From cb0a81fdf8cddb1f08616d8afdefb69202dcbed3 Mon Sep 17 00:00:00 2001 From: Dan Timoney Date: Wed, 15 Jul 2020 17:31:43 -0400 Subject: [PATCH] [CCSDK] Configure dgbuilder to use certInitializer This change makes the following fixes to dgbuilder: * Replace hard-coded certificate with certificate generated by certInitializer * Configure dgbuilder to use http instead of https if AAF is disabled (i.e. global aafEnabled property = false) * Add resource limits Issue-ID: SDNC-1356 Signed-off-by: Dan Timoney Change-Id: I8ca97c6a44f62a0abe5b5a6f8564ebcd2e4addb1 --- kubernetes/appc/values.yaml | 2 + kubernetes/common/dgbuilder/requirements.yaml | 3 ++ .../dgbuilder/resources/config/customSettings.js | 6 ++- .../common/dgbuilder/templates/deployment.yaml | 5 +- kubernetes/common/dgbuilder/values.yaml | 60 +++++++++++++++------- kubernetes/sdnc/values.yaml | 2 + 6 files changed, 57 insertions(+), 21 deletions(-) diff --git a/kubernetes/appc/values.yaml b/kubernetes/appc/values.yaml index 57ce1e9cea..8b3ce26d52 100644 --- a/kubernetes/appc/values.yaml +++ b/kubernetes/appc/values.yaml @@ -133,6 +133,8 @@ mariadb-galera: dgbuilder: nameOverride: appc-dgbuilder + certInitializer: + nameOverride: appc-dgbuilder-cert-initializer config: db: rootPasswordExternalSecret: '{{ include "common.release" . }}-appc-db-root-pass' diff --git a/kubernetes/common/dgbuilder/requirements.yaml b/kubernetes/common/dgbuilder/requirements.yaml index 4735901dfa..cf305d4bc9 100644 --- a/kubernetes/common/dgbuilder/requirements.yaml +++ b/kubernetes/common/dgbuilder/requirements.yaml @@ -16,3 +16,6 @@ dependencies: - name: common version: ~6.x-0 repository: 'file://../common' + - name: certInitializer + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/common/dgbuilder/resources/config/customSettings.js b/kubernetes/common/dgbuilder/resources/config/customSettings.js index 42c2e5728b..b6a1a8636a 100644 --- a/kubernetes/common/dgbuilder/resources/config/customSettings.js +++ b/kubernetes/common/dgbuilder/resources/config/customSettings.js @@ -54,6 +54,8 @@ module.exports={ }, "uiHost": "0.0.0.0", "version": "0.9.1", - "performGitPull": "N", - "enableHttps" : true + {{ if .Values.global.aafEnabled }} + "enableHttps" : true, + {{ end }} + "performGitPull": "N" } diff --git a/kubernetes/common/dgbuilder/templates/deployment.yaml b/kubernetes/common/dgbuilder/templates/deployment.yaml index 1c32e12204..ec088e9274 100644 --- a/kubernetes/common/dgbuilder/templates/deployment.yaml +++ b/kubernetes/common/dgbuilder/templates/deployment.yaml @@ -70,6 +70,7 @@ spec: image: "{{ .Values.global.envsubstImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config +{{ include "common.certInitializer.initContainer" . | indent 6 }} - command: - /app/ready.py args: @@ -89,7 +90,7 @@ spec: image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["/bin/bash"] - args: ["-c", "cd /opt/onap/ccsdk/dgbuilder/ && ./start.sh sdnc1.0 && wait"] + args: ["-c", "cd /opt/onap/ccsdk/dgbuilder/ && {{ if .Values.global.aafEnabled}} cp /opt/app/osaaf/local/node-*.pem certs && {{end}}./start.sh sdnc1.0 && wait"] ports: - containerPort: {{ .Values.service.internalPort }} readinessProbe: @@ -101,6 +102,7 @@ spec: - name: SDNC_CONFIG_DIR value: /opt/onap/sdnc/data/properties volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -127,6 +129,7 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} volumes: +{{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml index a7e6e24265..cf88fe5c3f 100644 --- a/kubernetes/common/dgbuilder/values.yaml +++ b/kubernetes/common/dgbuilder/values.yaml @@ -158,21 +158,45 @@ ingress: config: ssl: "redirect" -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory - # Minimum memory for production is 4 CPU cores and 8GB memory -#resources: -# limits: -# cpu: 2 -# memory: 4Gi -# requests: -# cpu: 2 -# memory: 4Gi + # dependency / sub-chart configuration +certInitializer: + nameOverride: dgbuilder-cert-initializer + truststoreMountpath: /opt/onap/ccsdk/dgbuilder/certs + fqdn: "sdnc" + app_ns: "org.osaaf.aaf" + fqi: "sdnc@sdnc.onap.org" + fqi_namespace: org.onap.sdnc + public_fqdn: "dgbuilder.onap.org" + aafDeployFqi: "deployer@people.osaaf.org" + aafDeployPass: demo123456! + cadi_latitude: "38.0" + cadi_longitude: "-72.0" + credsPath: /opt/app/osaaf/local + aaf_add_config: > + cd /opt/app/osaaf/local; + /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} | grep cadi_keystore_password= | cut -d= -f 2 > {{ .Values.credsPath }}/.pass 2>&1 ; + cp {{ .Values.fqi_namespace }}.crt node-cert.pem; + cp {{ .Values.fqi_namespace }}.key node-key.pem; + chmod go+r node-*.pem + +#Resource Limit flavor -By Default using small +flavor: small +#segregation for different envionment (Small and Large) + +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 1 + memory: 2Gi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 2 + memory: 4Gi + unlimited: {} + diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index aee6f25f87..f1e6821e68 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -283,6 +283,8 @@ sdnc-ansible-server: dgbuilder: enabled: true nameOverride: sdnc-dgbuilder + certInitializer: + nameOverride: sdnc-dgbuilder-cert-initializer config: db: dbName: *sdncDbName -- 2.16.6