "oidc-usersessionmodel-note-mapper" diff --git a/kubernetes/portal-ng/Chart.yaml b/kubernetes/portal-ng/Chart.yaml index 649b1cd790..17c1025e96 100644 --- a/kubernetes/portal-ng/Chart.yaml +++ b/kubernetes/portal-ng/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v2 description: ONAP Next Generation Portal name: portal-ng -version: 14.0.0 +version: 14.1.0 dependencies: - name: common diff --git a/kubernetes/portal-ng/components/portal-ng-bff/Chart.yaml b/kubernetes/portal-ng/components/portal-ng-bff/Chart.yaml index 457e5fbeae..4121ccaee7 100644 --- a/kubernetes/portal-ng/components/portal-ng-bff/Chart.yaml +++ b/kubernetes/portal-ng/components/portal-ng-bff/Chart.yaml @@ -29,12 +29,12 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 13.0.1 +version: 13.1.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: 0.1.2 +appVersion: 0.2.0 dependencies: - name: common diff --git a/kubernetes/portal-ng/components/portal-ng-bff/templates/deployment.yaml b/kubernetes/portal-ng/components/portal-ng-bff/templates/deployment.yaml index 7d521cf1cb..dffd7e2388 100644 --- a/kubernetes/portal-ng/components/portal-ng-bff/templates/deployment.yaml +++ b/kubernetes/portal-ng/components/portal-ng-bff/templates/deployment.yaml @@ -27,16 +27,20 @@ spec: - name: http containerPort: {{ .Values.service.port }} protocol: TCP - readinessProbe: + startupProbe: httpGet: - path: /actuator/health/readiness + path: /actuator/health/liveness port: {{ .Values.service.port }} - initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }} - failureThreshold: {{ .Values.probes.readiness.failureThreshold }} + failureThreshold: {{ .Values.probes.startup.failureThreshold }} + periodSeconds: {{ .Values.probes.startup.periodSeconds }} livenessProbe: httpGet: path: /actuator/health/liveness port: {{ .Values.service.port }} - initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }} failureThreshold: {{ .Values.probes.liveness.failureThreshold }} + readinessProbe: + httpGet: + path: /actuator/health/readiness + port: {{ .Values.service.port }} + failureThreshold: {{ .Values.probes.readiness.failureThreshold }} resources: {{ include "common.resources" . | nindent 12 }} diff --git a/kubernetes/portal-ng/components/portal-ng-bff/values.yaml b/kubernetes/portal-ng/components/portal-ng-bff/values.yaml index 90ac470abe..439592c72c 100644 --- a/kubernetes/portal-ng/components/portal-ng-bff/values.yaml +++ b/kubernetes/portal-ng/components/portal-ng-bff/values.yaml @@ -2,7 +2,7 @@ global: env: KEYCLOAK_URL: http://keycloak-http.keycloak KEYCLOAK_REALM: onap - COLLECTOR_HOST: jaeger-collector.istio-config + COLLECTOR_HOST: http://jaeger-collector.istio-config COLLECTOR_PORT: 9411 ## Default values for portal-ng-bff. @@ -77,16 +77,20 @@ resources: ## Readiness and liveness probes ## probes: - # Configuration of the readiness probe to check if the container is ready. + # Configuration of the startup probe that + # runs before readiness and liveness probe. + startup: + ## Number of consecutive failures allowed before marking probe as failed. + failureThreshold: 90 + ## check interval of probe. + periodSeconds: 1 + # Configuration of the readiness probe to check + # if the container is ready to accept traffic. readiness: - ## Wait before performing the first probe - initialDelaySeconds: 20 ## Number of consecutive failures allowed before marking probe as failed. failureThreshold: 4 # Configuration of the liveness probe to check if the container is alive. liveness: - ## Wait before performing the first probe - initialDelaySeconds: 20 ## Number of consecutive failures allowed before marking probe as failed. failureThreshold: 4 diff --git a/kubernetes/portal-ng/components/portal-ng-history/Chart.yaml b/kubernetes/portal-ng/components/portal-ng-history/Chart.yaml index bd9a531333..0e98168113 100644 --- a/kubernetes/portal-ng/components/portal-ng-history/Chart.yaml +++ b/kubernetes/portal-ng/components/portal-ng-history/Chart.yaml @@ -29,12 +29,12 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 14.0.0 +version: 14.1.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: 0.2.1 +appVersion: 0.3.0 dependencies: - name: common diff --git a/kubernetes/portal-ng/components/portal-ng-history/templates/deployment.yaml b/kubernetes/portal-ng/components/portal-ng-history/templates/deployment.yaml index 9f41df54e4..2989158f59 100644 --- a/kubernetes/portal-ng/components/portal-ng-history/templates/deployment.yaml +++ b/kubernetes/portal-ng/components/portal-ng-history/templates/deployment.yaml @@ -48,16 +48,20 @@ spec: - configMapRef: name: {{ include "common.fullname" . }}-configmap ports: {{ include "common.containerPorts" . | nindent 12 }} + startupProbe: + httpGet: + path: /actuator/health/liveness + port: {{ .Values.service.port }} + failureThreshold: {{ .Values.probes.startup.failureThreshold }} + periodSeconds: {{ .Values.probes.startup.periodSeconds }} livenessProbe: httpGet: path: /actuator/health/liveness port: {{ .Values.service.port }} - initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }} failureThreshold: {{ .Values.probes.liveness.failureThreshold }} readinessProbe: httpGet: path: /actuator/health/readiness port: {{ .Values.service.port }} - initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }} failureThreshold: {{ .Values.probes.readiness.failureThreshold }} resources: {{ include "common.resources" . | nindent 12 }} diff --git a/kubernetes/portal-ng/components/portal-ng-history/values.yaml b/kubernetes/portal-ng/components/portal-ng-history/values.yaml index af99e188c9..1169cf68b0 100644 --- a/kubernetes/portal-ng/components/portal-ng-history/values.yaml +++ b/kubernetes/portal-ng/components/portal-ng-history/values.yaml @@ -2,7 +2,7 @@ global: env: KEYCLOAK_URL: http://keycloak-http.keycloak KEYCLOAK_REALM: onap - COLLECTOR_HOST: jaeger-collector.istio-config + COLLECTOR_HOST: http://jaeger-collector.istio-config COLLECTOR_PORT: 9411 #Service Names of the postgres db to connect to. postgres: @@ -82,12 +82,22 @@ autoscaling: targetCPUUtilizationPercentage: 80 probes: + # Configuration of the startup probe that + # runs before readiness and liveness probe. + startup: + ## Number of consecutive failures allowed before marking probe as failed. + failureThreshold: 90 + ## check interval of probe. + periodSeconds: 1 + # Configuration of the readiness probe to check + # if the container is ready to accept traffic. readiness: - initialDelaySeconds: 30 - failureThreshold: 5 + ## Number of consecutive failures allowed before marking probe as failed. + failureThreshold: 4 + # Configuration of the liveness probe to check if the container is alive. liveness: - initialDelaySeconds: 30 - failureThreshold: 5 + ## Number of consecutive failures allowed before marking probe as failed. + failureThreshold: 4 env: TRACING_ENABLED: true diff --git a/kubernetes/portal-ng/components/portal-ng-preferences/Chart.yaml b/kubernetes/portal-ng/components/portal-ng-preferences/Chart.yaml index 9afd8591d4..6102c00363 100644 --- a/kubernetes/portal-ng/components/portal-ng-preferences/Chart.yaml +++ b/kubernetes/portal-ng/components/portal-ng-preferences/Chart.yaml @@ -29,12 +29,12 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 14.0.0 +version: 14.1.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: 0.2.1 +appVersion: 0.3.0 dependencies: - name: common diff --git a/kubernetes/portal-ng/components/portal-ng-preferences/templates/deployment.yaml b/kubernetes/portal-ng/components/portal-ng-preferences/templates/deployment.yaml index 3ce98fee41..3e56a7d3a4 100644 --- a/kubernetes/portal-ng/components/portal-ng-preferences/templates/deployment.yaml +++ b/kubernetes/portal-ng/components/portal-ng-preferences/templates/deployment.yaml @@ -48,16 +48,20 @@ spec: - configMapRef: name: {{ include "common.fullname" . }}-configmap ports: {{ include "common.containerPorts" . | nindent 12 }} + startupProbe: + httpGet: + path: /actuator/health/liveness + port: {{ .Values.service.port }} + failureThreshold: {{ .Values.probes.startup.failureThreshold }} + periodSeconds: {{ .Values.probes.startup.periodSeconds }} livenessProbe: httpGet: path: /actuator/health/liveness port: {{ .Values.service.port }} - initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }} failureThreshold: {{ .Values.probes.liveness.failureThreshold }} readinessProbe: httpGet: path: /actuator/health/readiness port: {{ .Values.service.port }} - initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }} failureThreshold: {{ .Values.probes.readiness.failureThreshold }} resources: {{ include "common.resources" . | nindent 12 }} diff --git a/kubernetes/portal-ng/components/portal-ng-preferences/values.yaml b/kubernetes/portal-ng/components/portal-ng-preferences/values.yaml index a008091412..3d7cbb7dd1 100644 --- a/kubernetes/portal-ng/components/portal-ng-preferences/values.yaml +++ b/kubernetes/portal-ng/components/portal-ng-preferences/values.yaml @@ -2,7 +2,7 @@ global: env: KEYCLOAK_URL: http://keycloak-http.keycloak KEYCLOAK_REALM: onap - COLLECTOR_HOST: jaeger-collector.istio-config + COLLECTOR_HOST: http://jaeger-collector.istio-config COLLECTOR_PORT: 9411 #Service Names of the postgres db to connect to. postgres: @@ -83,12 +83,22 @@ autoscaling: targetCPUUtilizationPercentage: 80 probes: + # Configuration of the startup probe that + # runs before readiness and liveness probe. + startup: + ## Number of consecutive failures allowed before marking probe as failed. + failureThreshold: 90 + ## check interval of probe. + periodSeconds: 1 + # Configuration of the readiness probe to check + # if the container is ready to accept traffic. readiness: - initialDelaySeconds: 30 - failureThreshold: 5 + ## Number of consecutive failures allowed before marking probe as failed. + failureThreshold: 4 + # Configuration of the liveness probe to check if the container is alive. liveness: - initialDelaySeconds: 30 - failureThreshold: 5 + ## Number of consecutive failures allowed before marking probe as failed. + failureThreshold: 4 env: TRACING_ENABLED: true diff --git a/kubernetes/portal-ng/components/portal-ng-ui/templates/deployment.yaml b/kubernetes/portal-ng/components/portal-ng-ui/templates/deployment.yaml index e9562bc302..926ae53aae 100644 --- a/kubernetes/portal-ng/components/portal-ng-ui/templates/deployment.yaml +++ b/kubernetes/portal-ng/components/portal-ng-ui/templates/deployment.yaml @@ -38,17 +38,21 @@ spec: - configMapRef: name: {{ include "common.fullname" . }}-configmap ports: {{ include "common.containerPorts" . | nindent 12 }} + startupProbe: + httpGet: + path: / + port: {{ .Values.service.internalPort }} + failureThreshold: {{ .Values.probes.startup.failureThreshold }} + periodSeconds: {{ .Values.probes.startup.periodSeconds }} livenessProbe: httpGet: path: / - port: {{ .Values.service.internalPort}} - initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }} + port: {{ .Values.service.internalPort }} failureThreshold: {{ .Values.probes.liveness.failureThreshold }} readinessProbe: httpGet: path: / - port: {{ .Values.service.internalPort}} - initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }} + port: {{ .Values.service.internalPort }} failureThreshold: {{ .Values.probes.readiness.failureThreshold }} volumeMounts: - name: tiles-icons diff --git a/kubernetes/portal-ng/components/portal-ng-ui/values.yaml b/kubernetes/portal-ng/components/portal-ng-ui/values.yaml index f806c4c928..b1d64f45e5 100644 --- a/kubernetes/portal-ng/components/portal-ng-ui/values.yaml +++ b/kubernetes/portal-ng/components/portal-ng-ui/values.yaml @@ -88,11 +88,21 @@ autoscaling: targetCPUUtilizationPercentage: 80 probes: + # Configuration of the startup probe that + # runs before readiness and liveness probe. + startup: + ## Number of consecutive failures allowed before marking probe as failed. + failureThreshold: 90 + ## check interval of probe. + periodSeconds: 1 + # Configuration of the readiness probe to check + # if the container is ready to accept traffic. readiness: - initialDelaySeconds: 20 + ## Number of consecutive failures allowed before marking probe as failed. failureThreshold: 4 + # Configuration of the liveness probe to check if the container is alive. liveness: - initialDelaySeconds: 20 + ## Number of consecutive failures allowed before marking probe as failed. failureThreshold: 4 nodeSelector: {} -- 2.16.6