[NBI] Cleanup the charts regarding AAF/TLS removal

author Andreas Geissler <andreas-geissler@telekom.de>

Mon, 20 Mar 2023 14:24:36 +0000 (15:24 +0100)

committer Andreas Geissler <andreas-geissler@telekom.de>

Mon, 20 Mar 2023 14:26:49 +0000 (15:26 +0100)
author Andreas Geissler <andreas-geissler@telekom.de>
Mon, 20 Mar 2023 14:24:36 +0000 (15:24 +0100)
committer Andreas Geissler <andreas-geissler@telekom.de>
Mon, 20 Mar 2023 14:26:49 +0000 (15:26 +0100)
diff --git a/kubernetes/nbi/Chart.yaml b/kubernetes/nbi/Chart.yaml

index ee1e330..5f27787 100644 (file)
--- a/kubernetes/nbi/Chart.yaml
+++ b/kubernetes/nbi/Chart.yaml
@@ -26,9 +26,6 @@ dependencies:
      # a part of this chart's package and will not
      # be published independently to a repo (at this point)
      repository: '@local'
-  - name: certInitializer
-    version: ~12.x-0
-    repository: '@local'
    - name: mongo
      version: ~12.x-0
      repository: '@local'
diff --git a/kubernetes/nbi/templates/deployment.yaml b/kubernetes/nbi/templates/deployment.yaml

index 9bab15f..fcb9b6e 100644 (file)
--- a/kubernetes/nbi/templates/deployment.yaml
+++ b/kubernetes/nbi/templates/deployment.yaml
@@ -25,9 +25,6 @@ spec:
    template:
      metadata: {{- include "common.templateMetadata" . | nindent 6 }}
      spec:
-{{- if .Values.global.aafEnabled }}
-      initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
-{{- end }}
        containers:
          - name: {{ include "common.name" . }}
            image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
@@ -35,36 +32,20 @@ spec:
            ports: {{ include "common.containerPorts" . | nindent 12 }}
            # disable liveness probe when breakpoints set in debugger
            # so K8s doesn't restart unresponsive container
-          {{- if .Values.global.aafEnabled }}
-          command:
-          - sh
-          args:
-          - -c
-          - |
-            export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
-            export JAVA_OPTS="-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \
-              -Dserver.ssl.key-store={{ .Values.certInitializer.credsPath }}/org.onap.nbi.p12 \
-              -Dserver.ssl.key-store-type=PKCS12 \
-              -Djavax.net.ssl.trustStore={{ .Values.certInitializer.credsPath }}/org.onap.nbi.trust.jks \
-              -Dserver.ssl.key-store-password=$cadi_keystore_password_p12  \
-              -Djavax.net.ssl.trustStoreType=jks\
-              -Djava.security.egd=file:/dev/./urandom -Dserver.port=8443"
-            exec java -XX:+UseContainerSupport $JAVA_OPTS -jar /opt/onap/app.jar
-          {{- end }}
            {{ if .Values.liveness.enabled }}
            livenessProbe:
              httpGet:
-              port: {{ if (include "common.needTLS" .) }}{{ .Values.service.internalPort }}{{ else }}{{ .Values.service.internalPlainPort }}{{ end }}
+              port: {{ .Values.service.internalPort }}
                path: {{ .Values.liveness.path }}
-              scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
+              scheme: HTTP
              initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
              periodSeconds: {{ .Values.liveness.periodSeconds }}
            {{ end }}
            readinessProbe:
              httpGet:
-              port: {{ if (include "common.needTLS" .) }}{{ .Values.service.internalPort }}{{ else }}{{ .Values.service.internalPlainPort }}{{ end }}
+              port: {{ .Values.service.internalPort }}
                path: {{ .Values.readiness.path }}
-              scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
+              scheme: HTTP
              initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
              periodSeconds: {{ .Values.readiness.periodSeconds }}
            env:
@@ -91,15 +72,15 @@ spec:
              - name: ONAP_K8SCLOUDOWNER
                value: {{ .Values.config.k8sCloudOwner }}
              - name: NBI_URL
-              value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}://nbi.{{ include "common.namespace" . }}:{{ if (include "common.needTLS" .) }}{{ .Values.service.internalPort }}{{ else }}{{ .Values.service.internalPlainPort }}{{ end }}/nbi/api/v4"
+              value: "http://nbi.{{ include "common.namespace" . }}:{{ .Values.service.internalPort }}/nbi/api/v4"
              - name: SDC_HOST
-              value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}://sdc-be.{{ include "common.namespace" . }}:{{ if (include "common.needTLS" .) }}8443{{ else }}8080{{ end }}"
+              value: "http://sdc-be.{{ include "common.namespace" . }}:8080"
              - name: SDC_HEADER_ECOMPINSTANCEID
                value: {{ .Values.config.ecompInstanceId }}
              - name: SDC_HEADER_AUTHORIZATION
                value: {{ .Values.sdc_authorization }}
              - name: AAI_HOST
-              value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}://aai.{{ include "common.namespace" . }}:{{ if (include "common.needTLS" .) }}8443{{ else }}80{{ end }}"
+              value: "http://aai.{{ include "common.namespace" . }}:80"
              - name: AAI_HEADER_AUTHORIZATION
                value: {{ .Values.aai_authorization }}
              - name: SO_HOST
@@ -118,7 +99,7 @@ spec:
                value: "msb-discovery.{{ include "common.namespace" . }}"
              - name: MSB_DISCOVERY_PORT
                value: "10081"
-          volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 12 }}
+          volumeMounts:
              - mountPath: /etc/localtime
                name: localtime
                readOnly: true
@@ -132,7 +113,7 @@ spec:
  {{ toYaml .Values.affinity | indent 10 }}
          {{- end }}
        serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
-      volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
+      volumes:
          - name: localtime
            hostPath:
              path: /etc/localtime
diff --git a/kubernetes/nbi/tests/deployment_test.yaml b/kubernetes/nbi/tests/deployment_test.yaml

index 7c8a1b0..fe9d0d2 100644 (file)
--- a/kubernetes/nbi/tests/deployment_test.yaml
+++ b/kubernetes/nbi/tests/deployment_test.yaml
@@ -98,7 +98,7 @@ tests:
            path: spec.template.spec.containers[0].env
            content:
              name: SDC_HOST
-            value: https://sdc-be.NAMESPACE:8443
+            value: http://sdc-be.NAMESPACE:8080
        - contains:
            path: spec.template.spec.containers[0].env
            content:
@@ -113,7 +113,7 @@ tests:
            path: spec.template.spec.containers[0].env
            content:
              name: AAI_HOST
-            value: https://aai.NAMESPACE:8443
+            value: http://aai.NAMESPACE:80
        - contains:
            path: spec.template.spec.containers[0].env
            content:
diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml

index dc32367..e2b7341 100644 (file)
--- a/kubernetes/nbi/values.yaml
+++ b/kubernetes/nbi/values.yaml
@@ -24,31 +24,7 @@ global:
      service: mariadb-galera
      internalPort: 3306
      nameOverride: mariadb-galera
-  aafEnabled: true
-  msbEnabled: true
-
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
-  nameOverride: nbi-cert-initializer
-  aafDeployFqi: deployer@people.osaaf.org
-  aafDeployPass: demo123456!
-  # aafDeployCredsExternalSecret: some secret
-  fqdn: nbi
-  fqi: nbi@nbi.onap.org
-  public_fqdn: nbi.onap.org
-  cadi_longitude: "0.0"
-  cadi_latitude: "0.0"
-  app_ns: org.osaaf.aaf
-  credsPath: /opt/app/osaaf/local
-  aaf_add_config: >
-    echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" > {{ .Values.credsPath }}/mycreds.prop
-    echo "cadi_truststore_password=$cadi_truststore_password" >> {{ .Values.credsPath }}/mycreds.prop
-
-aafConfig:
-  permission_user: 1000
-  permission_group: 999
+  msbEnabled: false
  
  #################################################################
  # Secrets metaconfig
@@ -150,12 +126,10 @@ service:
    type: NodePort
    portName: api
    name: nbi
-  internalPort: 8443
-  internalPlainPort: 8080
+  internalPort: 8080
    ports:
      - name: http
-      port: 8443
-      plain_port: 8080
+      port: 8080
        nodePort: '74'
  
  ingress:
@@ -163,8 +137,7 @@ ingress:
    service:
      - baseaddr: "nbi-api"
        name: "nbi"
-      port: 8443
-      plain_port: 8080
+      port: 8080
    config:
      ssl: "redirect"
  # Resource Limit flavor -By Default using small
author	Andreas Geissler <andreas-geissler@telekom.de>
	Mon, 20 Mar 2023 14:24:36 +0000 (15:24 +0100)
committer	Andreas Geissler <andreas-geissler@telekom.de>
	Mon, 20 Mar 2023 14:26:49 +0000 (15:26 +0100)
kubernetes/nbi/Chart.yaml		patch \| blob \| history
kubernetes/nbi/templates/deployment.yaml		patch \| blob \| history
kubernetes/nbi/tests/deployment_test.yaml		patch \| blob \| history
kubernetes/nbi/values.yaml		patch \| blob \| history