service:
type: NodePort
name: dgbuilder
- portName: dgbuilder
+ portName: http
externalPort: 3000
internalPort: 3100
nodePort: 28
value: "yes"
- name: ELASTICSEARCH_NODE_TYPE
value: "data"
+ - name: network.bind_host
+ value: 127.0.0.1
+ - name: network.publish_host
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
ports: {{- include "common.containerPorts" . |indent 12 }}
{{- if .Values.livenessProbe.enabled }}
livenessProbe:
value: {{ .Values.dedicatednode | quote }}
- name: ELASTICSEARCH_NODE_TYPE
value: "master"
+ - name: network.bind_host
+ value: 127.0.0.1
+ - name: network.publish_host
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
ports: {{- include "common.containerPorts" . |indent 12 }}
{{- if .Values.livenessProbe.enabled }}
livenessProbe:
value: "coordinating"
- name: ELASTICSEARCH_PORT_NUMBER
value: "9000"
+ - name: network.bind_host
+ value: 127.0.0.1
+ - name: network.publish_host
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
{{/*ports: {{- include "common.containerPorts" . | indent 12 -}} */}}
{{- if .Values.livenessProbe.enabled }}
livenessProbe:
- /bin/sh
- -ec
- |
+ {{- if include "common.onServiceMesh" . }}
+ echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
# Create users
export ETCDCTL_ENDPOINTS=http://${ETCD_HOST}:${ETCD_PORT}
export ETCDCTL_API=3
name: localtime
readOnly: true
resources: {{ include "common.resources" . | nindent 12 }}
+ {{ include "common.waitForJobContainer" . | indent 6 | trim }}
{{- if .Values.nodeSelector }}
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
{{- end -}}
cpu: 20m
memory: 20Mi
unlimited: {}
+
+wait_for_job_container:
+ containers:
+ - '{{ include "common.name" . }}'
- name: POL_BASIC_AUTH_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pol-basic-auth-secret" "key" "password") | indent 10}}
- name: POL_URL
- value: "{{ .Values.config.polUrl }}"
+ {{- if (include "common.needTLS" .) }}
+ value: "{{ .Values.config.polUrl.https }}"
+ {{- else }}
+ value: "{{ .Values.config.polUrl.http }}"
+ {{- end }}
- name: POL_ENV
value: "{{ .Values.config.polEnv }}"
- name: POL_REQ_ID
- name: AAI_CERT_PATH
value: "{{ .Values.config.aaiCertPath }}"
- name: AAI_URI
- value: "{{ .Values.config.aaiUri }}"
+ {{- if (include "common.needTLS" .) }}
+ value: "{{ .Values.config.aaiUri.https }}"
+ {{- else }}
+ value: "{{ .Values.config.aaiUri.http }}"
+ {{- end }}
- name: AAI_AUTH
value: "{{ .Values.config.aaiAuth }}"
- name: DISABLE_HOST_VERIFICATION
polClientAuth: cHl0aG9uOnRlc3Q=
polBasicAuthUser: healthcheck
polBasicAuthPassword: zb!XztG34
- polUrl: https://policy-xacml-pdp:6969/policy/pdpx/v1/decision
+ polUrl:
+ https: https://policy-xacml-pdp:6969/policy/pdpx/v1/decision
+ http: http://policy-xacml-pdp:8080/policy/pdpx/v1/decision
polEnv: TEST
polReqId: xx
disableHostVerification: true
aaiCertPass: changeit
aaiCertPath: /opt/etc/config/aai_keystore
aaiAuth: QUFJOkFBSQ==
- aaiUri: https://aai:8443/aai/v14/
+ aaiUri:
+ https: https://aai:8443/aai/v14/
+ http: http://aai:8080/aai/v14/
# default number of instances
replicaCount: 1
service:
type: ClusterIP
name: neng-serv
- portName: neng-serv-port
+ portName: http
internalPort: 8080
externalPort: 8080
}
export PG_PASSWORD=`prepare_password $PG_PASSWORD_INPUT`;
export PG_ROOT_PASSWORD=`prepare_password $PG_ROOT_PASSWORD_INPUT`;
+ {{- if include "common.onServiceMesh" . }}
+ echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done;
psql "postgresql://postgres:$PG_ROOT_PASSWORD@$PG_HOST" < /config/setup.sql
env:
name: pgconf
resources:
{{ include "common.resources" . | indent 12 }}
+ {{ include "common.waitForJobContainer" . | indent 6 | trim }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
cpu: 1
memory: 2Gi
unlimited: {}
+
+wait_for_job_container:
+ containers:
+ - '{{ include "common.name" . }}-update-config'
\ No newline at end of file
selector: {{- include "common.selectors" . | nindent 4 }}
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ {{- if (include "common.onServiceMesh" . ) }}
+ annotations:
+ {{- if eq ( .Values.global.serviceMesh.engine ) "linkerd" }}
+ linkerd.io/inject: disabled
+ {{- end }}
+ {{- if eq ( .Values.global.serviceMesh.engine ) "istio" }}
+ sidecar.istio.io/rewriteAppHTTPProbers: "false"
+ proxy.istio.io/config: '{ "holdApplicationUntilProxyStarts": true }'
+ {{- end }}
+ {{- end }}
spec:
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
lifecycle:
postStart:
exec:
- command: ["/bin/sh", "-c", "/opt/primekey/scripts/ejbca-config.sh"]
+ command:
+ - sh
+ - -c
+ - |
+ sleep 60; /opt/primekey/scripts/ejbca-config.sh
volumeMounts:
- name: "{{ include "common.fullname" . }}-volume"
mountPath: /opt/primekey/scripts/
# probe configuration parameters
liveness:
path: /ejbca/publicweb/healthcheck/ejbcahealth
- port: api
- initialDelaySeconds: 30
+ port: 8443
+ initialDelaySeconds: 180
periodSeconds: 30
readiness:
path: /ejbca/publicweb/healthcheck/ejbcahealth
- port: api
- initialDelaySeconds: 30
+ port: 8443
+ initialDelaySeconds: 180
periodSeconds: 30
service:
port_protocol: http
# Resource Limit flavor -By Default using small
-flavor: small
+flavor: unlimited
# Segregation for Different environment (Small and Large)
resources:
small:
nodePortPrefix: 302
nodePortPrefixExt: 304
-#################################################################
-# Filebeat configuration defaults.
-#################################################################
-filebeatConfig:
- logstashServiceName: log-ls
- logstashPort: 5044
-
#################################################################
# initContainer images.
#################################################################
# log directory where logging sidecar should look for log files
# if absent, no sidecar will be deployed
-#logDirectory: TBD #/opt/app/VESCollector/logs #DONE
-
-# Following requires manual override until fix for DCAEGEN2-3087
-# is available to switch logDirectory setting to log.path
-log:
- path: /opt/app/
+#log:
+# path: TBD #/opt/app/VESCollector/logs #DONE
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
# directory where TLS certs should be stored
# application image
-image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.3.2
+image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.3.3
# Resource Limit flavor -By Default using small
flavor: small
metadata:
labels:
control-plane: controller-manager
+ {{- if (include "common.onServiceMesh" . | nindent 6 ) }}
+ annotations:
+ {{- if eq ( .Values.global.serviceMesh.engine ) "linkerd" }}
+ linkerd.io/inject: disabled
+ {{- end }}
+ {{- if eq ( .Values.global.serviceMesh.engine ) "istio" }}
+ traffic.sidecar.istio.io/excludeInboundPorts: "8080,8443"
+ traffic.sidecar.istio.io/includeInboundPorts: '*'
+ {{- end }}
+ {{- end }}
spec:
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
selector: {{- include "common.selectors" . | nindent 4 }}
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ {{- if (include "common.onServiceMesh" . ) }}
+ annotations:
+ {{- if eq ( .Values.global.serviceMesh.engine ) "linkerd" }}
+ linkerd.io/inject: disabled
+ {{- end }}
+ {{- if eq ( .Values.global.serviceMesh.engine ) "istio" }}
+ traffic.sidecar.istio.io/excludeInboundPorts: "8080,8443"
+ traffic.sidecar.istio.io/includeInboundPorts: '*'
+ {{- end }}
+ {{- end }}
spec:
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
Code Review / oom.git / commitdiff