diff --git a/.gitignore b/.gitignore index ec4110f6bcb0b1b03185416bfc8c62a9f7f5cb70..651e1692f9c36007ca84ddbef9050d047a091be3 100644 --- a/.gitignore +++ b/.gitignore @@ -36,8 +36,5 @@ docs/testing_with_postman/package-lock.json results helm/capif/*.lock -<<<<<<< HEAD helm/capif/charts -======= helm/capif/charts/tempo* ->>>>>>> staging diff --git a/helm/capif/Chart.yaml b/helm/capif/Chart.yaml index fc0c9676150d16f0579ba61b5e98097d01e26768..3cdcb3ef346cf5cf8efd980d4819320115224944 100644 --- a/helm/capif/Chart.yaml +++ b/helm/capif/Chart.yaml @@ -20,7 +20,43 @@ version: v3.1.6 # It is recommended to use it with quotes. appVersion: "v3.1.6" dependencies: - - name: helper + - name: ocf-access-control-policy + version: "*" + - name: ocf-api-invoker-management + version: "*" + - name: ocf-api-provider-management + version: "*" + - name: ocf-api-invocation-logs + version: "*" + - name: ocf-events + version: "*" + - name: ocf-helper + version: "*" + - name: ocf-routing-info + version: "*" + - name: ocf-security + version: "*" + - name: ocf-register + version: "*" + - name: mongo-register + version: "*" + - name: ocf-auditing-api-logs + version: "*" + - name: ocf-publish-service-api + version: "*" + - name: ocf-discover-service-api + version: "*" + - name: mongo + version: "*" + - name: mongo-express + version: "*" + - name: mongo-register-express + version: "*" + - name: nginx + version: "*" + - name: mock-server + version: "*" + - name: redis version: "*" - name: "tempo" condition: tempo.enabled diff --git a/helm/capif/charts/helper/.helmignore b/helm/capif/charts/mock-server/.helmignore similarity index 100% rename from helm/capif/charts/helper/.helmignore rename to helm/capif/charts/mock-server/.helmignore diff --git a/helm/capif/charts/mock-server/Chart.yaml b/helm/capif/charts/mock-server/Chart.yaml new file mode 100644 index 0000000000000000000000000000000000000000..9ca2cda3630662f9e05036d329d78d370c9113a9 --- /dev/null +++ b/helm/capif/charts/mock-server/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: mock-server +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/helm/capif/charts/mock-server/templates/NOTES.txt b/helm/capif/charts/mock-server/templates/NOTES.txt new file mode 100644 index 0000000000000000000000000000000000000000..4e3d05605049d751c0046a06276eafd20850848f --- /dev/null +++ b/helm/capif/charts/mock-server/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "mock-server.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "mock-server.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "mock-server.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "mock-server.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/capif/charts/mock-server/templates/_helpers.tpl b/helm/capif/charts/mock-server/templates/_helpers.tpl new file mode 100644 index 0000000000000000000000000000000000000000..4c9fe56f003d2ea9cbed9faa41881bfed3873079 --- /dev/null +++ b/helm/capif/charts/mock-server/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "mock-server.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "mock-server.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "mock-server.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "mock-server.labels" -}} +helm.sh/chart: {{ include "mock-server.chart" . }} +{{ include "mock-server.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "mock-server.selectorLabels" -}} +app.kubernetes.io/name: {{ include "mock-server.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "mock-server.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "mock-server.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/capif/charts/mock-server/templates/deployment.yaml b/helm/capif/charts/mock-server/templates/deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..270411b0b13940af4dc8b011817b7a7e333611ce --- /dev/null +++ b/helm/capif/charts/mock-server/templates/deployment.yaml @@ -0,0 +1,68 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "mock-server.fullname" . }} + labels: + {{- include "mock-server.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "mock-server.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "mock-server.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "mock-server.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/capif/charts/mock-server/templates/hpa.yaml b/helm/capif/charts/mock-server/templates/hpa.yaml new file mode 100644 index 0000000000000000000000000000000000000000..fbdd9bcb654670e96c5bd4d87e57bfef587e7e50 --- /dev/null +++ b/helm/capif/charts/mock-server/templates/hpa.yaml @@ -0,0 +1,32 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "mock-server.fullname" . }} + labels: + {{- include "mock-server.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "mock-server.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/capif/charts/mock-server/templates/ingress.yaml b/helm/capif/charts/mock-server/templates/ingress.yaml new file mode 100644 index 0000000000000000000000000000000000000000..68406e7fba3341d5243e804f2b95e6688e47c9f7 --- /dev/null +++ b/helm/capif/charts/mock-server/templates/ingress.yaml @@ -0,0 +1,61 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "mock-server.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "mock-server.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: mock-server + port: + number: {{ $svcPort }} + {{- else }} + serviceName: mock-server + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/capif/charts/mock-server/templates/service.yaml b/helm/capif/charts/mock-server/templates/service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..f16073027a7d360c7353fe5864578b45485883a8 --- /dev/null +++ b/helm/capif/charts/mock-server/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: mock-server + labels: + {{- include "mock-server.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "mock-server.selectorLabels" . | nindent 4 }} diff --git a/helm/capif/charts/mock-server/templates/serviceaccount.yaml b/helm/capif/charts/mock-server/templates/serviceaccount.yaml new file mode 100644 index 0000000000000000000000000000000000000000..004803d6e6056e44dd23a544e35786764b5709fb --- /dev/null +++ b/helm/capif/charts/mock-server/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "mock-server.serviceAccountName" . }} + labels: + {{- include "mock-server.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm/capif/charts/helper/templates/tests/test-connection.yaml b/helm/capif/charts/mock-server/templates/tests/test-connection.yaml similarity index 50% rename from helm/capif/charts/helper/templates/tests/test-connection.yaml rename to helm/capif/charts/mock-server/templates/tests/test-connection.yaml index f3959cc03d5bb449a71b2b24a09fdf5f6bf3702c..796d72b97aea876de2e80acbc12bb6f52e832d2f 100644 --- a/helm/capif/charts/helper/templates/tests/test-connection.yaml +++ b/helm/capif/charts/mock-server/templates/tests/test-connection.yaml @@ -1,9 +1,9 @@ apiVersion: v1 kind: Pod metadata: - name: "{{ include "helper.fullname" . }}-test-connection" + name: "{{ include "mock-server.fullname" . }}-test-connection" labels: - {{- include "helper.labels" . | nindent 4 }} + {{- include "mock-server.labels" . | nindent 4 }} annotations: "helm.sh/hook": test spec: @@ -11,5 +11,5 @@ spec: - name: wget image: busybox command: ['wget'] - args: ['{{ include "helper.fullname" . }}:{{ .Values.service.port }}'] + args: ['mock-server:{{ .Values.service.port }}'] restartPolicy: Never diff --git a/helm/capif/charts/mock-server/values.yaml b/helm/capif/charts/mock-server/values.yaml new file mode 100644 index 0000000000000000000000000000000000000000..f005d9f72e1b08eaed5a44b9316f25313dca9eb5 --- /dev/null +++ b/helm/capif/charts/mock-server/values.yaml @@ -0,0 +1,108 @@ +# Default values for mock-server. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: mock-server + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} +podLabels: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 9090 + +ingress: + enabled: true + className: "nginx" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: mock-server.example.local + paths: + - path: / + pathType: Prefix + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +livenessProbe: + tcpSocket: + port: 9090 + initialDelaySeconds: 20 + periodSeconds: 5 +readinessProbe: +# httpGet: +# path: / +# port: http + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +# Additional volumes on the output Deployment definition. +volumes: [] +# - name: foo +# secret: +# secretName: mysecret +# optional: false + +# Additional volumeMounts on the output Deployment definition. +volumeMounts: [] +# - name: foo +# mountPath: "/etc/foo" +# readOnly: true + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/capif/charts/mongo-express/.helmignore b/helm/capif/charts/mongo-express/.helmignore new file mode 100644 index 0000000000000000000000000000000000000000..0e8a0eb36f4ca2c939201c0d54b5d82a1ea34778 --- /dev/null +++ b/helm/capif/charts/mongo-express/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/capif/charts/mongo-express/Chart.yaml b/helm/capif/charts/mongo-express/Chart.yaml new file mode 100644 index 0000000000000000000000000000000000000000..7150bbccdd23baed83ea708e050450f10b46e5ea --- /dev/null +++ b/helm/capif/charts/mongo-express/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: mongo-express +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/helm/capif/charts/mongo-express/templates/NOTES.txt b/helm/capif/charts/mongo-express/templates/NOTES.txt new file mode 100644 index 0000000000000000000000000000000000000000..b93d9e574686c0c8188ae7d2f35d9ea42afab7d5 --- /dev/null +++ b/helm/capif/charts/mongo-express/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "mongo-express.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "mongo-express.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "mongo-express.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "mongo-express.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/capif/charts/mongo-express/templates/_helpers.tpl b/helm/capif/charts/mongo-express/templates/_helpers.tpl new file mode 100644 index 0000000000000000000000000000000000000000..15950b20549ce66c581a6a970a19180507e054fc --- /dev/null +++ b/helm/capif/charts/mongo-express/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "mongo-express.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "mongo-express.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "mongo-express.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "mongo-express.labels" -}} +helm.sh/chart: {{ include "mongo-express.chart" . }} +{{ include "mongo-express.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "mongo-express.selectorLabels" -}} +app.kubernetes.io/name: {{ include "mongo-express.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "mongo-express.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "mongo-express.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/capif/charts/mongo-express/templates/deployment.yaml b/helm/capif/charts/mongo-express/templates/deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..175a045eadc0b3d02f05ea3ea6d0ed6bcbf241a9 --- /dev/null +++ b/helm/capif/charts/mongo-express/templates/deployment.yaml @@ -0,0 +1,73 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "mongo-express.fullname" . }} + labels: + {{- include "mongo-express.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "mongo-express.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + date: "{{ now | unixEpoch }}" + labels: + {{- include "mongo-express.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "mongo-express.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.service.targetPort }} + protocol: TCP + env: + - name: ME_CONFIG_MONGODB_ADMINUSERNAME + value: {{ quote .Values.env.meConfigMongodbAdminusername }} + - name: ME_CONFIG_MONGODB_ADMINPASSWORD + value: {{ quote .Values.env.meConfigMongodbAdminpassword }} + - name: ME_CONFIG_MONGODB_URL + value: {{ quote .Values.env.meConfigMongodbUrl }} + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/capif/charts/mongo-express/templates/hpa.yaml b/helm/capif/charts/mongo-express/templates/hpa.yaml new file mode 100644 index 0000000000000000000000000000000000000000..2b7ca92dedef78348330acdd5f87e78b9738634e --- /dev/null +++ b/helm/capif/charts/mongo-express/templates/hpa.yaml @@ -0,0 +1,32 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "mongo-express.fullname" . }} + labels: + {{- include "mongo-express.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "mongo-express.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/capif/charts/mongo-express/templates/ingress.yaml b/helm/capif/charts/mongo-express/templates/ingress.yaml new file mode 100644 index 0000000000000000000000000000000000000000..9a0f710da79ebf82aaad74744f8d65caa32987d1 --- /dev/null +++ b/helm/capif/charts/mongo-express/templates/ingress.yaml @@ -0,0 +1,61 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "mongo-express.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "mongo-express.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/capif/charts/mongo-express/templates/service.yaml b/helm/capif/charts/mongo-express/templates/service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..888a03f7fd5c373ede66e5aa801ce0db6dd5b83f --- /dev/null +++ b/helm/capif/charts/mongo-express/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: mongo-express + labels: + {{- include "mongo-express.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: {{ .Values.service.targetPort }} + protocol: TCP + name: http + selector: + {{- include "mongo-express.selectorLabels" . | nindent 4 }} diff --git a/helm/capif/charts/mongo-express/templates/serviceaccount.yaml b/helm/capif/charts/mongo-express/templates/serviceaccount.yaml new file mode 100644 index 0000000000000000000000000000000000000000..4a6a666ec3c3728ef24cfe803e448ef7dc990e60 --- /dev/null +++ b/helm/capif/charts/mongo-express/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "mongo-express.serviceAccountName" . }} + labels: + {{- include "mongo-express.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm/capif/charts/mongo-express/templates/tests/test-connection.yaml b/helm/capif/charts/mongo-express/templates/tests/test-connection.yaml new file mode 100644 index 0000000000000000000000000000000000000000..666e36f4a8ed18221d6155b469d11878d865f566 --- /dev/null +++ b/helm/capif/charts/mongo-express/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "mongo-express.fullname" . }}-test-connection" + labels: + {{- include "mongo-express.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['mongo-express:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/capif/charts/mongo-express/values.yaml b/helm/capif/charts/mongo-express/values.yaml new file mode 100644 index 0000000000000000000000000000000000000000..447ec98f62665a18b0eafcf9fbfbced32bf1e305 --- /dev/null +++ b/helm/capif/charts/mongo-express/values.yaml @@ -0,0 +1,112 @@ +# Default values for mongo-express. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: mongo-express + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "1.0.0-alpha.4" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +env: + meConfigMongodbAdminusername: root + meConfigMongodbAdminpassword: example + meConfigMongodbUrl: mongodb://root:example@mongo:27017/ +serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} +podLabels: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 8082 + targetPort: 8081 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + +livenessProbe: +# httpGet: +# path: / +# port: http +readinessProbe: + tcpSocket: + port: 8081 + periodSeconds: 5 + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +# Additional volumes on the output Deployment definition. +volumes: [] +# - name: foo +# secret: +# secretName: mysecret +# optional: false + +# Additional volumeMounts on the output Deployment definition. +volumeMounts: [] +# - name: foo +# mountPath: "/etc/foo" +# readOnly: true + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/capif/charts/mongo-register-express/.helmignore b/helm/capif/charts/mongo-register-express/.helmignore new file mode 100644 index 0000000000000000000000000000000000000000..0e8a0eb36f4ca2c939201c0d54b5d82a1ea34778 --- /dev/null +++ b/helm/capif/charts/mongo-register-express/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/capif/charts/mongo-register-express/Chart.yaml b/helm/capif/charts/mongo-register-express/Chart.yaml new file mode 100644 index 0000000000000000000000000000000000000000..b4e246c5371588b8649b2de23af3664ca6017f4b --- /dev/null +++ b/helm/capif/charts/mongo-register-express/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: mongo-register-express +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/helm/capif/charts/mongo-register-express/templates/NOTES.txt b/helm/capif/charts/mongo-register-express/templates/NOTES.txt new file mode 100644 index 0000000000000000000000000000000000000000..60013f0e02b91371136d3e932c30cde9452c1d22 --- /dev/null +++ b/helm/capif/charts/mongo-register-express/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "mongo-register-express.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "mongo-register-express.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "mongo-register-express.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "mongo-register-express.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/capif/charts/mongo-register-express/templates/_helpers.tpl b/helm/capif/charts/mongo-register-express/templates/_helpers.tpl new file mode 100644 index 0000000000000000000000000000000000000000..accb35f4b620d000237e96ef49f922308d5c280e --- /dev/null +++ b/helm/capif/charts/mongo-register-express/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "mongo-register-express.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "mongo-register-express.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "mongo-register-express.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "mongo-register-express.labels" -}} +helm.sh/chart: {{ include "mongo-register-express.chart" . }} +{{ include "mongo-register-express.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "mongo-register-express.selectorLabels" -}} +app.kubernetes.io/name: {{ include "mongo-register-express.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "mongo-register-express.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "mongo-register-express.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/capif/charts/mongo-register-express/templates/deployment.yaml b/helm/capif/charts/mongo-register-express/templates/deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..3e86c2d129322b3e3bf9ccd0273db423b1c2b8b7 --- /dev/null +++ b/helm/capif/charts/mongo-register-express/templates/deployment.yaml @@ -0,0 +1,73 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "mongo-register-express.fullname" . }} + labels: + {{- include "mongo-register-express.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "mongo-register-express.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + date: "{{ now | unixEpoch }}" + labels: + {{- include "mongo-register-express.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "mongo-register-express.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.service.targetPort }} + protocol: TCP + env: + - name: ME_CONFIG_MONGODB_ADMINPASSWORD + value: {{ quote .Values.env.meConfigMongodbAdminpassword }} + - name: ME_CONFIG_MONGODB_ADMINUSERNAME + value: {{ quote .Values.env.meConfigMongodbAdminusername }} + - name: ME_CONFIG_MONGODB_URL + value: {{ quote .Values.env.meConfigMongodbUrl }} + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/capif/charts/mongo-register-express/templates/hpa.yaml b/helm/capif/charts/mongo-register-express/templates/hpa.yaml new file mode 100644 index 0000000000000000000000000000000000000000..7f0a83539bbd4727859f3f2374de879af29b4165 --- /dev/null +++ b/helm/capif/charts/mongo-register-express/templates/hpa.yaml @@ -0,0 +1,32 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "mongo-register-express.fullname" . }} + labels: + {{- include "mongo-register-express.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "mongo-register-express.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/capif/charts/mongo-register-express/templates/ingress.yaml b/helm/capif/charts/mongo-register-express/templates/ingress.yaml new file mode 100644 index 0000000000000000000000000000000000000000..02c99e552f59b12a613ef18fdf9eb251e04f1ff8 --- /dev/null +++ b/helm/capif/charts/mongo-register-express/templates/ingress.yaml @@ -0,0 +1,61 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "mongo-register-express.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "mongo-register-express.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/capif/charts/mongo-register-express/templates/service.yaml b/helm/capif/charts/mongo-register-express/templates/service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..eed599c07e9b2a624f2c102e10597866c0eaa479 --- /dev/null +++ b/helm/capif/charts/mongo-register-express/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: mongo-register-express + labels: + {{- include "mongo-register-express.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: {{ .Values.service.targetPort }} + protocol: TCP + name: http + selector: + {{- include "mongo-register-express.selectorLabels" . | nindent 4 }} diff --git a/helm/capif/charts/mongo-register-express/templates/serviceaccount.yaml b/helm/capif/charts/mongo-register-express/templates/serviceaccount.yaml new file mode 100644 index 0000000000000000000000000000000000000000..21c68624da9a44fb50d2a2343ebc999831ca60ee --- /dev/null +++ b/helm/capif/charts/mongo-register-express/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "mongo-register-express.serviceAccountName" . }} + labels: + {{- include "mongo-register-express.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm/capif/charts/mongo-register-express/templates/tests/test-connection.yaml b/helm/capif/charts/mongo-register-express/templates/tests/test-connection.yaml new file mode 100644 index 0000000000000000000000000000000000000000..240abe39b52643b86adfd858710c6f883ae7cee1 --- /dev/null +++ b/helm/capif/charts/mongo-register-express/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "mongo-register-express.fullname" . }}-test-connection" + labels: + {{- include "mongo-register-express.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "mongo-register-express.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/capif/charts/mongo-register-express/values.yaml b/helm/capif/charts/mongo-register-express/values.yaml new file mode 100644 index 0000000000000000000000000000000000000000..d36bf6c0ba973ecc844373a14e6c104a273fc13c --- /dev/null +++ b/helm/capif/charts/mongo-register-express/values.yaml @@ -0,0 +1,113 @@ +# Default values for mongo-register-express. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: mongo-express + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "1.0.0-alpha.4" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +env: + meConfigMongodbAdminusername: root + meConfigMongodbAdminpassword: example + meConfigMongodbUrl: mongodb://root:example@mongo-register:27017/ + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} +podLabels: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 8082 + targetPort: 8081 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + +livenessProbe: +# httpGet: +# path: / +# port: http +readinessProbe: + tcpSocket: + port: 8081 + periodSeconds: 5 + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +# Additional volumes on the output Deployment definition. +volumes: [] +# - name: foo +# secret: +# secretName: mysecret +# optional: false + +# Additional volumeMounts on the output Deployment definition. +volumeMounts: [] +# - name: foo +# mountPath: "/etc/foo" +# readOnly: true + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/capif/charts/mongo-register/.helmignore b/helm/capif/charts/mongo-register/.helmignore new file mode 100644 index 0000000000000000000000000000000000000000..0e8a0eb36f4ca2c939201c0d54b5d82a1ea34778 --- /dev/null +++ b/helm/capif/charts/mongo-register/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/capif/charts/mongo-register/Chart.yaml b/helm/capif/charts/mongo-register/Chart.yaml new file mode 100644 index 0000000000000000000000000000000000000000..08a4264470125209be19d9403a59e9b96cabafd2 --- /dev/null +++ b/helm/capif/charts/mongo-register/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: mongo-register +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/helm/capif/charts/mongo-register/templates/NOTES.txt b/helm/capif/charts/mongo-register/templates/NOTES.txt new file mode 100644 index 0000000000000000000000000000000000000000..4cbdf5989ac5315409a61aae2fdbf149ae2ffc22 --- /dev/null +++ b/helm/capif/charts/mongo-register/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "mongo-register.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "mongo-register.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "mongo-register.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "mongo-register.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/capif/charts/mongo-register/templates/_helpers.tpl b/helm/capif/charts/mongo-register/templates/_helpers.tpl new file mode 100644 index 0000000000000000000000000000000000000000..8ade9442dce911269dcba7d0d6d2b8f764be038d --- /dev/null +++ b/helm/capif/charts/mongo-register/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "mongo-register.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "mongo-register.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "mongo-register.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "mongo-register.labels" -}} +helm.sh/chart: {{ include "mongo-register.chart" . }} +{{ include "mongo-register.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "mongo-register.selectorLabels" -}} +app.kubernetes.io/name: {{ include "mongo-register.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "mongo-register.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "mongo-register.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/capif/charts/mongo-register/templates/deployment.yaml b/helm/capif/charts/mongo-register/templates/deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..442eee66b2153cd25bbb0c48416cdda8c15f784c --- /dev/null +++ b/helm/capif/charts/mongo-register/templates/deployment.yaml @@ -0,0 +1,73 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "mongo-register.fullname" . }} + labels: + {{- include "mongo-register.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + strategy: + type: Recreate + selector: + matchLabels: + {{- include "mongo-register.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + date: "{{ now | unixEpoch }}" + labels: + {{- include "mongo-register.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "mongo-register.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + env: + - name: MONGO_INITDB_ROOT_PASSWORD + value: {{ quote .Values.env.mongoInitdbRootPassword }} + - name: MONGO_INITDB_ROOT_USERNAME + value: {{ quote .Values.env.mongoInitdbRootUsername }} + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/capif/charts/mongo-register/templates/hpa.yaml b/helm/capif/charts/mongo-register/templates/hpa.yaml new file mode 100644 index 0000000000000000000000000000000000000000..7dd1b59cd4f2d8070336d5fbc3dab8d9e6733f95 --- /dev/null +++ b/helm/capif/charts/mongo-register/templates/hpa.yaml @@ -0,0 +1,32 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "mongo-register.fullname" . }} + labels: + {{- include "mongo-register.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "mongo-register.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/capif/charts/mongo-register/templates/ingress.yaml b/helm/capif/charts/mongo-register/templates/ingress.yaml new file mode 100644 index 0000000000000000000000000000000000000000..d4897eca40afba8bd376dea3798f1ebccec6dfdb --- /dev/null +++ b/helm/capif/charts/mongo-register/templates/ingress.yaml @@ -0,0 +1,61 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "mongo-register.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "mongo-register.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/capif/charts/mongo-register/templates/pvc.yaml b/helm/capif/charts/mongo-register/templates/pvc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..13f17337ddd201d860557b3005ec7804cfbd3fdc --- /dev/null +++ b/helm/capif/charts/mongo-register/templates/pvc.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + {{- include "mongo-register.labels" . | nindent 8 }} + name: mongo-register-pvc +spec: + storageClassName: {{ .Values.persistence.storageClass }} + accessModes: + - ReadWriteMany + resources: + requests: + storage: {{ .Values.persistence.storage }} \ No newline at end of file diff --git a/helm/capif/charts/mongo-register/templates/service.yaml b/helm/capif/charts/mongo-register/templates/service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..46ea1106e24016d5ad1c88ec0132880f7284e748 --- /dev/null +++ b/helm/capif/charts/mongo-register/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: mongo-register + labels: + {{- include "mongo-register.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "mongo-register.selectorLabels" . | nindent 4 }} diff --git a/helm/capif/charts/mongo-register/templates/serviceaccount.yaml b/helm/capif/charts/mongo-register/templates/serviceaccount.yaml new file mode 100644 index 0000000000000000000000000000000000000000..56e94e65ca7985054f4feef6d67d22afc1de1458 --- /dev/null +++ b/helm/capif/charts/mongo-register/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "mongo-register.serviceAccountName" . }} + labels: + {{- include "mongo-register.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm/capif/charts/mongo-register/templates/tests/test-connection.yaml b/helm/capif/charts/mongo-register/templates/tests/test-connection.yaml new file mode 100644 index 0000000000000000000000000000000000000000..4d0e00a92b63eac09a7655734e69014e29f7114d --- /dev/null +++ b/helm/capif/charts/mongo-register/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "mongo-register.fullname" . }}-test-connection" + labels: + {{- include "mongo-register.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['mongo-register:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/capif/charts/mongo-register/values.yaml b/helm/capif/charts/mongo-register/values.yaml new file mode 100644 index 0000000000000000000000000000000000000000..dcb783f18c8e5a9a8659d98784528f7c15fd6043 --- /dev/null +++ b/helm/capif/charts/mongo-register/values.yaml @@ -0,0 +1,113 @@ +# Default values for mongo-register. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: mongo + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "6.0.2" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +env: + mongoInitdbRootPassword: example + mongoInitdbRootUsername: root + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} +podLabels: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + runAsUser: 999 + +service: + type: ClusterIP + port: 27017 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +livenessProbe: +# httpGet: +# path: / +# port: http +readinessProbe: + tcpSocket: + port: 27017 + periodSeconds: 5 + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +persistence: + storage: 8Gi + storageClass: nfs-01 + +# Additional volumes on the output Deployment definition. +volumes: + - name: mongo-register-pvc + persistentVolumeClaim: + claimName: mongo-register-pvc + +# Additional volumeMounts on the output Deployment definition. +volumeMounts: + - name: mongo-register-pvc + mountPath: /data/db + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/capif/charts/mongo/.helmignore b/helm/capif/charts/mongo/.helmignore new file mode 100644 index 0000000000000000000000000000000000000000..0e8a0eb36f4ca2c939201c0d54b5d82a1ea34778 --- /dev/null +++ b/helm/capif/charts/mongo/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/capif/charts/helper/Chart.yaml b/helm/capif/charts/mongo/Chart.yaml similarity index 98% rename from helm/capif/charts/helper/Chart.yaml rename to helm/capif/charts/mongo/Chart.yaml index 4ddfbf3967718e22006b5b754b7ec2d751d0e635..638bb4522a792c9c9d856c1fb3999b68c1da0edf 100644 --- a/helm/capif/charts/helper/Chart.yaml +++ b/helm/capif/charts/mongo/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -name: helper +name: mongo description: A Helm chart for Kubernetes # A chart can be either an 'application' or a 'library' chart. diff --git a/helm/capif/charts/helper/templates/NOTES.txt b/helm/capif/charts/mongo/templates/NOTES.txt similarity index 77% rename from helm/capif/charts/helper/templates/NOTES.txt rename to helm/capif/charts/mongo/templates/NOTES.txt index f8f6f774769a0eb1872df2436de39fd4b89dffc5..1fcc59357a7cf685e5a054400018bfef1981c834 100644 --- a/helm/capif/charts/helper/templates/NOTES.txt +++ b/helm/capif/charts/mongo/templates/NOTES.txt @@ -6,16 +6,16 @@ {{- end }} {{- end }} {{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "helper.fullname" . }}) + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "mongo.fullname" . }}) export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT {{- else if contains "LoadBalancer" .Values.service.type }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "helper.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "helper.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "mongo.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "mongo.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") echo http://$SERVICE_IP:{{ .Values.service.port }} {{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "helper.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "mongo.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") echo "Visit http://127.0.0.1:8080 to use your application" kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT diff --git a/helm/capif/charts/helper/templates/_helpers.tpl b/helm/capif/charts/mongo/templates/_helpers.tpl similarity index 76% rename from helm/capif/charts/helper/templates/_helpers.tpl rename to helm/capif/charts/mongo/templates/_helpers.tpl index f4a197b20c55e50ad4c5bab1462dcdae183dd3db..cce4e1b2fbad0c83e5a4e6b8c76d9ebf3503af54 100644 --- a/helm/capif/charts/helper/templates/_helpers.tpl +++ b/helm/capif/charts/mongo/templates/_helpers.tpl @@ -1,7 +1,7 @@ {{/* Expand the name of the chart. */}} -{{- define "helper.name" -}} +{{- define "mongo.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} {{- end }} @@ -10,7 +10,7 @@ Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} -{{- define "helper.fullname" -}} +{{- define "mongo.fullname" -}} {{- if .Values.fullnameOverride }} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} {{- else }} @@ -26,16 +26,16 @@ If release name contains chart name it will be used as a full name. {{/* Create chart name and version as used by the chart label. */}} -{{- define "helper.chart" -}} +{{- define "mongo.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} {{/* Common labels */}} -{{- define "helper.labels" -}} -helm.sh/chart: {{ include "helper.chart" . }} -{{ include "helper.selectorLabels" . }} +{{- define "mongo.labels" -}} +helm.sh/chart: {{ include "mongo.chart" . }} +{{ include "mongo.selectorLabels" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} @@ -45,17 +45,17 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{/* Selector labels */}} -{{- define "helper.selectorLabels" -}} -app.kubernetes.io/name: {{ include "helper.name" . }} +{{- define "mongo.selectorLabels" -}} +app.kubernetes.io/name: {{ include "mongo.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} {{/* Create the name of the service account to use */}} -{{- define "helper.serviceAccountName" -}} +{{- define "mongo.serviceAccountName" -}} {{- if .Values.serviceAccount.create }} -{{- default (include "helper.fullname" .) .Values.serviceAccount.name }} +{{- default (include "mongo.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} {{- end }} diff --git a/helm/capif/charts/mongo/templates/deployment.yaml b/helm/capif/charts/mongo/templates/deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..80cedad5207f48141191f03ba58e0ec9bdf09646 --- /dev/null +++ b/helm/capif/charts/mongo/templates/deployment.yaml @@ -0,0 +1,83 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "mongo.fullname" . }} + labels: + {{- include "mongo.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + strategy: + type: Recreate + selector: + matchLabels: + {{- include "mongo.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + date: "{{ now | unixEpoch }}" + labels: + {{- include "mongo.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "mongo.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + env: + - name: MONGO_INITDB_ROOT_PASSWORD + value: {{ quote .Values.env.mongoInitdbRootPassword }} + - name: MONGO_INITDB_ROOT_USERNAME + value: {{ quote .Values.env.mongoInitdbRootUsername }} + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + - name: mongo-helper + image: busybox + command: + - sh + - -c + - while true ; do echo alive ; sleep 10 ; done + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/capif/charts/helper/templates/hpa.yaml b/helm/capif/charts/mongo/templates/hpa.yaml similarity index 86% rename from helm/capif/charts/helper/templates/hpa.yaml rename to helm/capif/charts/mongo/templates/hpa.yaml index 046148d39279bc420739dfd71c5ef35e1498c513..ae64b40ecf91f10a759b796c774fc5bb28696494 100644 --- a/helm/capif/charts/helper/templates/hpa.yaml +++ b/helm/capif/charts/mongo/templates/hpa.yaml @@ -2,14 +2,14 @@ apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: - name: {{ include "helper.fullname" . }} + name: {{ include "mongo.fullname" . }} labels: - {{- include "helper.labels" . | nindent 4 }} + {{- include "mongo.labels" . | nindent 4 }} spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment - name: {{ include "helper.fullname" . }} + name: {{ include "mongo.fullname" . }} minReplicas: {{ .Values.autoscaling.minReplicas }} maxReplicas: {{ .Values.autoscaling.maxReplicas }} metrics: diff --git a/helm/capif/charts/helper/templates/ingress.yaml b/helm/capif/charts/mongo/templates/ingress.yaml similarity index 95% rename from helm/capif/charts/helper/templates/ingress.yaml rename to helm/capif/charts/mongo/templates/ingress.yaml index b3817bf910c95f374b285b6ca8db0c3a5d079c16..b173c907deeed66d02276ff4276fa6d4bf9269cc 100644 --- a/helm/capif/charts/helper/templates/ingress.yaml +++ b/helm/capif/charts/mongo/templates/ingress.yaml @@ -1,5 +1,5 @@ {{- if .Values.ingress.enabled -}} -{{- $fullName := include "helper.fullname" . -}} +{{- $fullName := include "mongo.fullname" . -}} {{- $svcPort := .Values.service.port -}} {{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} @@ -17,7 +17,7 @@ kind: Ingress metadata: name: {{ $fullName }} labels: - {{- include "helper.labels" . | nindent 4 }} + {{- include "mongo.labels" . | nindent 4 }} {{- with .Values.ingress.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/helm/capif/charts/mongo/templates/pvc.yaml b/helm/capif/charts/mongo/templates/pvc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..c0ceafd7e06ed2ea6cdee2596923eebaa79bfdba --- /dev/null +++ b/helm/capif/charts/mongo/templates/pvc.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + {{- include "mongo.labels" . | nindent 8 }} + name: mongo-pvc +spec: + storageClassName: {{ .Values.persistence.storageClass }} + accessModes: + - ReadWriteMany + resources: + requests: + storage: {{ .Values.persistence.storage }} \ No newline at end of file diff --git a/helm/capif/charts/mongo/templates/service.yaml b/helm/capif/charts/mongo/templates/service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..be5b5f42d2b956ac4416d2bd811b4acc4fde774d --- /dev/null +++ b/helm/capif/charts/mongo/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: mongo + labels: + {{- include "mongo.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "mongo.selectorLabels" . | nindent 4 }} diff --git a/helm/capif/charts/helper/templates/serviceaccount.yaml b/helm/capif/charts/mongo/templates/serviceaccount.yaml similarity index 73% rename from helm/capif/charts/helper/templates/serviceaccount.yaml rename to helm/capif/charts/mongo/templates/serviceaccount.yaml index e0e6d79313e967d9ae9bedc817a49b6e82aa7642..95b6769933bdcbe7c3e554b37e797a468fe1f37f 100644 --- a/helm/capif/charts/helper/templates/serviceaccount.yaml +++ b/helm/capif/charts/mongo/templates/serviceaccount.yaml @@ -2,9 +2,9 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: {{ include "helper.serviceAccountName" . }} + name: {{ include "mongo.serviceAccountName" . }} labels: - {{- include "helper.labels" . | nindent 4 }} + {{- include "mongo.labels" . | nindent 4 }} {{- with .Values.serviceAccount.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/helm/capif/charts/mongo/templates/tests/test-connection.yaml b/helm/capif/charts/mongo/templates/tests/test-connection.yaml new file mode 100644 index 0000000000000000000000000000000000000000..4cf0b7f6f382bde9a3a4a3463cab9977b73133a6 --- /dev/null +++ b/helm/capif/charts/mongo/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "mongo.fullname" . }}-test-connection" + labels: + {{- include "mongo.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['mongo:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/capif/charts/mongo/values.yaml b/helm/capif/charts/mongo/values.yaml new file mode 100644 index 0000000000000000000000000000000000000000..53b8cf5f9bff46c918a9354c1e2f2f56eba1419f --- /dev/null +++ b/helm/capif/charts/mongo/values.yaml @@ -0,0 +1,116 @@ +# Default values for mongo. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: mongo + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "6.0.2" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +env: + mongoInitdbRootPassword: example + mongoInitdbRootUsername: root + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} +podLabels: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + runAsUser: 999 + +service: + type: ClusterIP + port: 27017 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +livenessProbe: + tcpSocket: + port: 27017 + initialDelaySeconds: 20 + periodSeconds: 5 + +readinessProbe: + tcpSocket: + port: 27017 +# initialDelaySeconds: 5 + periodSeconds: 5 + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +persistence: + storage: 8Gi + storageClass: nfs-01 + +# Additional volumes on the output Deployment definition. +volumes: + - name: mongo-pvc + persistentVolumeClaim: + claimName: mongo-pvc + +# Additional volumeMounts on the output Deployment definition. +volumeMounts: + - name: mongo-pvc + mountPath: /data/db + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/capif/charts/nginx/.helmignore b/helm/capif/charts/nginx/.helmignore new file mode 100644 index 0000000000000000000000000000000000000000..0e8a0eb36f4ca2c939201c0d54b5d82a1ea34778 --- /dev/null +++ b/helm/capif/charts/nginx/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/capif/charts/nginx/Chart.yaml b/helm/capif/charts/nginx/Chart.yaml new file mode 100644 index 0000000000000000000000000000000000000000..3464a394b4da5052006464f8fce5db8631012b09 --- /dev/null +++ b/helm/capif/charts/nginx/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: nginx +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/helm/capif/charts/nginx/templates/NOTES.txt b/helm/capif/charts/nginx/templates/NOTES.txt new file mode 100644 index 0000000000000000000000000000000000000000..918bb6420d81c821d463a157d8f3b4d86d7af060 --- /dev/null +++ b/helm/capif/charts/nginx/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "nginx.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "nginx.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "nginx.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "nginx.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/capif/charts/nginx/templates/_helpers.tpl b/helm/capif/charts/nginx/templates/_helpers.tpl new file mode 100644 index 0000000000000000000000000000000000000000..ad9f4328e3ced783bd0327cc6c342cab2ce2b7b9 --- /dev/null +++ b/helm/capif/charts/nginx/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "nginx.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "nginx.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "nginx.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "nginx.labels" -}} +helm.sh/chart: {{ include "nginx.chart" . }} +{{ include "nginx.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "nginx.selectorLabels" -}} +app.kubernetes.io/name: {{ include "nginx.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "nginx.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "nginx.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/capif/charts/nginx/templates/deployment.yaml b/helm/capif/charts/nginx/templates/deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..a5cd26c2c5e54fea61f31bd53f2987d9f17de38f --- /dev/null +++ b/helm/capif/charts/nginx/templates/deployment.yaml @@ -0,0 +1,76 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "nginx.fullname" . }} + labels: + {{- include "nginx.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "nginx.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + date: "{{ now | unixEpoch }}" + labels: + {{- include "nginx.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "nginx.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + {{- range .Values.services }} + - name: {{ .name }} + containerPort: {{ .port }} + {{- end }} + env: + - name: CAPIF_HOSTNAME + value: {{ quote .Values.env.capifHostname }} + - name: VAULT_HOSTNAME + value: {{ quote .Values.env.vaultHostname }} + - name: VAULT_PORT + value: {{ quote .Values.env.vaultPort }} + - name: VAULT_ACCESS_TOKEN + value: {{ quote .Values.env.vaultAccessToken }} + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/capif/charts/nginx/templates/hpa.yaml b/helm/capif/charts/nginx/templates/hpa.yaml new file mode 100644 index 0000000000000000000000000000000000000000..b664f71a1c17420f7d2ca497b19ea49fb4c4b303 --- /dev/null +++ b/helm/capif/charts/nginx/templates/hpa.yaml @@ -0,0 +1,32 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "nginx.fullname" . }} + labels: + {{- include "nginx.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "nginx.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/capif/charts/nginx/templates/ingress-route.yaml b/helm/capif/charts/nginx/templates/ingress-route.yaml new file mode 100644 index 0000000000000000000000000000000000000000..5fec0968795cf423969337754a78fbaf4bbc7a36 --- /dev/null +++ b/helm/capif/charts/nginx/templates/ingress-route.yaml @@ -0,0 +1,25 @@ +{{- if eq .Values.ingress.className "IngressRoute" }} +{{- $fullName := include "nginx.fullname" . -}} +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: {{ $fullName }}-route +spec: + entryPoints: [web] + routes: + - kind: Rule + {{- range .Values.ingress.hosts }} + match: Host(`{{ .host | quote }} && Path(`/ca-root`, `/sign-csr`, `/certdata`, `/register`, `/testdata`, `/getauth`, `/test`)`) + services: + - kind: Service + name: nginx + port: 8080 + scheme: http + - kind: Service + name: nginx + port: 443 + tls: + passthrough: true + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/capif/charts/nginx/templates/ingress.yaml b/helm/capif/charts/nginx/templates/ingress.yaml new file mode 100644 index 0000000000000000000000000000000000000000..82f373e309624442fe6f6613818c524d6ae12e56 --- /dev/null +++ b/helm/capif/charts/nginx/templates/ingress.yaml @@ -0,0 +1,59 @@ +{{- if .Values.ingress.enabled -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: nginx-ingress + labels: + {{- include "nginx.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: nginx + port: + number: 443 + {{- else }} + serviceName: nginx + servicePort: 443 + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/capif/charts/nginx/templates/service.yaml b/helm/capif/charts/nginx/templates/service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..64821616c184fd9edb34d133bb5971f81aabe1a1 --- /dev/null +++ b/helm/capif/charts/nginx/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: nginx + labels: + {{- include "nginx.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + {{- range .Values.service.ports }} + - name: {{ .name }} + port: {{ .port }} + targetPort: {{ .targetPort }} + {{- end }} + selector: + {{- include "nginx.selectorLabels" . | nindent 4 }} \ No newline at end of file diff --git a/helm/capif/charts/nginx/templates/serviceaccount.yaml b/helm/capif/charts/nginx/templates/serviceaccount.yaml new file mode 100644 index 0000000000000000000000000000000000000000..02c08bb0cf32f86abcdee2ce4a67c27d51d93ef9 --- /dev/null +++ b/helm/capif/charts/nginx/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "nginx.serviceAccountName" . }} + labels: + {{- include "nginx.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm/capif/charts/nginx/templates/tests/test-connection.yaml b/helm/capif/charts/nginx/templates/tests/test-connection.yaml new file mode 100644 index 0000000000000000000000000000000000000000..bdbc141bc183124af706c2934d2bcffe79035b1f --- /dev/null +++ b/helm/capif/charts/nginx/templates/tests/test-connection.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "test-connection" + labels: + {{- include "nginx.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + {{- range .Values.service.ports }} + - name: wget-{{ .name }} + image: busybox + command: ['wget'] + args: ['nginx:{{ .port }}'] + {{- end }} + restartPolicy: Never diff --git a/helm/capif/charts/nginx/values.yaml b/helm/capif/charts/nginx/values.yaml new file mode 100644 index 0000000000000000000000000000000000000000..e3ba0017e40dce2172b03a16dd6ed055e8e1782a --- /dev/null +++ b/helm/capif/charts/nginx/values.yaml @@ -0,0 +1,122 @@ +# Default values for nginx. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: nginx + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +env: + capifHostname: my-capif.apps.ocp-epg.hi.inet + vaultHostname: vault-internal.mon.svc.cluster.local + vaultPort: 8200 + vaultAccessToken: dev-only-token + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} +podLabels: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + ports: + - name: "http" + port: 8080 + targetPort: 8080 + - name: "https" + port: 443 + targetPort: 443 + type: ClusterIP + + +ingress: + enabled: true + className: nginx + annotations: + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + hosts: + - host: nginx-example.local + paths: + - path: / + pathType: Prefix + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + +livenessProbe: + tcpSocket: + port: 8080 + initialDelaySeconds: 20 + periodSeconds: 5 +readinessProbe: +# httpGet: +# path: / +# port: http + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +# Additional volumes on the output Deployment definition. +volumes: [] +# - name: foo +# secret: +# secretName: mysecret +# optional: false + +# Additional volumeMounts on the output Deployment definition. +volumeMounts: [] +# - name: foo +# mountPath: "/etc/foo" +# readOnly: true + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/capif/charts/ocf-access-control-policy/.helmignore b/helm/capif/charts/ocf-access-control-policy/.helmignore new file mode 100644 index 0000000000000000000000000000000000000000..0e8a0eb36f4ca2c939201c0d54b5d82a1ea34778 --- /dev/null +++ b/helm/capif/charts/ocf-access-control-policy/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/capif/charts/ocf-access-control-policy/Chart.yaml b/helm/capif/charts/ocf-access-control-policy/Chart.yaml new file mode 100644 index 0000000000000000000000000000000000000000..bed944736358047f394df7acd417a1f89e572932 --- /dev/null +++ b/helm/capif/charts/ocf-access-control-policy/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: ocf-access-control-policy +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/helm/capif/charts/ocf-access-control-policy/templates/NOTES.txt b/helm/capif/charts/ocf-access-control-policy/templates/NOTES.txt new file mode 100644 index 0000000000000000000000000000000000000000..9928abe2bea18db77c1a24b4f101fdd95ee3a6b1 --- /dev/null +++ b/helm/capif/charts/ocf-access-control-policy/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "ocf-access-control-policy.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "ocf-access-control-policy.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "ocf-access-control-policy.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "ocf-access-control-policy.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/capif/charts/ocf-access-control-policy/templates/_helpers.tpl b/helm/capif/charts/ocf-access-control-policy/templates/_helpers.tpl new file mode 100644 index 0000000000000000000000000000000000000000..d446320287061b7bd7d1fccce9baf6f47350b776 --- /dev/null +++ b/helm/capif/charts/ocf-access-control-policy/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "ocf-access-control-policy.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "ocf-access-control-policy.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "ocf-access-control-policy.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "ocf-access-control-policy.labels" -}} +helm.sh/chart: {{ include "ocf-access-control-policy.chart" . }} +{{ include "ocf-access-control-policy.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "ocf-access-control-policy.selectorLabels" -}} +app.kubernetes.io/name: {{ include "ocf-access-control-policy.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "ocf-access-control-policy.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "ocf-access-control-policy.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/capif/charts/ocf-access-control-policy/templates/deployment.yaml b/helm/capif/charts/ocf-access-control-policy/templates/deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..3a8000f6561260d6f6edb0383d1dc63c37700dea --- /dev/null +++ b/helm/capif/charts/ocf-access-control-policy/templates/deployment.yaml @@ -0,0 +1,71 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "ocf-access-control-policy.fullname" . }} + labels: + {{- include "ocf-access-control-policy.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "ocf-access-control-policy.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + date: "{{ now | unixEpoch }}" + labels: + {{- include "ocf-access-control-policy.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "ocf-access-control-policy.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + env: + - name: CAPIF_HOSTNAME + value: {{ quote .Values.env.capifHostname }} + - name: MONITORING + value: {{ quote .Values.env.monitoring }} + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/capif/charts/ocf-access-control-policy/templates/hpa.yaml b/helm/capif/charts/ocf-access-control-policy/templates/hpa.yaml new file mode 100644 index 0000000000000000000000000000000000000000..3e5774e603a8bb59df050fe0dbca6a751bb9a3b6 --- /dev/null +++ b/helm/capif/charts/ocf-access-control-policy/templates/hpa.yaml @@ -0,0 +1,32 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "ocf-access-control-policy.fullname" . }} + labels: + {{- include "ocf-access-control-policy.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "ocf-access-control-policy.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/capif/charts/ocf-access-control-policy/templates/ingress.yaml b/helm/capif/charts/ocf-access-control-policy/templates/ingress.yaml new file mode 100644 index 0000000000000000000000000000000000000000..7aa1dc7c7e0db4e6c7fc5f019d142410f8b5512e --- /dev/null +++ b/helm/capif/charts/ocf-access-control-policy/templates/ingress.yaml @@ -0,0 +1,61 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "ocf-access-control-policy.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "ocf-access-control-policy.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/capif/charts/ocf-access-control-policy/templates/service.yaml b/helm/capif/charts/ocf-access-control-policy/templates/service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..16616bdca3ff6bdfb3fe26bfdf74c568d5fa9d60 --- /dev/null +++ b/helm/capif/charts/ocf-access-control-policy/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: access-control-policy + labels: + {{- include "ocf-access-control-policy.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "ocf-access-control-policy.selectorLabels" . | nindent 4 }} diff --git a/helm/capif/charts/ocf-access-control-policy/templates/serviceaccount.yaml b/helm/capif/charts/ocf-access-control-policy/templates/serviceaccount.yaml new file mode 100644 index 0000000000000000000000000000000000000000..0f513f2d572b00370bcd6473f6c715e131fb8742 --- /dev/null +++ b/helm/capif/charts/ocf-access-control-policy/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "ocf-access-control-policy.serviceAccountName" . }} + labels: + {{- include "ocf-access-control-policy.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm/capif/charts/ocf-access-control-policy/templates/tests/test-connection.yaml b/helm/capif/charts/ocf-access-control-policy/templates/tests/test-connection.yaml new file mode 100644 index 0000000000000000000000000000000000000000..b19566f6db02ad8578c3e6616f2d3689ae94a5fd --- /dev/null +++ b/helm/capif/charts/ocf-access-control-policy/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "ocf-access-control-policy.fullname" . }}-test-connection" + labels: + {{- include "ocf-access-control-policy.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['access-control-policy:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/capif/charts/ocf-access-control-policy/values.yaml b/helm/capif/charts/ocf-access-control-policy/values.yaml new file mode 100644 index 0000000000000000000000000000000000000000..2912e0961adbbca1982cdcb049647d056547c7d4 --- /dev/null +++ b/helm/capif/charts/ocf-access-control-policy/values.yaml @@ -0,0 +1,112 @@ +# Default values for ocf-access-control-policy. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: ocf-access-control-policy + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +env: + capifHostname: my-capif.apps.ocp-epg.hi.inet + monitoring: "true" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} +podLabels: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 8080 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + +livenessProbe: +# httpGet: +# path: / +# port: http +readinessProbe: + tcpSocket: + port: 8080 + initialDelaySeconds: 10 + periodSeconds: 5 + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +# Additional volumes on the output Deployment definition. +volumes: [] +# - name: foo +# secret: +# secretName: mysecret +# optional: false + +# Additional volumeMounts on the output Deployment definition. +volumeMounts: [] +# - name: foo +# mountPath: "/etc/foo" +# readOnly: true + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/capif/charts/ocf-api-invocation-logs/.helmignore b/helm/capif/charts/ocf-api-invocation-logs/.helmignore new file mode 100644 index 0000000000000000000000000000000000000000..0e8a0eb36f4ca2c939201c0d54b5d82a1ea34778 --- /dev/null +++ b/helm/capif/charts/ocf-api-invocation-logs/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/capif/charts/ocf-api-invocation-logs/Chart.yaml b/helm/capif/charts/ocf-api-invocation-logs/Chart.yaml new file mode 100644 index 0000000000000000000000000000000000000000..d735b1627724a558c170dee1e339711e8f97a152 --- /dev/null +++ b/helm/capif/charts/ocf-api-invocation-logs/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: ocf-api-invocation-logs +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/helm/capif/charts/ocf-api-invocation-logs/templates/NOTES.txt b/helm/capif/charts/ocf-api-invocation-logs/templates/NOTES.txt new file mode 100644 index 0000000000000000000000000000000000000000..8c7da8081a6e6c968cbd734d68e58d2c1dee0b0f --- /dev/null +++ b/helm/capif/charts/ocf-api-invocation-logs/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "ocf-api-invocation-logs.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "ocf-api-invocation-logs.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "ocf-api-invocation-logs.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "ocf-api-invocation-logs.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/capif/charts/ocf-api-invocation-logs/templates/_helpers.tpl b/helm/capif/charts/ocf-api-invocation-logs/templates/_helpers.tpl new file mode 100644 index 0000000000000000000000000000000000000000..f2a83cfe56d49588173f9b88e3a660f3061eab77 --- /dev/null +++ b/helm/capif/charts/ocf-api-invocation-logs/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "ocf-api-invocation-logs.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "ocf-api-invocation-logs.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "ocf-api-invocation-logs.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "ocf-api-invocation-logs.labels" -}} +helm.sh/chart: {{ include "ocf-api-invocation-logs.chart" . }} +{{ include "ocf-api-invocation-logs.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "ocf-api-invocation-logs.selectorLabels" -}} +app.kubernetes.io/name: {{ include "ocf-api-invocation-logs.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "ocf-api-invocation-logs.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "ocf-api-invocation-logs.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/capif/templates/capif-invocation-configmap.yaml b/helm/capif/charts/ocf-api-invocation-logs/templates/configmap.yaml similarity index 83% rename from helm/capif/templates/capif-invocation-configmap.yaml rename to helm/capif/charts/ocf-api-invocation-logs/templates/configmap.yaml index 68fc1f1444f515a6802332096e140615fda3c69f..bd13f9f18e9d11ad35ccc041c1cc02f6224107da 100644 --- a/helm/capif/templates/capif-invocation-configmap.yaml +++ b/helm/capif/charts/ocf-api-invocation-logs/templates/configmap.yaml @@ -5,8 +5,8 @@ metadata: data: config.yaml: | mongo: { - 'user': '{{ .Values.mongo.mongo.env.mongoInitdbRootUsername }}', - 'password': '{{ .Values.mongo.mongo.env.mongoInitdbRootPassword }}', + 'user': '{{ .Values.env.mongoInitdbRootUsername }}', + 'password': '{{ .Values.env.mongoInitdbRootPassword }}', 'db': 'capif', 'logs_col': 'invocationlogs', 'invoker_col': 'invokerdetails', diff --git a/helm/capif/charts/ocf-api-invocation-logs/templates/deployment.yaml b/helm/capif/charts/ocf-api-invocation-logs/templates/deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..fc3ce110e4f872c389118d39a60967f90cd72132 --- /dev/null +++ b/helm/capif/charts/ocf-api-invocation-logs/templates/deployment.yaml @@ -0,0 +1,78 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "ocf-api-invocation-logs.fullname" . }} + labels: + {{- include "ocf-api-invocation-logs.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "ocf-api-invocation-logs.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + date: "{{ now | unixEpoch }}" + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + labels: + {{- include "ocf-api-invocation-logs.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "ocf-api-invocation-logs.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + env: + - name: CAPIF_HOSTNAME + value: {{ quote .Values.env.capifHostname }} + - name: MONITORING + value: {{ quote .Values.env.monitoring }} + - name: VAULT_HOSTNAME + value: {{ quote .Values.env.vaultHostname }} + - name: VAULT_PORT + value: {{ quote .Values.env.vaultPort }} + - name: VAULT_ACCESS_TOKEN + value: {{ quote .Values.env.vaultAccessToken }} + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/capif/charts/ocf-api-invocation-logs/templates/hpa.yaml b/helm/capif/charts/ocf-api-invocation-logs/templates/hpa.yaml new file mode 100644 index 0000000000000000000000000000000000000000..71df2ef59670c55c25e0ec45103a783b46216b2d --- /dev/null +++ b/helm/capif/charts/ocf-api-invocation-logs/templates/hpa.yaml @@ -0,0 +1,32 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "ocf-api-invocation-logs.fullname" . }} + labels: + {{- include "ocf-api-invocation-logs.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "ocf-api-invocation-logs.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/capif/charts/ocf-api-invocation-logs/templates/ingress.yaml b/helm/capif/charts/ocf-api-invocation-logs/templates/ingress.yaml new file mode 100644 index 0000000000000000000000000000000000000000..47f0f46504a3bdb84217c67780da1b6938c34c0c --- /dev/null +++ b/helm/capif/charts/ocf-api-invocation-logs/templates/ingress.yaml @@ -0,0 +1,61 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "ocf-api-invocation-logs.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "ocf-api-invocation-logs.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/capif/charts/ocf-api-invocation-logs/templates/service.yaml b/helm/capif/charts/ocf-api-invocation-logs/templates/service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..48614fd21b500b7f9babc5800532b74d69ec376e --- /dev/null +++ b/helm/capif/charts/ocf-api-invocation-logs/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: api-invocation-logs + labels: + {{- include "ocf-api-invocation-logs.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "ocf-api-invocation-logs.selectorLabels" . | nindent 4 }} diff --git a/helm/capif/charts/ocf-api-invocation-logs/templates/serviceaccount.yaml b/helm/capif/charts/ocf-api-invocation-logs/templates/serviceaccount.yaml new file mode 100644 index 0000000000000000000000000000000000000000..c08cfed4956ec0710f42544b29337470bea2a995 --- /dev/null +++ b/helm/capif/charts/ocf-api-invocation-logs/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "ocf-api-invocation-logs.serviceAccountName" . }} + labels: + {{- include "ocf-api-invocation-logs.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm/capif/charts/ocf-api-invocation-logs/templates/tests/test-connection.yaml b/helm/capif/charts/ocf-api-invocation-logs/templates/tests/test-connection.yaml new file mode 100644 index 0000000000000000000000000000000000000000..3c3098b4fd411cc8df58b9f71435dfeefcbc83cf --- /dev/null +++ b/helm/capif/charts/ocf-api-invocation-logs/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "ocf-api-invocation-logs.fullname" . }}-test-connection" + labels: + {{- include "ocf-api-invocation-logs.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['api-invocation-logs:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/capif/charts/ocf-api-invocation-logs/values.yaml b/helm/capif/charts/ocf-api-invocation-logs/values.yaml new file mode 100644 index 0000000000000000000000000000000000000000..4c4431b3ff7c326f162fe590a1d63404347f7d8b --- /dev/null +++ b/helm/capif/charts/ocf-api-invocation-logs/values.yaml @@ -0,0 +1,119 @@ +# Default values for ocf-api-invocation-logs. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: ocf-api-invocation-logs-api + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +env: + monitoring: "true" + capifHostname: capif + vaultHostname: vault + vaultPort: 8200 + vaultAccessToken: dev-only-token + mongoInitdbRootUsername: root + mongoInitdbRootPassword: example + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} +podLabels: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 8080 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + +livenessProbe: +# httpGet: +# path: / +# port: http +readinessProbe: + tcpSocket: + port: 8080 + initialDelaySeconds: 10 + periodSeconds: 5 + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +# Additional volumes on the output Deployment definition. +volumes: + - name: capif-invocation-config + configMap: + name: capif-invocation-configmap + items: + - key: "config.yaml" + path: "config.yaml" + +# Additional volumeMounts on the output Deployment definition. +volumeMounts: + - name: capif-invocation-config + mountPath: /usr/src/app/config.yaml + subPath: config.yaml + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/capif/charts/ocf-api-invoker-management/.helmignore b/helm/capif/charts/ocf-api-invoker-management/.helmignore new file mode 100644 index 0000000000000000000000000000000000000000..0e8a0eb36f4ca2c939201c0d54b5d82a1ea34778 --- /dev/null +++ b/helm/capif/charts/ocf-api-invoker-management/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/capif/charts/ocf-api-invoker-management/Chart.yaml b/helm/capif/charts/ocf-api-invoker-management/Chart.yaml new file mode 100644 index 0000000000000000000000000000000000000000..2a9ef72f16a224e3790cf85e51a7d19e5b25eccd --- /dev/null +++ b/helm/capif/charts/ocf-api-invoker-management/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: ocf-api-invoker-management +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/helm/capif/charts/ocf-api-invoker-management/templates/NOTES.txt b/helm/capif/charts/ocf-api-invoker-management/templates/NOTES.txt new file mode 100644 index 0000000000000000000000000000000000000000..cfccd3a4e2fcdf1857a39c233204fcf25e427238 --- /dev/null +++ b/helm/capif/charts/ocf-api-invoker-management/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "ocf-api-invoker-management.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "ocf-api-invoker-management.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "ocf-api-invoker-management.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "ocf-api-invoker-management.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/capif/charts/ocf-api-invoker-management/templates/_helpers.tpl b/helm/capif/charts/ocf-api-invoker-management/templates/_helpers.tpl new file mode 100644 index 0000000000000000000000000000000000000000..35e999458fd390872ce7ed4f0691a4fbeb101760 --- /dev/null +++ b/helm/capif/charts/ocf-api-invoker-management/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "ocf-api-invoker-management.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "ocf-api-invoker-management.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "ocf-api-invoker-management.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "ocf-api-invoker-management.labels" -}} +helm.sh/chart: {{ include "ocf-api-invoker-management.chart" . }} +{{ include "ocf-api-invoker-management.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "ocf-api-invoker-management.selectorLabels" -}} +app.kubernetes.io/name: {{ include "ocf-api-invoker-management.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "ocf-api-invoker-management.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "ocf-api-invoker-management.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/capif/templates/capif-invoker-configmap.yaml b/helm/capif/charts/ocf-api-invoker-management/templates/configmap.yaml similarity index 62% rename from helm/capif/templates/capif-invoker-configmap.yaml rename to helm/capif/charts/ocf-api-invoker-management/templates/configmap.yaml index 32bab3cbcafbc40d0e028f75c33c1da2b811c240..4d83c986d75cee2cc228f2b34bae07ee8b95cfb7 100644 --- a/helm/capif/templates/capif-invoker-configmap.yaml +++ b/helm/capif/charts/ocf-api-invoker-management/templates/configmap.yaml @@ -5,8 +5,8 @@ metadata: data: config.yaml: | mongo: { - 'user': '{{ .Values.mongo.mongo.env.mongoInitdbRootUsername }}', - 'password': '{{ .Values.mongo.mongo.env.mongoInitdbRootPassword }}', + 'user': '{{ .Values.env.mongoInitdbRootUsername }}', + 'password': '{{ .Values.env.mongoInitdbRootPassword }}', 'db': 'capif', 'col': 'invokerdetails', 'capif_users_col': "user", @@ -16,17 +16,17 @@ data: 'port': "27017" } mongo_register: { - 'user': '{{ .Values.mongoRegister.mongo.env.mongoInitdbRootUsername }}', - 'password': '{{ .Values.mongoRegister.mongo.env.mongoInitdbRootPassword }}', + 'user': '{{ .Values.env.mongoRegister.mongoInitdbRootUsername }}', + 'password': '{{ .Values.env.mongoRegister.mongoInitdbRootPassword }}', 'db': 'capif_users', 'col': 'user', 'host': 'mongo-register', 'port': '27017' } ca_factory: { - "url": {{ quote .Values.parametersVault.env.vaultHostname }}, - "port": {{ quote .Values.parametersVault.env.vaultPort }}, - "token": {{ quote .Values.parametersVault.env.vaultAccessToken }} + "url": {{ quote .Values.env.vaultHostname }}, + "port": {{ quote .Values.env.vaultPort }}, + "token": {{ quote .Values.env.vaultAccessToken }} } monitoring: { diff --git a/helm/capif/charts/ocf-api-invoker-management/templates/deployment.yaml b/helm/capif/charts/ocf-api-invoker-management/templates/deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..c4fd0c90e42af849b4752f69d731b58dceb84429 --- /dev/null +++ b/helm/capif/charts/ocf-api-invoker-management/templates/deployment.yaml @@ -0,0 +1,76 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "ocf-api-invoker-management.fullname" . }} + labels: + {{- include "ocf-api-invoker-management.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "ocf-api-invoker-management.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + date: "{{ now | unixEpoch }}" + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + labels: + {{- include "ocf-api-invoker-management.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "ocf-api-invoker-management.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + env: + - name: MONITORING + value: {{ quote .Values.env.monitoring }} + - name: VAULT_HOSTNAME + value: {{ quote .Values.env.vaultHostname }} + - name: VAULT_PORT + value: {{ quote .Values.env.vaultPort }} + - name: VAULT_ACCESS_TOKEN + value: {{ quote .Values.env.vaultAccessToken }} + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/capif/charts/ocf-api-invoker-management/templates/hpa.yaml b/helm/capif/charts/ocf-api-invoker-management/templates/hpa.yaml new file mode 100644 index 0000000000000000000000000000000000000000..44d58a78aaf6451153bd18955c9304371c71edb9 --- /dev/null +++ b/helm/capif/charts/ocf-api-invoker-management/templates/hpa.yaml @@ -0,0 +1,32 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "ocf-api-invoker-management.fullname" . }} + labels: + {{- include "ocf-api-invoker-management.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "ocf-api-invoker-management.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/capif/charts/ocf-api-invoker-management/templates/ingress.yaml b/helm/capif/charts/ocf-api-invoker-management/templates/ingress.yaml new file mode 100644 index 0000000000000000000000000000000000000000..aee54f4b3ab4584a7e2b5e8bbee2f1a210ff69f4 --- /dev/null +++ b/helm/capif/charts/ocf-api-invoker-management/templates/ingress.yaml @@ -0,0 +1,61 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "ocf-api-invoker-management.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "ocf-api-invoker-management.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/capif/charts/ocf-api-invoker-management/templates/service.yaml b/helm/capif/charts/ocf-api-invoker-management/templates/service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..f62fb9bee5e237a4b0ccafb57e3555251a264a91 --- /dev/null +++ b/helm/capif/charts/ocf-api-invoker-management/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: api-invoker-management + labels: + {{- include "ocf-api-invoker-management.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "ocf-api-invoker-management.selectorLabels" . | nindent 4 }} diff --git a/helm/capif/charts/ocf-api-invoker-management/templates/serviceaccount.yaml b/helm/capif/charts/ocf-api-invoker-management/templates/serviceaccount.yaml new file mode 100644 index 0000000000000000000000000000000000000000..c32851734d6651c5eb3847b50f2edbd5af791c5b --- /dev/null +++ b/helm/capif/charts/ocf-api-invoker-management/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "ocf-api-invoker-management.serviceAccountName" . }} + labels: + {{- include "ocf-api-invoker-management.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm/capif/charts/ocf-api-invoker-management/templates/tests/test-connection.yaml b/helm/capif/charts/ocf-api-invoker-management/templates/tests/test-connection.yaml new file mode 100644 index 0000000000000000000000000000000000000000..f194ec63aff0a8e396aa70940e9c23900d346699 --- /dev/null +++ b/helm/capif/charts/ocf-api-invoker-management/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "ocf-api-invoker-management.fullname" . }}-test-connection" + labels: + {{- include "ocf-api-invoker-management.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['api-invoker-management:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/capif/charts/ocf-api-invoker-management/values.yaml b/helm/capif/charts/ocf-api-invoker-management/values.yaml new file mode 100644 index 0000000000000000000000000000000000000000..a296a41ebc0c2ff6a1b63e3d60fea141ed90634b --- /dev/null +++ b/helm/capif/charts/ocf-api-invoker-management/values.yaml @@ -0,0 +1,119 @@ +# Default values for ocf-api-invoker-management. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: ocf-api-invoker-management-api + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +env: + monitoring: "true" + vaultHostname: vault + vaultPort: 8200 + vaultAccessToken: dev-only-token + mongoInitdbRootUsername: root + mongoInitdbRootPassword: example + mongoRegister: + mongoInitdbRootUsername: root + mongoInitdbRootPassword: example + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} +podLabels: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 8080 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + +livenessProbe: +# httpGet: +# path: / +# port: http +readinessProbe: + tcpSocket: + port: 8080 + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +# Additional volumes on the output Deployment definition. +volumes: + - name: capif-invoker-config + configMap: + name: capif-invoker-configmap + items: + - key: "config.yaml" + path: "config.yaml" + +# Additional volumeMounts on the output Deployment definition. +volumeMounts: + - name: capif-invoker-config + mountPath: /usr/src/app/config.yaml + subPath: config.yaml + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/capif/charts/ocf-api-provider-management/.helmignore b/helm/capif/charts/ocf-api-provider-management/.helmignore new file mode 100644 index 0000000000000000000000000000000000000000..0e8a0eb36f4ca2c939201c0d54b5d82a1ea34778 --- /dev/null +++ b/helm/capif/charts/ocf-api-provider-management/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/capif/charts/ocf-api-provider-management/Chart.yaml b/helm/capif/charts/ocf-api-provider-management/Chart.yaml new file mode 100644 index 0000000000000000000000000000000000000000..773f014ce46e79ae2ddd0d0abe1255197b304f88 --- /dev/null +++ b/helm/capif/charts/ocf-api-provider-management/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: ocf-api-provider-management +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/helm/capif/charts/ocf-api-provider-management/templates/NOTES.txt b/helm/capif/charts/ocf-api-provider-management/templates/NOTES.txt new file mode 100644 index 0000000000000000000000000000000000000000..d65d7c1af26244c91063337027eabb4f4c4dece9 --- /dev/null +++ b/helm/capif/charts/ocf-api-provider-management/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "ocf-api-provider-management.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "ocf-api-provider-management.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "ocf-api-provider-management.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "ocf-api-provider-management.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/capif/charts/ocf-api-provider-management/templates/_helpers.tpl b/helm/capif/charts/ocf-api-provider-management/templates/_helpers.tpl new file mode 100644 index 0000000000000000000000000000000000000000..eb706b4960e38946df559aea75a813688ae44d1f --- /dev/null +++ b/helm/capif/charts/ocf-api-provider-management/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "ocf-api-provider-management.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "ocf-api-provider-management.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "ocf-api-provider-management.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "ocf-api-provider-management.labels" -}} +helm.sh/chart: {{ include "ocf-api-provider-management.chart" . }} +{{ include "ocf-api-provider-management.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "ocf-api-provider-management.selectorLabels" -}} +app.kubernetes.io/name: {{ include "ocf-api-provider-management.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "ocf-api-provider-management.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "ocf-api-provider-management.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/capif/templates/capif-provider-configmap.yaml b/helm/capif/charts/ocf-api-provider-management/templates/configmap.yaml similarity index 61% rename from helm/capif/templates/capif-provider-configmap.yaml rename to helm/capif/charts/ocf-api-provider-management/templates/configmap.yaml index 28e530fddd16402c9f7ec70734bf6f0d82220bed..e59cfe179aa1e2cd88444e2785371a5b398a40de 100644 --- a/helm/capif/templates/capif-provider-configmap.yaml +++ b/helm/capif/charts/ocf-api-provider-management/templates/configmap.yaml @@ -5,8 +5,8 @@ metadata: data: config.yaml: | mongo: { - 'user': '{{ .Values.mongo.mongo.env.mongoInitdbRootUsername }}', - 'password': '{{ .Values.mongo.mongo.env.mongoInitdbRootPassword }}', + 'user': '{{ .Values.env.mongoInitdbRootUsername }}', + 'password': '{{ .Values.env.mongoInitdbRootPassword }}', 'db': 'capif', 'col': 'providerenrolmentdetails', 'certs_col': "certs", @@ -15,17 +15,17 @@ data: 'port': "27017" } mongo_register: { - 'user': '{{ .Values.mongoRegister.mongo.env.mongoInitdbRootUsername }}', - 'password': '{{ .Values.mongoRegister.mongo.env.mongoInitdbRootPassword }}', + 'user': '{{ .Values.env.mongoRegister.mongoInitdbRootUsername }}', + 'password': '{{ .Values.env.mongoRegister.mongoInitdbRootPassword }}', 'db': 'capif_users', 'col': 'user', 'host': 'mongo-register', 'port': '27017' } ca_factory: { - "url": {{ quote .Values.parametersVault.env.vaultHostname }}, - "port": {{ quote .Values.parametersVault.env.vaultPort }}, - "token": {{ quote .Values.parametersVault.env.vaultAccessToken }} + "url": {{ quote .Values.env.vaultHostname }}, + "port": {{ quote .Values.env.vaultPort }}, + "token": {{ quote .Values.env.vaultAccessToken }} } diff --git a/helm/capif/charts/ocf-api-provider-management/templates/deployment.yaml b/helm/capif/charts/ocf-api-provider-management/templates/deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..c5ff21561990396b8de2ef6d0ec471778551ccdf --- /dev/null +++ b/helm/capif/charts/ocf-api-provider-management/templates/deployment.yaml @@ -0,0 +1,76 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "ocf-api-provider-management.fullname" . }} + labels: + {{- include "ocf-api-provider-management.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "ocf-api-provider-management.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + date: "{{ now | unixEpoch }}" + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + labels: + {{- include "ocf-api-provider-management.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "ocf-api-provider-management.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + env: + - name: MONITORING + value: {{ quote .Values.env.monitoring }} + - name: VAULT_HOSTNAME + value: {{ quote .Values.env.vaultHostname }} + - name: VAULT_PORT + value: {{ quote .Values.env.vaultPort }} + - name: VAULT_ACCESS_TOKEN + value: {{ quote .Values.env.vaultAccessToken }} + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/capif/charts/ocf-api-provider-management/templates/hpa.yaml b/helm/capif/charts/ocf-api-provider-management/templates/hpa.yaml new file mode 100644 index 0000000000000000000000000000000000000000..f3453cc6fdf2ce37c74e08cde742c1a1676c7d4e --- /dev/null +++ b/helm/capif/charts/ocf-api-provider-management/templates/hpa.yaml @@ -0,0 +1,32 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "ocf-api-provider-management.fullname" . }} + labels: + {{- include "ocf-api-provider-management.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "ocf-api-provider-management.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/capif/charts/ocf-api-provider-management/templates/ingress.yaml b/helm/capif/charts/ocf-api-provider-management/templates/ingress.yaml new file mode 100644 index 0000000000000000000000000000000000000000..2edad453f1f3acc5cd2405e47693536f69cd3915 --- /dev/null +++ b/helm/capif/charts/ocf-api-provider-management/templates/ingress.yaml @@ -0,0 +1,61 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "ocf-api-provider-management.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "ocf-api-provider-management.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/capif/charts/ocf-api-provider-management/templates/service.yaml b/helm/capif/charts/ocf-api-provider-management/templates/service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..cf51d10b557348740ea9ba93abdf7e1934a5c59d --- /dev/null +++ b/helm/capif/charts/ocf-api-provider-management/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: api-provider-management + labels: + {{- include "ocf-api-provider-management.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "ocf-api-provider-management.selectorLabels" . | nindent 4 }} diff --git a/helm/capif/charts/ocf-api-provider-management/templates/serviceaccount.yaml b/helm/capif/charts/ocf-api-provider-management/templates/serviceaccount.yaml new file mode 100644 index 0000000000000000000000000000000000000000..39bbc5c6dab16f8c0f716cd93c605e07c21caf10 --- /dev/null +++ b/helm/capif/charts/ocf-api-provider-management/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "ocf-api-provider-management.serviceAccountName" . }} + labels: + {{- include "ocf-api-provider-management.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm/capif/charts/ocf-api-provider-management/templates/tests/test-connection.yaml b/helm/capif/charts/ocf-api-provider-management/templates/tests/test-connection.yaml new file mode 100644 index 0000000000000000000000000000000000000000..c8ca529574a46b66e7e5d7482eb82a8de1a01eec --- /dev/null +++ b/helm/capif/charts/ocf-api-provider-management/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "ocf-api-provider-management.fullname" . }}-test-connection" + labels: + {{- include "ocf-api-provider-management.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['api-provider-management:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/capif/charts/ocf-api-provider-management/values.yaml b/helm/capif/charts/ocf-api-provider-management/values.yaml new file mode 100644 index 0000000000000000000000000000000000000000..019b2147a682048338465dca7aef8f492efe37c0 --- /dev/null +++ b/helm/capif/charts/ocf-api-provider-management/values.yaml @@ -0,0 +1,119 @@ +# Default values for ocf-api-provider-management. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: ocf-api-provider-management-api + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +env: + monitoring: "true" + vaultHostname: vault + vaultPort: 8200 + vaultAccessToken: dev-only-token + mongoInitdbRootUsername: root + mongoInitdbRootPassword: example + mongoRegister: + mongoInitdbRootUsername: root + mongoInitdbRootPassword: example + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} +podLabels: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 8080 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + +livenessProbe: +# httpGet: +# path: / +# port: http +readinessProbe: + tcpSocket: + port: 8080 + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +# Additional volumes on the output Deployment definition. +volumes: + - name: capif-provider-config + configMap: + name: capif-provider-configmap + items: + - key: "config.yaml" + path: "config.yaml" + +# Additional volumeMounts on the output Deployment definition. +volumeMounts: + - name: capif-provider-config + mountPath: /usr/src/app/config.yaml + subPath: config.yaml + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/capif/charts/ocf-auditing-api-logs/.helmignore b/helm/capif/charts/ocf-auditing-api-logs/.helmignore new file mode 100644 index 0000000000000000000000000000000000000000..0e8a0eb36f4ca2c939201c0d54b5d82a1ea34778 --- /dev/null +++ b/helm/capif/charts/ocf-auditing-api-logs/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/capif/charts/ocf-auditing-api-logs/Chart.yaml b/helm/capif/charts/ocf-auditing-api-logs/Chart.yaml new file mode 100644 index 0000000000000000000000000000000000000000..dd3585c35ca18a4c1229d0d4b05299cf97e990d7 --- /dev/null +++ b/helm/capif/charts/ocf-auditing-api-logs/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: ocf-auditing-api-logs +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/helm/capif/templates/capif-logs-configmap.yaml b/helm/capif/charts/ocf-auditing-api-logs/configmap.yaml similarity index 80% rename from helm/capif/templates/capif-logs-configmap.yaml rename to helm/capif/charts/ocf-auditing-api-logs/configmap.yaml index 53cae6ea3eaf65b017001ef504367eef67ce15d2..729d751f3656155cb05d6b3b4ea28b80c350cb97 100644 --- a/helm/capif/templates/capif-logs-configmap.yaml +++ b/helm/capif/charts/ocf-auditing-api-logs/configmap.yaml @@ -5,8 +5,8 @@ metadata: data: config.yaml: | mongo: { - 'user': '{{ .Values.mongo.mongo.env.mongoInitdbRootUsername }}', - 'password': '{{ .Values.mongo.mongo.env.mongoInitdbRootPassword }}', + 'user': '{{ .Values.env.mongoInitdbRootUsername }}', + 'password': '{{ .Values.env.mongoInitdbRootPassword }}', 'db': 'capif', 'logs_col': 'invocationlogs', 'capif_users_col': "user", diff --git a/helm/capif/charts/ocf-auditing-api-logs/templates/NOTES.txt b/helm/capif/charts/ocf-auditing-api-logs/templates/NOTES.txt new file mode 100644 index 0000000000000000000000000000000000000000..639b66801e9ad454868bdbc1903616e1fa7bd709 --- /dev/null +++ b/helm/capif/charts/ocf-auditing-api-logs/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "ocf-auditing-api-logs.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "ocf-auditing-api-logs.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "ocf-auditing-api-logs.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "ocf-auditing-api-logs.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/capif/charts/ocf-auditing-api-logs/templates/_helpers.tpl b/helm/capif/charts/ocf-auditing-api-logs/templates/_helpers.tpl new file mode 100644 index 0000000000000000000000000000000000000000..6f69487ba371dbf5c3896902a936f36b56bf8d89 --- /dev/null +++ b/helm/capif/charts/ocf-auditing-api-logs/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "ocf-auditing-api-logs.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "ocf-auditing-api-logs.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "ocf-auditing-api-logs.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "ocf-auditing-api-logs.labels" -}} +helm.sh/chart: {{ include "ocf-auditing-api-logs.chart" . }} +{{ include "ocf-auditing-api-logs.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "ocf-auditing-api-logs.selectorLabels" -}} +app.kubernetes.io/name: {{ include "ocf-auditing-api-logs.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "ocf-auditing-api-logs.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "ocf-auditing-api-logs.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/capif/charts/ocf-auditing-api-logs/templates/configmap.yaml b/helm/capif/charts/ocf-auditing-api-logs/templates/configmap.yaml new file mode 100644 index 0000000000000000000000000000000000000000..729d751f3656155cb05d6b3b4ea28b80c350cb97 --- /dev/null +++ b/helm/capif/charts/ocf-auditing-api-logs/templates/configmap.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: capif-logs-configmap +data: + config.yaml: | + mongo: { + 'user': '{{ .Values.env.mongoInitdbRootUsername }}', + 'password': '{{ .Values.env.mongoInitdbRootPassword }}', + 'db': 'capif', + 'logs_col': 'invocationlogs', + 'capif_users_col': "user", + 'host': 'mongo', + 'port': "27017" + } + + monitoring: { + "fluent_bit_host": fluent-bit, + "fluent_bit_port": 24224, + "opentelemetry_url": "otel-collector", + "opentelemetry_port": "55680", + "opentelemetry_max_queue_size": 8192, + "opentelemetry_schedule_delay_millis": 20000, + "opentelemetry_max_export_batch_size": 2048, + "opentelemetry_export_timeout_millis": 60000 + } + diff --git a/helm/capif/charts/ocf-auditing-api-logs/templates/deployment.yaml b/helm/capif/charts/ocf-auditing-api-logs/templates/deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..62cbf03437043bc836644bd03caa8de738591cd7 --- /dev/null +++ b/helm/capif/charts/ocf-auditing-api-logs/templates/deployment.yaml @@ -0,0 +1,70 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "ocf-auditing-api-logs.fullname" . }} + labels: + {{- include "ocf-auditing-api-logs.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "ocf-auditing-api-logs.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + date: "{{ now | unixEpoch }}" + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + labels: + {{- include "ocf-auditing-api-logs.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "ocf-auditing-api-logs.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + env: + - name: MONITORING + value: {{ quote .Values.env.monitoring }} + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/capif/charts/ocf-auditing-api-logs/templates/hpa.yaml b/helm/capif/charts/ocf-auditing-api-logs/templates/hpa.yaml new file mode 100644 index 0000000000000000000000000000000000000000..4133851d6ed4a9c56fc2b42ae7bafa99de2913e4 --- /dev/null +++ b/helm/capif/charts/ocf-auditing-api-logs/templates/hpa.yaml @@ -0,0 +1,32 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "ocf-auditing-api-logs.fullname" . }} + labels: + {{- include "ocf-auditing-api-logs.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "ocf-auditing-api-logs.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/capif/charts/ocf-auditing-api-logs/templates/ingress.yaml b/helm/capif/charts/ocf-auditing-api-logs/templates/ingress.yaml new file mode 100644 index 0000000000000000000000000000000000000000..1a63f2f1c393a29d9c13c0d9e91d28b044b36318 --- /dev/null +++ b/helm/capif/charts/ocf-auditing-api-logs/templates/ingress.yaml @@ -0,0 +1,61 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "ocf-auditing-api-logs.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "ocf-auditing-api-logs.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/capif/charts/ocf-auditing-api-logs/templates/service.yaml b/helm/capif/charts/ocf-auditing-api-logs/templates/service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..cc0a6858516a3cfe5249ee04de416bb64eaf64f3 --- /dev/null +++ b/helm/capif/charts/ocf-auditing-api-logs/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: logs + labels: + {{- include "ocf-auditing-api-logs.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "ocf-auditing-api-logs.selectorLabels" . | nindent 4 }} diff --git a/helm/capif/charts/ocf-auditing-api-logs/templates/serviceaccount.yaml b/helm/capif/charts/ocf-auditing-api-logs/templates/serviceaccount.yaml new file mode 100644 index 0000000000000000000000000000000000000000..7cc126f50eeed851dfe8f08373cd71e0352c2b49 --- /dev/null +++ b/helm/capif/charts/ocf-auditing-api-logs/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "ocf-auditing-api-logs.serviceAccountName" . }} + labels: + {{- include "ocf-auditing-api-logs.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm/capif/charts/ocf-auditing-api-logs/templates/tests/test-connection.yaml b/helm/capif/charts/ocf-auditing-api-logs/templates/tests/test-connection.yaml new file mode 100644 index 0000000000000000000000000000000000000000..ddd02e7f83aa06ed90049db1bc2803b590addddc --- /dev/null +++ b/helm/capif/charts/ocf-auditing-api-logs/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "ocf-auditing-api-logs.fullname" . }}-test-connection" + labels: + {{- include "ocf-auditing-api-logs.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['logs:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/capif/charts/ocf-auditing-api-logs/values.yaml b/helm/capif/charts/ocf-auditing-api-logs/values.yaml new file mode 100644 index 0000000000000000000000000000000000000000..41e3d1f3d729274009e6cda6a073744fd99e347c --- /dev/null +++ b/helm/capif/charts/ocf-auditing-api-logs/values.yaml @@ -0,0 +1,115 @@ +# Default values for ocf-auditing-api-logs. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: auditing-api + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +env: + monitoring: "true" + mongoInitdbRootUsername: root + mongoInitdbRootPassword: example + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} +podLabels: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 8080 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + +livenessProbe: +# httpGet: +# path: / +# port: http +readinessProbe: + tcpSocket: + port: 8080 + initialDelaySeconds: 5 + periodSeconds: 5 + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +# Additional volumes on the output Deployment definition. +volumes: + - name: capif-logs-config + configMap: + name: capif-logs-configmap + items: + - key: "config.yaml" + path: "config.yaml" + +# Additional volumeMounts on the output Deployment definition. +volumeMounts: + - name: capif-logs-config + mountPath: /usr/src/app/config.yaml + subPath: config.yaml + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/capif/charts/ocf-discover-service-api/.helmignore b/helm/capif/charts/ocf-discover-service-api/.helmignore new file mode 100644 index 0000000000000000000000000000000000000000..0e8a0eb36f4ca2c939201c0d54b5d82a1ea34778 --- /dev/null +++ b/helm/capif/charts/ocf-discover-service-api/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/capif/charts/ocf-discover-service-api/Chart.yaml b/helm/capif/charts/ocf-discover-service-api/Chart.yaml new file mode 100644 index 0000000000000000000000000000000000000000..3bffbb8ac0f624fc2b1648fb7ad3aa9ce3098849 --- /dev/null +++ b/helm/capif/charts/ocf-discover-service-api/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: ocf-discover-service-api +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/helm/capif/charts/ocf-discover-service-api/templates/NOTES.txt b/helm/capif/charts/ocf-discover-service-api/templates/NOTES.txt new file mode 100644 index 0000000000000000000000000000000000000000..64d223081e221900c4e1addd5b9ba6274c1ac3cc --- /dev/null +++ b/helm/capif/charts/ocf-discover-service-api/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "ocf-discover-service-api.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "ocf-discover-service-api.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "ocf-discover-service-api.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "ocf-discover-service-api.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/capif/charts/ocf-discover-service-api/templates/_helpers.tpl b/helm/capif/charts/ocf-discover-service-api/templates/_helpers.tpl new file mode 100644 index 0000000000000000000000000000000000000000..2c42280ec9edf4d9a42fa4962bc1612619a6ceb7 --- /dev/null +++ b/helm/capif/charts/ocf-discover-service-api/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "ocf-discover-service-api.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "ocf-discover-service-api.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "ocf-discover-service-api.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "ocf-discover-service-api.labels" -}} +helm.sh/chart: {{ include "ocf-discover-service-api.chart" . }} +{{ include "ocf-discover-service-api.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "ocf-discover-service-api.selectorLabels" -}} +app.kubernetes.io/name: {{ include "ocf-discover-service-api.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "ocf-discover-service-api.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "ocf-discover-service-api.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/capif/templates/capif-service-configmap.yaml b/helm/capif/charts/ocf-discover-service-api/templates/configmap.yaml similarity index 82% rename from helm/capif/templates/capif-service-configmap.yaml rename to helm/capif/charts/ocf-discover-service-api/templates/configmap.yaml index 1cd3d6610c9e3850ec0231f3680345fac8aad969..96d0c367f3380331806c9c040a985cf22f9b4b27 100644 --- a/helm/capif/templates/capif-service-configmap.yaml +++ b/helm/capif/charts/ocf-discover-service-api/templates/configmap.yaml @@ -5,8 +5,8 @@ metadata: data: config.yaml: | mongo: { - 'user': '{{ .Values.mongo.mongo.env.mongoInitdbRootUsername }}', - 'password': '{{ .Values.mongo.mongo.env.mongoInitdbRootPassword }}', + 'user': '{{ .Values.env.mongoInitdbRootUsername }}', + 'password': '{{ .Values.env.mongoInitdbRootPassword }}', 'db': 'capif', 'col': 'serviceapidescriptions', 'invokers_col': 'invokerdetails', diff --git a/helm/capif/charts/ocf-discover-service-api/templates/deployment.yaml b/helm/capif/charts/ocf-discover-service-api/templates/deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..438b986efee0e73d3f4eb08082df552cd25226e5 --- /dev/null +++ b/helm/capif/charts/ocf-discover-service-api/templates/deployment.yaml @@ -0,0 +1,70 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "ocf-discover-service-api.fullname" . }} + labels: + {{- include "ocf-discover-service-api.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "ocf-discover-service-api.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + date: "{{ now | unixEpoch }}" + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + labels: + {{- include "ocf-discover-service-api.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "ocf-discover-service-api.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + env: + - name: MONITORING + value: {{ quote .Values.env.monitoring }} + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/capif/charts/ocf-discover-service-api/templates/hpa.yaml b/helm/capif/charts/ocf-discover-service-api/templates/hpa.yaml new file mode 100644 index 0000000000000000000000000000000000000000..bb4c30108f1f4c6ad5eb06d2fbad476c136448f5 --- /dev/null +++ b/helm/capif/charts/ocf-discover-service-api/templates/hpa.yaml @@ -0,0 +1,32 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "ocf-discover-service-api.fullname" . }} + labels: + {{- include "ocf-discover-service-api.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "ocf-discover-service-api.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/capif/charts/ocf-discover-service-api/templates/ingress.yaml b/helm/capif/charts/ocf-discover-service-api/templates/ingress.yaml new file mode 100644 index 0000000000000000000000000000000000000000..b5187292641e3869ed3d61bfeff4cbcbe4691835 --- /dev/null +++ b/helm/capif/charts/ocf-discover-service-api/templates/ingress.yaml @@ -0,0 +1,61 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "ocf-discover-service-api.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "ocf-discover-service-api.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/capif/charts/ocf-discover-service-api/templates/service.yaml b/helm/capif/charts/ocf-discover-service-api/templates/service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..fda46c37a5b6f417967729be1279196a2b3f3692 --- /dev/null +++ b/helm/capif/charts/ocf-discover-service-api/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: service-apis + labels: + {{- include "ocf-discover-service-api.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "ocf-discover-service-api.selectorLabels" . | nindent 4 }} diff --git a/helm/capif/charts/ocf-discover-service-api/templates/serviceaccount.yaml b/helm/capif/charts/ocf-discover-service-api/templates/serviceaccount.yaml new file mode 100644 index 0000000000000000000000000000000000000000..be789193c71fd550cb8b2819bf182d3f12d9abf9 --- /dev/null +++ b/helm/capif/charts/ocf-discover-service-api/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "ocf-discover-service-api.serviceAccountName" . }} + labels: + {{- include "ocf-discover-service-api.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm/capif/charts/ocf-discover-service-api/templates/tests/test-connection.yaml b/helm/capif/charts/ocf-discover-service-api/templates/tests/test-connection.yaml new file mode 100644 index 0000000000000000000000000000000000000000..3551457a5509607abffe1fdff612aeae18ac6a4e --- /dev/null +++ b/helm/capif/charts/ocf-discover-service-api/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "ocf-discover-service-api.fullname" . }}-test-connection" + labels: + {{- include "ocf-discover-service-api.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['service-apis:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/capif/charts/ocf-discover-service-api/values.yaml b/helm/capif/charts/ocf-discover-service-api/values.yaml new file mode 100644 index 0000000000000000000000000000000000000000..b69232d43c9b79e0a8b9bb91280325501074f064 --- /dev/null +++ b/helm/capif/charts/ocf-discover-service-api/values.yaml @@ -0,0 +1,116 @@ +# Default values for ocf-discover-service-api. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: discover-service-api + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +env: + monitoring: "true" + mongoInitdbRootUsername: root + mongoInitdbRootPassword: example + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} +podLabels: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 8080 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + +livenessProbe: +# httpGet: +# path: / +# port: http +readinessProbe: + tcpSocket: + port: 8080 + initialDelaySeconds: 5 + periodSeconds: 5 + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +# Additional volumes on the output Deployment definition. +volumes: + - name: capif-service-config + configMap: + name: capif-service-configmap + items: + - key: "config.yaml" + path: "config.yaml" + + +# Additional volumeMounts on the output Deployment definition. +volumeMounts: + - name: capif-service-config + mountPath: /usr/src/app/config.yaml + subPath: config.yaml + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/capif/charts/ocf-events/.helmignore b/helm/capif/charts/ocf-events/.helmignore new file mode 100644 index 0000000000000000000000000000000000000000..0e8a0eb36f4ca2c939201c0d54b5d82a1ea34778 --- /dev/null +++ b/helm/capif/charts/ocf-events/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/capif/charts/ocf-events/Chart.yaml b/helm/capif/charts/ocf-events/Chart.yaml new file mode 100644 index 0000000000000000000000000000000000000000..9e9667fd23cdb8dcec69b3d70bef1368ed3ea137 --- /dev/null +++ b/helm/capif/charts/ocf-events/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: ocf-events +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/helm/capif/charts/ocf-events/templates/NOTES.txt b/helm/capif/charts/ocf-events/templates/NOTES.txt new file mode 100644 index 0000000000000000000000000000000000000000..2fe07465d9d89220e6fd9c98b7ae8e96232e86ed --- /dev/null +++ b/helm/capif/charts/ocf-events/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "ocf-events.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "ocf-events.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "ocf-events.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "ocf-events.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/capif/charts/ocf-events/templates/_helpers.tpl b/helm/capif/charts/ocf-events/templates/_helpers.tpl new file mode 100644 index 0000000000000000000000000000000000000000..1c0caa6698fad8013869ef62c03ed2b95cc2d7f7 --- /dev/null +++ b/helm/capif/charts/ocf-events/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "ocf-events.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "ocf-events.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "ocf-events.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "ocf-events.labels" -}} +helm.sh/chart: {{ include "ocf-events.chart" . }} +{{ include "ocf-events.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "ocf-events.selectorLabels" -}} +app.kubernetes.io/name: {{ include "ocf-events.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "ocf-events.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "ocf-events.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/capif/templates/capif-events-configmap.yaml b/helm/capif/charts/ocf-events/templates/configmap.yaml similarity index 82% rename from helm/capif/templates/capif-events-configmap.yaml rename to helm/capif/charts/ocf-events/templates/configmap.yaml index ca31c23ec295806d0941623b19848a920ada61b9..a928cac58ffce782abccb40375ae00cfeae41a24 100644 --- a/helm/capif/templates/capif-events-configmap.yaml +++ b/helm/capif/charts/ocf-events/templates/configmap.yaml @@ -5,8 +5,8 @@ metadata: data: config.yaml: | mongo: { - 'user': '{{ .Values.mongo.mongo.env.mongoInitdbRootUsername }}', - 'password': '{{ .Values.mongo.mongo.env.mongoInitdbRootPassword }}', + 'user': '{{ .Values.env.mongoInitdbRootUsername }}', + 'password': '{{ .Values.env.mongoInitdbRootPassword }}', 'db': 'capif', 'col': 'eventsdetails', 'certs_col': "certs", @@ -25,4 +25,4 @@ data: "opentelemetry_schedule_delay_millis": 20000, "opentelemetry_max_export_batch_size": 2048, "opentelemetry_export_timeout_millis": 60000 - } + } \ No newline at end of file diff --git a/helm/capif/charts/ocf-events/templates/deployment.yaml b/helm/capif/charts/ocf-events/templates/deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..f94cc7b32c02fb294bc6b9a9279dae971c51f01c --- /dev/null +++ b/helm/capif/charts/ocf-events/templates/deployment.yaml @@ -0,0 +1,70 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "ocf-events.fullname" . }} + labels: + {{- include "ocf-events.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "ocf-events.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + date: "{{ now | unixEpoch }}" + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + labels: + {{- include "ocf-events.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "ocf-events.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + env: + - name: MONITORING + value: {{ quote .Values.env.monitoring }} + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/capif/charts/ocf-events/templates/hpa.yaml b/helm/capif/charts/ocf-events/templates/hpa.yaml new file mode 100644 index 0000000000000000000000000000000000000000..f494b0322e7c1fedf398b715e4a149732210b73e --- /dev/null +++ b/helm/capif/charts/ocf-events/templates/hpa.yaml @@ -0,0 +1,32 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "ocf-events.fullname" . }} + labels: + {{- include "ocf-events.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "ocf-events.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/capif/charts/ocf-events/templates/ingress.yaml b/helm/capif/charts/ocf-events/templates/ingress.yaml new file mode 100644 index 0000000000000000000000000000000000000000..9844a7f08861b750869af8e47f7a61ed1642e5ce --- /dev/null +++ b/helm/capif/charts/ocf-events/templates/ingress.yaml @@ -0,0 +1,61 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "ocf-events.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "ocf-events.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/capif/charts/ocf-events/templates/service.yaml b/helm/capif/charts/ocf-events/templates/service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..dd54acae3a8762966cac4d06f9cbc485c894f73b --- /dev/null +++ b/helm/capif/charts/ocf-events/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: capif-events + labels: + {{- include "ocf-events.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "ocf-events.selectorLabels" . | nindent 4 }} diff --git a/helm/capif/charts/ocf-events/templates/serviceaccount.yaml b/helm/capif/charts/ocf-events/templates/serviceaccount.yaml new file mode 100644 index 0000000000000000000000000000000000000000..f29121ae1598f7c47f6601493cf2b77326e24982 --- /dev/null +++ b/helm/capif/charts/ocf-events/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "ocf-events.serviceAccountName" . }} + labels: + {{- include "ocf-events.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm/capif/charts/ocf-events/templates/tests/test-connection.yaml b/helm/capif/charts/ocf-events/templates/tests/test-connection.yaml new file mode 100644 index 0000000000000000000000000000000000000000..fc2243308fceb55fc1382fd53671a61ca4bc2f18 --- /dev/null +++ b/helm/capif/charts/ocf-events/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "ocf-events.fullname" . }}-test-connection" + labels: + {{- include "ocf-events.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['capif-events:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/capif/charts/ocf-events/values.yaml b/helm/capif/charts/ocf-events/values.yaml new file mode 100644 index 0000000000000000000000000000000000000000..c600141fb9749a200cd799acbd0cea05425b2eb6 --- /dev/null +++ b/helm/capif/charts/ocf-events/values.yaml @@ -0,0 +1,115 @@ +# Default values for ocf-events. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: events-api + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +env: + monitoring: "true" + mongoInitdbRootUsername: root + mongoInitdbRootPassword: example + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} +podLabels: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 8080 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + +livenessProbe: +# httpGet: +# path: / +# port: http +readinessProbe: + tcpSocket: + port: 8080 + initialDelaySeconds: 5 + periodSeconds: 5 + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +# Additional volumes on the output Deployment definition. +volumes: + - name: capif-events-config + configMap: + name: capif-events-configmap + items: + - key: "config.yaml" + path: "config.yaml" + +# Additional volumeMounts on the output Deployment definition. +volumeMounts: + - name: capif-events-config + mountPath: /usr/src/app/config.yaml + subPath: config.yaml + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/capif/charts/ocf-helper/.helmignore b/helm/capif/charts/ocf-helper/.helmignore new file mode 100644 index 0000000000000000000000000000000000000000..0e8a0eb36f4ca2c939201c0d54b5d82a1ea34778 --- /dev/null +++ b/helm/capif/charts/ocf-helper/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/capif/charts/ocf-helper/Chart.yaml b/helm/capif/charts/ocf-helper/Chart.yaml new file mode 100644 index 0000000000000000000000000000000000000000..ac740bc6db0d0d23687c74f95c6bc9e33772206b --- /dev/null +++ b/helm/capif/charts/ocf-helper/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: ocf-helper +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/helm/capif/charts/ocf-helper/templates/NOTES.txt b/helm/capif/charts/ocf-helper/templates/NOTES.txt new file mode 100644 index 0000000000000000000000000000000000000000..abd131876d4961f0b2b6feaff90fc993078e473f --- /dev/null +++ b/helm/capif/charts/ocf-helper/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "ocf-helper.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "ocf-helper.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "ocf-helper.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "ocf-helper.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/capif/charts/ocf-helper/templates/_helpers.tpl b/helm/capif/charts/ocf-helper/templates/_helpers.tpl new file mode 100644 index 0000000000000000000000000000000000000000..df679e324422695bb8e7f7d6f89df54b59cf6f68 --- /dev/null +++ b/helm/capif/charts/ocf-helper/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "ocf-helper.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "ocf-helper.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "ocf-helper.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "ocf-helper.labels" -}} +helm.sh/chart: {{ include "ocf-helper.chart" . }} +{{ include "ocf-helper.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "ocf-helper.selectorLabels" -}} +app.kubernetes.io/name: {{ include "ocf-helper.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "ocf-helper.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "ocf-helper.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/capif/charts/helper/templates/deployment.yaml b/helm/capif/charts/ocf-helper/templates/deployment.yaml similarity index 88% rename from helm/capif/charts/helper/templates/deployment.yaml rename to helm/capif/charts/ocf-helper/templates/deployment.yaml index a3f43d3ed01828f6e2c086d5649b6d9c5f4aa055..7c55930fd015356cfec4f549abe6d1911a688b7b 100644 --- a/helm/capif/charts/helper/templates/deployment.yaml +++ b/helm/capif/charts/ocf-helper/templates/deployment.yaml @@ -1,23 +1,23 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "helper.fullname" . }} + name: {{ include "ocf-helper.fullname" . }} labels: - {{- include "helper.labels" . | nindent 4 }} + {{- include "ocf-helper.labels" . | nindent 4 }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} {{- end }} selector: matchLabels: - {{- include "helper.selectorLabels" . | nindent 6 }} + {{- include "ocf-helper.selectorLabels" . | nindent 6 }} template: metadata: annotations: date: "{{ now | unixEpoch }}" checksum/config: {{ include (print $.Template.BasePath "/ocf-helper-configmap.yaml") . | sha256sum }} labels: - {{- include "helper.labels" . | nindent 8 }} + {{- include "ocf-helper.labels" . | nindent 8 }} {{- with .Values.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} @@ -26,7 +26,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - serviceAccountName: {{ include "helper.serviceAccountName" . }} + serviceAccountName: {{ include "ocf-helper.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: diff --git a/helm/capif/charts/ocf-helper/templates/hpa.yaml b/helm/capif/charts/ocf-helper/templates/hpa.yaml new file mode 100644 index 0000000000000000000000000000000000000000..670686abeeddfe767164c1d4a7282af2a23049cb --- /dev/null +++ b/helm/capif/charts/ocf-helper/templates/hpa.yaml @@ -0,0 +1,32 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "ocf-helper.fullname" . }} + labels: + {{- include "ocf-helper.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "ocf-helper.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/capif/charts/ocf-helper/templates/ingress.yaml b/helm/capif/charts/ocf-helper/templates/ingress.yaml new file mode 100644 index 0000000000000000000000000000000000000000..76d37c85807a6ca1e23ea0b676ed44d67a72cecd --- /dev/null +++ b/helm/capif/charts/ocf-helper/templates/ingress.yaml @@ -0,0 +1,61 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "ocf-helper.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "ocf-helper.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/capif/charts/helper/templates/ocf-helper-configmap.yaml b/helm/capif/charts/ocf-helper/templates/ocf-helper-configmap.yaml similarity index 100% rename from helm/capif/charts/helper/templates/ocf-helper-configmap.yaml rename to helm/capif/charts/ocf-helper/templates/ocf-helper-configmap.yaml diff --git a/helm/capif/charts/helper/templates/service.yaml b/helm/capif/charts/ocf-helper/templates/service.yaml similarity index 66% rename from helm/capif/charts/helper/templates/service.yaml rename to helm/capif/charts/ocf-helper/templates/service.yaml index 4a743709cbb1d317b323484402247bffacee3aaa..87006ebaeabdd5d23bae463f5660099f9d74f824 100644 --- a/helm/capif/charts/helper/templates/service.yaml +++ b/helm/capif/charts/ocf-helper/templates/service.yaml @@ -3,7 +3,7 @@ kind: Service metadata: name: helper labels: - {{- include "helper.labels" . | nindent 4 }} + {{- include "ocf-helper.labels" . | nindent 4 }} spec: type: {{ .Values.service.type }} ports: @@ -12,4 +12,4 @@ spec: protocol: TCP name: http selector: - {{- include "helper.selectorLabels" . | nindent 4 }} + {{- include "ocf-helper.selectorLabels" . | nindent 4 }} diff --git a/helm/capif/charts/ocf-helper/templates/serviceaccount.yaml b/helm/capif/charts/ocf-helper/templates/serviceaccount.yaml new file mode 100644 index 0000000000000000000000000000000000000000..a3da0593c11791f56c4d3b7cbf0502b1b118e182 --- /dev/null +++ b/helm/capif/charts/ocf-helper/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "ocf-helper.serviceAccountName" . }} + labels: + {{- include "ocf-helper.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm/capif/charts/ocf-helper/templates/tests/test-connection.yaml b/helm/capif/charts/ocf-helper/templates/tests/test-connection.yaml new file mode 100644 index 0000000000000000000000000000000000000000..57760421413aef99ceb4b63f2c3a24a7f0be0e43 --- /dev/null +++ b/helm/capif/charts/ocf-helper/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "ocf-helper.fullname" . }}-test-connection" + labels: + {{- include "ocf-helper.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['helper:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/capif/charts/helper/values.yaml b/helm/capif/charts/ocf-helper/values.yaml similarity index 96% rename from helm/capif/charts/helper/values.yaml rename to helm/capif/charts/ocf-helper/values.yaml index 147c003af380d92300cac7baa0c486ba71753fce..36e0989056b2d8a7533366b968e19ce3777ac098 100644 --- a/helm/capif/charts/helper/values.yaml +++ b/helm/capif/charts/ocf-helper/values.yaml @@ -1,11 +1,11 @@ -# Default values for helper. +# Default values for ocf-helper. # This is a YAML-formatted file. # Declare variables to be passed into your templates. replicaCount: 1 image: - repository: "helper" + repository: "ocf-helper" pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. tag: "" @@ -36,7 +36,7 @@ serviceAccount: name: "" podAnnotations: - app: ocf-helper + app: ocf-ocf-helper podLabels: {} diff --git a/helm/capif/charts/ocf-publish-service-api/.helmignore b/helm/capif/charts/ocf-publish-service-api/.helmignore new file mode 100644 index 0000000000000000000000000000000000000000..0e8a0eb36f4ca2c939201c0d54b5d82a1ea34778 --- /dev/null +++ b/helm/capif/charts/ocf-publish-service-api/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/capif/charts/ocf-publish-service-api/Chart.yaml b/helm/capif/charts/ocf-publish-service-api/Chart.yaml new file mode 100644 index 0000000000000000000000000000000000000000..166d252382ca14ef29516690bcf32b1f09e46ca0 --- /dev/null +++ b/helm/capif/charts/ocf-publish-service-api/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: ocf-publish-service-api +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/helm/capif/charts/ocf-publish-service-api/templates/NOTES.txt b/helm/capif/charts/ocf-publish-service-api/templates/NOTES.txt new file mode 100644 index 0000000000000000000000000000000000000000..deaaa58854f5113d5e5af75e6acfeda67acaf752 --- /dev/null +++ b/helm/capif/charts/ocf-publish-service-api/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "ocf-publish-service-api.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "ocf-publish-service-api.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "ocf-publish-service-api.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "ocf-publish-service-api.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/capif/charts/ocf-publish-service-api/templates/_helpers.tpl b/helm/capif/charts/ocf-publish-service-api/templates/_helpers.tpl new file mode 100644 index 0000000000000000000000000000000000000000..9ca28fabff67cce7fe1cf6223e595e87ed805abd --- /dev/null +++ b/helm/capif/charts/ocf-publish-service-api/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "ocf-publish-service-api.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "ocf-publish-service-api.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "ocf-publish-service-api.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "ocf-publish-service-api.labels" -}} +helm.sh/chart: {{ include "ocf-publish-service-api.chart" . }} +{{ include "ocf-publish-service-api.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "ocf-publish-service-api.selectorLabels" -}} +app.kubernetes.io/name: {{ include "ocf-publish-service-api.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "ocf-publish-service-api.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "ocf-publish-service-api.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/capif/templates/capif-published-configmap.yaml b/helm/capif/charts/ocf-publish-service-api/templates/configmap.yaml similarity index 82% rename from helm/capif/templates/capif-published-configmap.yaml rename to helm/capif/charts/ocf-publish-service-api/templates/configmap.yaml index 507afd4a769e5598435bdf084fec5e866bad04d2..a76b2f2bbe1772205d1707635efb3df3209eeb8e 100644 --- a/helm/capif/templates/capif-published-configmap.yaml +++ b/helm/capif/charts/ocf-publish-service-api/templates/configmap.yaml @@ -5,8 +5,8 @@ metadata: data: config.yaml: | mongo: { - 'user': '{{ .Values.mongo.mongo.env.mongoInitdbRootUsername }}', - 'password': '{{ .Values.mongo.mongo.env.mongoInitdbRootPassword }}', + 'user': '{{ .Values.env.mongoInitdbRootUsername }}', + 'password': '{{ .Values.env.mongoInitdbRootPassword }}', 'db': 'capif', 'col': 'serviceapidescriptions', 'certs_col': "certs", diff --git a/helm/capif/charts/ocf-publish-service-api/templates/deployment.yaml b/helm/capif/charts/ocf-publish-service-api/templates/deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..49d9b2ce59795993bc4dbe0e674eaaa7d0d91036 --- /dev/null +++ b/helm/capif/charts/ocf-publish-service-api/templates/deployment.yaml @@ -0,0 +1,70 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "ocf-publish-service-api.fullname" . }} + labels: + {{- include "ocf-publish-service-api.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "ocf-publish-service-api.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + date: "{{ now | unixEpoch }}" + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + labels: + {{- include "ocf-publish-service-api.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "ocf-publish-service-api.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + env: + - name: MONITORING + value: {{ quote .Values.env.monitoring }} + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/capif/charts/ocf-publish-service-api/templates/hpa.yaml b/helm/capif/charts/ocf-publish-service-api/templates/hpa.yaml new file mode 100644 index 0000000000000000000000000000000000000000..34c23685058274ee00eed5212e12fc56e3c98abf --- /dev/null +++ b/helm/capif/charts/ocf-publish-service-api/templates/hpa.yaml @@ -0,0 +1,32 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "ocf-publish-service-api.fullname" . }} + labels: + {{- include "ocf-publish-service-api.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "ocf-publish-service-api.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/capif/charts/ocf-publish-service-api/templates/ingress.yaml b/helm/capif/charts/ocf-publish-service-api/templates/ingress.yaml new file mode 100644 index 0000000000000000000000000000000000000000..22cd9f36db99754c22c736ae633e7ae8282efc4c --- /dev/null +++ b/helm/capif/charts/ocf-publish-service-api/templates/ingress.yaml @@ -0,0 +1,61 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "ocf-publish-service-api.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "ocf-publish-service-api.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/capif/charts/ocf-publish-service-api/templates/service.yaml b/helm/capif/charts/ocf-publish-service-api/templates/service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..2412215a5d3268e1c299c6f32d4a38124695c690 --- /dev/null +++ b/helm/capif/charts/ocf-publish-service-api/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: published-apis + labels: + {{- include "ocf-publish-service-api.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "ocf-publish-service-api.selectorLabels" . | nindent 4 }} diff --git a/helm/capif/charts/ocf-publish-service-api/templates/serviceaccount.yaml b/helm/capif/charts/ocf-publish-service-api/templates/serviceaccount.yaml new file mode 100644 index 0000000000000000000000000000000000000000..22ca36f7ec915dcbe35ce7344ff7a009e27856f6 --- /dev/null +++ b/helm/capif/charts/ocf-publish-service-api/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "ocf-publish-service-api.serviceAccountName" . }} + labels: + {{- include "ocf-publish-service-api.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm/capif/charts/ocf-publish-service-api/templates/tests/test-connection.yaml b/helm/capif/charts/ocf-publish-service-api/templates/tests/test-connection.yaml new file mode 100644 index 0000000000000000000000000000000000000000..edbd061a6ec7b8b88016e0c6a8758f7aa263c21b --- /dev/null +++ b/helm/capif/charts/ocf-publish-service-api/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "ocf-publish-service-api.fullname" . }}-test-connection" + labels: + {{- include "ocf-publish-service-api.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['published-apis:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/capif/charts/ocf-publish-service-api/values.yaml b/helm/capif/charts/ocf-publish-service-api/values.yaml new file mode 100644 index 0000000000000000000000000000000000000000..4ab3c9cdabb7402d37e70fcd629530818542865b --- /dev/null +++ b/helm/capif/charts/ocf-publish-service-api/values.yaml @@ -0,0 +1,115 @@ +# Default values for ocf-publish-service-api. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: publish-service-api + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +env: + monitoring: "true" + mongoInitdbRootUsername: root + mongoInitdbRootPassword: example + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} +podLabels: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 8080 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + +livenessProbe: +# httpGet: +# path: / +# port: http +readinessProbe: + tcpSocket: + port: 8080 + initialDelaySeconds: 5 + periodSeconds: 5 + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +# Additional volumes on the output Deployment definition. +volumes: + - name: capif-published-config + configMap: + name: capif-published-configmap + items: + - key: "config.yaml" + path: "config.yaml" + +# Additional volumeMounts on the output Deployment definition. +volumeMounts: + - name: capif-published-config + mountPath: /usr/src/app/config.yaml + subPath: config.yaml + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/capif/charts/ocf-register/.helmignore b/helm/capif/charts/ocf-register/.helmignore new file mode 100644 index 0000000000000000000000000000000000000000..0e8a0eb36f4ca2c939201c0d54b5d82a1ea34778 --- /dev/null +++ b/helm/capif/charts/ocf-register/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/capif/charts/ocf-register/Chart.yaml b/helm/capif/charts/ocf-register/Chart.yaml new file mode 100644 index 0000000000000000000000000000000000000000..06dee8073879bd8dbd214be935e1101de7b70d2a --- /dev/null +++ b/helm/capif/charts/ocf-register/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: ocf-register +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/helm/capif/charts/ocf-register/templates/NOTES.txt b/helm/capif/charts/ocf-register/templates/NOTES.txt new file mode 100644 index 0000000000000000000000000000000000000000..f323bac844d2aace1c9dfb771cdd84a72ca9220d --- /dev/null +++ b/helm/capif/charts/ocf-register/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "ocf-register.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "ocf-register.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "ocf-register.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "ocf-register.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/capif/charts/ocf-register/templates/_helpers.tpl b/helm/capif/charts/ocf-register/templates/_helpers.tpl new file mode 100644 index 0000000000000000000000000000000000000000..c1d5489e1e66d3854db395fe5a8d1e1678efede1 --- /dev/null +++ b/helm/capif/charts/ocf-register/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "ocf-register.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "ocf-register.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "ocf-register.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "ocf-register.labels" -}} +helm.sh/chart: {{ include "ocf-register.chart" . }} +{{ include "ocf-register.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "ocf-register.selectorLabels" -}} +app.kubernetes.io/name: {{ include "ocf-register.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "ocf-register.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "ocf-register.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/capif/charts/ocf-register/templates/configmap.yaml b/helm/capif/charts/ocf-register/templates/configmap.yaml new file mode 100644 index 0000000000000000000000000000000000000000..0c01aedcddf6b4159a86ea52db051e809155e0b3 --- /dev/null +++ b/helm/capif/charts/ocf-register/templates/configmap.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: register-configmap +data: + config.yaml: |- + mongo: { + 'user': 'root', + 'password': 'example', + 'db': 'capif_users', + 'col': 'user', + 'admins': 'admins', + 'host': '{{ .Values.env.mongoHost }}', + 'port': '{{ .Values.env.mongoPort }}' + } + ca_factory: { + "url": "{{ .Values.env.vaultHostname }}", + "port": "{{ .Values.env.vaultPort }}", + "token": "{{ .Values.env.vaultAccessToken }}" + } + ccf: { + "url": "{{ .Values.env.capifHostname }}", + "helper_remove_user": "/helper/deleteEntities/" + } + register: { + register_uuid: '6ba7b810-9dad-11d1-80b4-00c04fd430c8', + refresh_expiration: 30, #days + token_expiration: 10, #mins + admin_users: {admin_user: "admin", + admin_pass: "password123"} + } diff --git a/helm/capif/charts/ocf-register/templates/deployment.yaml b/helm/capif/charts/ocf-register/templates/deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..5437dfc807f8ff527ec322b5be3260bc41eb8e1a --- /dev/null +++ b/helm/capif/charts/ocf-register/templates/deployment.yaml @@ -0,0 +1,74 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "ocf-register.fullname" . }} + labels: + {{- include "ocf-register.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "ocf-register.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + date: "{{ now | unixEpoch }}" + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + labels: + {{- include "ocf-register.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "ocf-register.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + env: + - name: VAULT_HOSTNAME + value: {{ quote .Values.env.vaultHostname }} + - name: VAULT_PORT + value: {{ quote .Values.env.vaultPort }} + - name: VAULT_ACCESS_TOKEN + value: {{ quote .Values.env.vaultAccessToken }} + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/capif/charts/ocf-register/templates/hpa.yaml b/helm/capif/charts/ocf-register/templates/hpa.yaml new file mode 100644 index 0000000000000000000000000000000000000000..936dbb442fa042090b594ec46165477255d53a44 --- /dev/null +++ b/helm/capif/charts/ocf-register/templates/hpa.yaml @@ -0,0 +1,32 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "ocf-register.fullname" . }} + labels: + {{- include "ocf-register.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "ocf-register.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/capif/charts/ocf-register/templates/ingress.yaml b/helm/capif/charts/ocf-register/templates/ingress.yaml new file mode 100644 index 0000000000000000000000000000000000000000..c5911eb22a274e2692e1b6466f12ba96faef3a49 --- /dev/null +++ b/helm/capif/charts/ocf-register/templates/ingress.yaml @@ -0,0 +1,60 @@ +{{- if .Values.ingress.enabled -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: nginx-register + labels: + {{- include "ocf-register.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: register + port: + number: {{ $svcPort }} + {{- else }} + serviceName: register + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/capif/charts/ocf-register/templates/service.yaml b/helm/capif/charts/ocf-register/templates/service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..ae6f7f61016530ecf8d76c781b881885a484b266 --- /dev/null +++ b/helm/capif/charts/ocf-register/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: register + labels: + {{- include "ocf-register.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: 8080 + protocol: TCP + name: http + selector: + {{- include "ocf-register.selectorLabels" . | nindent 4 }} diff --git a/helm/capif/charts/ocf-register/templates/serviceaccount.yaml b/helm/capif/charts/ocf-register/templates/serviceaccount.yaml new file mode 100644 index 0000000000000000000000000000000000000000..d29545617aaa0a37d444cbd498ced77462a0947c --- /dev/null +++ b/helm/capif/charts/ocf-register/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "ocf-register.serviceAccountName" . }} + labels: + {{- include "ocf-register.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm/capif/charts/ocf-register/templates/tests/test-connection.yaml b/helm/capif/charts/ocf-register/templates/tests/test-connection.yaml new file mode 100644 index 0000000000000000000000000000000000000000..40831f659dc9b7ff38b7b50908b6b1025f92b846 --- /dev/null +++ b/helm/capif/charts/ocf-register/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "ocf-register.fullname" . }}-test-connection" + labels: + {{- include "ocf-register.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['register:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/capif/charts/ocf-register/values.yaml b/helm/capif/charts/ocf-register/values.yaml new file mode 100644 index 0000000000000000000000000000000000000000..5605ef8621f683bd734a5786583c57554c33c045 --- /dev/null +++ b/helm/capif/charts/ocf-register/values.yaml @@ -0,0 +1,119 @@ +# Default values for ocf-register. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: register + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +env: + mongoHost: mongo-register + mongoPort: 27017 + vaultHostname: vault + vaultPort: 8200 + vaultAccessToken: dev-only-token + capifHostname: capif-test.example.int + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} +podLabels: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 8084 + +ingress: + enabled: true + className: "nginx" + annotations: + #cert-manager.io/issuer: letsencrypt-issuer + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + hosts: + - host: register.app.ocp-epg.hi.inet + paths: + - path: / + pathType: Prefix + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + +livenessProbe: +# httpGet: +# path: / +# port: http +readinessProbe: + tcpSocket: + port: 8080 + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +# Additional volumes on the output Deployment definition. +volumes: + - name: register-configmap + configMap: + name: register-configmap + items: + - key: "config.yaml" + path: "config.yaml" + + +# Additional volumeMounts on the output Deployment definition. +volumeMounts: + - name: register-configmap + mountPath: /usr/src/app/config.yaml + subPath: config.yaml + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/capif/charts/ocf-routing-info/.helmignore b/helm/capif/charts/ocf-routing-info/.helmignore new file mode 100644 index 0000000000000000000000000000000000000000..0e8a0eb36f4ca2c939201c0d54b5d82a1ea34778 --- /dev/null +++ b/helm/capif/charts/ocf-routing-info/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/capif/charts/ocf-routing-info/Chart.yaml b/helm/capif/charts/ocf-routing-info/Chart.yaml new file mode 100644 index 0000000000000000000000000000000000000000..bf109e2ab9e69a5c54432fcc02c13c80535163ad --- /dev/null +++ b/helm/capif/charts/ocf-routing-info/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: ocf-routing-info +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/helm/capif/charts/ocf-routing-info/templates/NOTES.txt b/helm/capif/charts/ocf-routing-info/templates/NOTES.txt new file mode 100644 index 0000000000000000000000000000000000000000..f08d1a05273d56d24322d10898bd6a6924048bb9 --- /dev/null +++ b/helm/capif/charts/ocf-routing-info/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "ocf-routing-info.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "ocf-routing-info.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "ocf-routing-info.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "ocf-routing-info.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/capif/charts/ocf-routing-info/templates/_helpers.tpl b/helm/capif/charts/ocf-routing-info/templates/_helpers.tpl new file mode 100644 index 0000000000000000000000000000000000000000..58bef4e641305e6299ca38701f5a5b84031af278 --- /dev/null +++ b/helm/capif/charts/ocf-routing-info/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "ocf-routing-info.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "ocf-routing-info.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "ocf-routing-info.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "ocf-routing-info.labels" -}} +helm.sh/chart: {{ include "ocf-routing-info.chart" . }} +{{ include "ocf-routing-info.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "ocf-routing-info.selectorLabels" -}} +app.kubernetes.io/name: {{ include "ocf-routing-info.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "ocf-routing-info.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "ocf-routing-info.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/capif/charts/ocf-routing-info/templates/deployment.yaml b/helm/capif/charts/ocf-routing-info/templates/deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..2e1abf12f28390b5812c3f5611d2b03a3160b7fb --- /dev/null +++ b/helm/capif/charts/ocf-routing-info/templates/deployment.yaml @@ -0,0 +1,69 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "ocf-routing-info.fullname" . }} + labels: + {{- include "ocf-routing-info.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "ocf-routing-info.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + date: "{{ now | unixEpoch }}" + labels: + {{- include "ocf-routing-info.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "ocf-routing-info.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + env: + - name: MONITORING + value: {{ quote .Values.env.monitoring }} + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/capif/charts/ocf-routing-info/templates/hpa.yaml b/helm/capif/charts/ocf-routing-info/templates/hpa.yaml new file mode 100644 index 0000000000000000000000000000000000000000..6172807bb8f75d9e75f79223456e5f897f73912d --- /dev/null +++ b/helm/capif/charts/ocf-routing-info/templates/hpa.yaml @@ -0,0 +1,32 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "ocf-routing-info.fullname" . }} + labels: + {{- include "ocf-routing-info.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "ocf-routing-info.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/capif/charts/ocf-routing-info/templates/ingress.yaml b/helm/capif/charts/ocf-routing-info/templates/ingress.yaml new file mode 100644 index 0000000000000000000000000000000000000000..cf74fa945cc6675a0ad2d70c4fedb39f9f7ba8b5 --- /dev/null +++ b/helm/capif/charts/ocf-routing-info/templates/ingress.yaml @@ -0,0 +1,61 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "ocf-routing-info.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "ocf-routing-info.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/capif/charts/ocf-routing-info/templates/service.yaml b/helm/capif/charts/ocf-routing-info/templates/service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..125bf085ccd84032dd835c361ee05bc22095a973 --- /dev/null +++ b/helm/capif/charts/ocf-routing-info/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: capif-routing-info + labels: + {{- include "ocf-routing-info.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "ocf-routing-info.selectorLabels" . | nindent 4 }} diff --git a/helm/capif/charts/ocf-routing-info/templates/serviceaccount.yaml b/helm/capif/charts/ocf-routing-info/templates/serviceaccount.yaml new file mode 100644 index 0000000000000000000000000000000000000000..6d1721d348c317cc0cc4f92e8dc28b931ff71cbd --- /dev/null +++ b/helm/capif/charts/ocf-routing-info/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "ocf-routing-info.serviceAccountName" . }} + labels: + {{- include "ocf-routing-info.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm/capif/charts/ocf-routing-info/templates/tests/test-connection.yaml b/helm/capif/charts/ocf-routing-info/templates/tests/test-connection.yaml new file mode 100644 index 0000000000000000000000000000000000000000..26169c1408a69ded1d397992773e344f9f5f0432 --- /dev/null +++ b/helm/capif/charts/ocf-routing-info/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "ocf-routing-info.fullname" . }}-test-connection" + labels: + {{- include "ocf-routing-info.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['capif-routing-info:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/capif/charts/ocf-routing-info/values.yaml b/helm/capif/charts/ocf-routing-info/values.yaml new file mode 100644 index 0000000000000000000000000000000000000000..8ba779c4f755f170bc7d2dc9ba32ffa1ed7e18ae --- /dev/null +++ b/helm/capif/charts/ocf-routing-info/values.yaml @@ -0,0 +1,111 @@ +# Default values for ocf-routing-info. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: routing-info-api + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +env: + monitoring: "true" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} +podLabels: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 8080 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + +livenessProbe: +# httpGet: +# path: / +# port: http +readinessProbe: + tcpSocket: + port: 8080 + initialDelaySeconds: 5 + periodSeconds: 5 + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +# Additional volumes on the output Deployment definition. +volumes: [] +# - name: foo +# secret: +# secretName: mysecret +# optional: false + +# Additional volumeMounts on the output Deployment definition. +volumeMounts: [] +# - name: foo +# mountPath: "/etc/foo" +# readOnly: true + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/capif/charts/ocf-security/.helmignore b/helm/capif/charts/ocf-security/.helmignore new file mode 100644 index 0000000000000000000000000000000000000000..0e8a0eb36f4ca2c939201c0d54b5d82a1ea34778 --- /dev/null +++ b/helm/capif/charts/ocf-security/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/capif/charts/ocf-security/Chart.yaml b/helm/capif/charts/ocf-security/Chart.yaml new file mode 100644 index 0000000000000000000000000000000000000000..93606cd6e5dc2315bea00f2a117feea2c3423df3 --- /dev/null +++ b/helm/capif/charts/ocf-security/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: ocf-security +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/helm/capif/charts/ocf-security/templates/NOTES.txt b/helm/capif/charts/ocf-security/templates/NOTES.txt new file mode 100644 index 0000000000000000000000000000000000000000..3654878ac39c7642e096ad255a8aeb6ba7e76a1e --- /dev/null +++ b/helm/capif/charts/ocf-security/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "ocf-security.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "ocf-security.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "ocf-security.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "ocf-security.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/capif/charts/ocf-security/templates/_helpers.tpl b/helm/capif/charts/ocf-security/templates/_helpers.tpl new file mode 100644 index 0000000000000000000000000000000000000000..11c7d3faf525a8212c78bf762e6f2298e747df64 --- /dev/null +++ b/helm/capif/charts/ocf-security/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "ocf-security.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "ocf-security.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "ocf-security.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "ocf-security.labels" -}} +helm.sh/chart: {{ include "ocf-security.chart" . }} +{{ include "ocf-security.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "ocf-security.selectorLabels" -}} +app.kubernetes.io/name: {{ include "ocf-security.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "ocf-security.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "ocf-security.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/capif/templates/capif-security-configmap.yaml b/helm/capif/charts/ocf-security/templates/configmap.yaml similarity index 82% rename from helm/capif/templates/capif-security-configmap.yaml rename to helm/capif/charts/ocf-security/templates/configmap.yaml index ade6a59257fe064ae1a27d36af23dc608e452ad4..5d099d194854f2bc3a63fa1c83e075c4b3edff36 100644 --- a/helm/capif/templates/capif-security-configmap.yaml +++ b/helm/capif/charts/ocf-security/templates/configmap.yaml @@ -5,8 +5,8 @@ metadata: data: config.yaml: | mongo: { - 'user': '{{ .Values.mongo.mongo.env.mongoInitdbRootUsername }}', - 'password': '{{ .Values.mongo.mongo.env.mongoInitdbRootPassword }}', + 'user': '{{ .Values.env.mongoInitdbRootUsername }}', + 'password': '{{ .Values.env.mongoInitdbRootPassword }}', 'db': 'capif', 'col': 'security', 'capif_service_col': 'serviceapidescriptions', diff --git a/helm/capif/charts/ocf-security/templates/deployment.yaml b/helm/capif/charts/ocf-security/templates/deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..44bd7fa9c30c93875e619c25df6c4512ced6ef50 --- /dev/null +++ b/helm/capif/charts/ocf-security/templates/deployment.yaml @@ -0,0 +1,78 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "ocf-security.fullname" . }} + labels: + {{- include "ocf-security.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "ocf-security.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + date: "{{ now | unixEpoch }}" + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + labels: + {{- include "ocf-security.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "ocf-security.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + env: + - name: CAPIF_HOSTNAME + value: {{ quote .Values.env.capifHostname }} + - name: MONITORING + value: {{ quote .Values.env.monitoring }} + - name: VAULT_HOSTNAME + value: {{ quote .Values.env.vaultHostname }} + - name: VAULT_PORT + value: {{ quote .Values.env.vaultPort }} + - name: VAULT_ACCESS_TOKEN + value: {{ quote .Values.env.vaultAccessToken }} + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/capif/charts/ocf-security/templates/hpa.yaml b/helm/capif/charts/ocf-security/templates/hpa.yaml new file mode 100644 index 0000000000000000000000000000000000000000..7b4759b3597339d3c8ba775408d5e0a3ab85c37f --- /dev/null +++ b/helm/capif/charts/ocf-security/templates/hpa.yaml @@ -0,0 +1,32 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "ocf-security.fullname" . }} + labels: + {{- include "ocf-security.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "ocf-security.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/capif/charts/ocf-security/templates/ingress.yaml b/helm/capif/charts/ocf-security/templates/ingress.yaml new file mode 100644 index 0000000000000000000000000000000000000000..5656fea5f9a4e80b6ad0679ba7e8f9f1d2707a39 --- /dev/null +++ b/helm/capif/charts/ocf-security/templates/ingress.yaml @@ -0,0 +1,61 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "ocf-security.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "ocf-security.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/capif/charts/ocf-security/templates/service.yaml b/helm/capif/charts/ocf-security/templates/service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..553dc57afb374e17f76f58cdc2269d2883e99156 --- /dev/null +++ b/helm/capif/charts/ocf-security/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: capif-security + labels: + {{- include "ocf-security.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "ocf-security.selectorLabels" . | nindent 4 }} diff --git a/helm/capif/charts/ocf-security/templates/serviceaccount.yaml b/helm/capif/charts/ocf-security/templates/serviceaccount.yaml new file mode 100644 index 0000000000000000000000000000000000000000..29faf430a13481b28406b9d648dab920b6abcdaf --- /dev/null +++ b/helm/capif/charts/ocf-security/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "ocf-security.serviceAccountName" . }} + labels: + {{- include "ocf-security.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm/capif/charts/ocf-security/templates/tests/test-connection.yaml b/helm/capif/charts/ocf-security/templates/tests/test-connection.yaml new file mode 100644 index 0000000000000000000000000000000000000000..08b375292539668fec4d9a3acbd0741f4601ebe9 --- /dev/null +++ b/helm/capif/charts/ocf-security/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "ocf-security.fullname" . }}-test-connection" + labels: + {{- include "ocf-security.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['capif-security:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/capif/charts/ocf-security/values.yaml b/helm/capif/charts/ocf-security/values.yaml new file mode 100644 index 0000000000000000000000000000000000000000..37b57c71183d98612f5f74690879914f734951ad --- /dev/null +++ b/helm/capif/charts/ocf-security/values.yaml @@ -0,0 +1,118 @@ +# Default values for ocf-security. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: security-api + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +env: + monitoring: "true" + capifHostname: capif + vaultHostname: vault + vaultPort: 8200 + vaultAccessToken: dev-only-token + mongoInitdbRootUsername: root + mongoInitdbRootPassword: example + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} +podLabels: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 8080 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + +livenessProbe: +# httpGet: +# path: / +# port: http +readinessProbe: + tcpSocket: + port: 8080 + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +# Additional volumes on the output Deployment definition. +volumes: + - name: capif-security-config + configMap: + name: capif-security-configmap + items: + - key: "config.yaml" + path: "config.yaml" + + +# Additional volumeMounts on the output Deployment definition. +volumeMounts: + - name: capif-security-config + mountPath: /usr/src/app/config.yaml + subPath: config.yaml + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/capif/charts/redis/.helmignore b/helm/capif/charts/redis/.helmignore new file mode 100644 index 0000000000000000000000000000000000000000..0e8a0eb36f4ca2c939201c0d54b5d82a1ea34778 --- /dev/null +++ b/helm/capif/charts/redis/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/capif/charts/redis/Chart.yaml b/helm/capif/charts/redis/Chart.yaml new file mode 100644 index 0000000000000000000000000000000000000000..165c19693100b7edaa044b2b32db184d179d588e --- /dev/null +++ b/helm/capif/charts/redis/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: redis +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/helm/capif/charts/redis/templates/NOTES.txt b/helm/capif/charts/redis/templates/NOTES.txt new file mode 100644 index 0000000000000000000000000000000000000000..0735ad40cfe95142cd0bf35b11dea2437e3a0966 --- /dev/null +++ b/helm/capif/charts/redis/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "redis.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "redis.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "redis.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "redis.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/capif/charts/redis/templates/_helpers.tpl b/helm/capif/charts/redis/templates/_helpers.tpl new file mode 100644 index 0000000000000000000000000000000000000000..f6a718ba69d02205c4664c65af6ae5c2b8cd2195 --- /dev/null +++ b/helm/capif/charts/redis/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "redis.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "redis.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "redis.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "redis.labels" -}} +helm.sh/chart: {{ include "redis.chart" . }} +{{ include "redis.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "redis.selectorLabels" -}} +app.kubernetes.io/name: {{ include "redis.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "redis.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "redis.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/capif/charts/redis/templates/deployment.yaml b/helm/capif/charts/redis/templates/deployment.yaml new file mode 100644 index 0000000000000000000000000000000000000000..235042963318e97a446b5b189ed22b61776624c6 --- /dev/null +++ b/helm/capif/charts/redis/templates/deployment.yaml @@ -0,0 +1,69 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "redis.fullname" . }} + labels: + {{- include "redis.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "redis.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + date: "{{ now | unixEpoch }}" + labels: + {{- include "redis.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "redis.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + env: + - name: REDIS_REPLICATION_MODE + value: {{ quote .Values.env.redisReplicationMode }} + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/helm/capif/charts/redis/templates/hpa.yaml b/helm/capif/charts/redis/templates/hpa.yaml new file mode 100644 index 0000000000000000000000000000000000000000..db46f1ba2312230f00f24c6d60cef682273e893c --- /dev/null +++ b/helm/capif/charts/redis/templates/hpa.yaml @@ -0,0 +1,32 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "redis.fullname" . }} + labels: + {{- include "redis.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "redis.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/helm/capif/charts/redis/templates/ingress.yaml b/helm/capif/charts/redis/templates/ingress.yaml new file mode 100644 index 0000000000000000000000000000000000000000..f5674cbdff37d83842de06af5a350a578d93c750 --- /dev/null +++ b/helm/capif/charts/redis/templates/ingress.yaml @@ -0,0 +1,61 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "redis.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "redis.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/capif/charts/redis/templates/service.yaml b/helm/capif/charts/redis/templates/service.yaml new file mode 100644 index 0000000000000000000000000000000000000000..6482b835ad5ce849c524be46afad97fc6ffbe73e --- /dev/null +++ b/helm/capif/charts/redis/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: redis + labels: + {{- include "redis.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "redis.selectorLabels" . | nindent 4 }} diff --git a/helm/capif/charts/redis/templates/serviceaccount.yaml b/helm/capif/charts/redis/templates/serviceaccount.yaml new file mode 100644 index 0000000000000000000000000000000000000000..8f21aeb2bc8d07b43769710523d05a7fc9fb0cbb --- /dev/null +++ b/helm/capif/charts/redis/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "redis.serviceAccountName" . }} + labels: + {{- include "redis.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm/capif/charts/redis/templates/tests/test-connection.yaml b/helm/capif/charts/redis/templates/tests/test-connection.yaml new file mode 100644 index 0000000000000000000000000000000000000000..998be8e4111c87865506c5807e9593277b993f05 --- /dev/null +++ b/helm/capif/charts/redis/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "redis.fullname" . }}-test-connection" + labels: + {{- include "redis.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "redis.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/capif/charts/redis/values.yaml b/helm/capif/charts/redis/values.yaml new file mode 100644 index 0000000000000000000000000000000000000000..4011e979c05c3f79c20173c51e527da53a69cb3f --- /dev/null +++ b/helm/capif/charts/redis/values.yaml @@ -0,0 +1,111 @@ +# Default values for redis. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: redis + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "alpine" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +env: + redisReplicationMode: master + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} +podLabels: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 6379 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + +livenessProbe: + tcpSocket: + port: 6379 + initialDelaySeconds: 5 + periodSeconds: 5 +readinessProbe: + tcpSocket: + port: 6379 + periodSeconds: 5 + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +# Additional volumes on the output Deployment definition. +volumes: [] +# - name: foo +# secret: +# secretName: mysecret +# optional: false + +# Additional volumeMounts on the output Deployment definition. +volumeMounts: [] +# - name: foo +# mountPath: "/etc/foo" +# readOnly: true + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/helm/capif/templates/access-control-policy.yaml b/helm/capif/templates/access-control-policy.yaml deleted file mode 100644 index 8b2b198beddf3e97793b994c43c86ef1df644e5e..0000000000000000000000000000000000000000 --- a/helm/capif/templates/access-control-policy.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: access-control-policy - labels: - io.kompose.service: access-control-policy - {{- include "capif.labels" . | nindent 4 }} - annotations: - kompose.cmd: kompose -f ../services/docker-compose.yml convert - kompose.version: 1.28.0 (c4137012e) -spec: - type: {{ .Values.accessControlPolicy.type }} - selector: - io.kompose.service: access-control-policy - {{- include "capif.selectorLabels" . | nindent 4 }} - ports: - {{- .Values.accessControlPolicy.ports | toYaml | nindent 2 -}} \ No newline at end of file diff --git a/helm/capif/templates/api-invocation-logs.yaml b/helm/capif/templates/api-invocation-logs.yaml deleted file mode 100644 index a9b4d8fd63deb56395c11b225503ce60e7b248f9..0000000000000000000000000000000000000000 --- a/helm/capif/templates/api-invocation-logs.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: api-invocation-logs - labels: - io.kompose.service: api-invocation-logs - {{- include "capif.labels" . | nindent 4 }} - annotations: - kompose.cmd: kompose -f ../services/docker-compose.yml convert - kompose.version: 1.28.0 (c4137012e) -spec: - type: {{ .Values.apiInvocationLogs.type }} - selector: - io.kompose.service: api-invocation-logs - {{- include "capif.selectorLabels" . | nindent 4 }} - ports: - {{- .Values.apiInvocationLogs.ports | toYaml | nindent 2 -}} \ No newline at end of file diff --git a/helm/capif/templates/api-invoker-management.yaml b/helm/capif/templates/api-invoker-management.yaml deleted file mode 100644 index 3eaeda40135ba0f97db68fe3acc00b96a05ead58..0000000000000000000000000000000000000000 --- a/helm/capif/templates/api-invoker-management.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: api-invoker-management - labels: - io.kompose.service: api-invoker-management - {{- include "capif.labels" . | nindent 4 }} - annotations: - kompose.cmd: kompose -f ../services/docker-compose.yml convert - kompose.version: 1.28.0 (c4137012e) -spec: - type: {{ .Values.apiInvokerManagement.type }} - selector: - io.kompose.service: api-invoker-management - {{- include "capif.selectorLabels" . | nindent 4 }} - ports: - {{- .Values.apiInvokerManagement.ports | toYaml | nindent 2 -}} \ No newline at end of file diff --git a/helm/capif/templates/api-provider-management.yaml b/helm/capif/templates/api-provider-management.yaml deleted file mode 100644 index 42379862e425bf8b796cc7234262fcf3310faa4a..0000000000000000000000000000000000000000 --- a/helm/capif/templates/api-provider-management.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: api-provider-management - labels: - io.kompose.service: api-provider-management - {{- include "capif.labels" . | nindent 4 }} - annotations: - kompose.cmd: kompose -f ../services/docker-compose.yml convert - kompose.version: 1.28.0 (c4137012e) -spec: - type: {{ .Values.apiProviderManagement.type }} - selector: - io.kompose.service: api-provider-management - {{- include "capif.selectorLabels" . | nindent 4 }} - ports: - {{- .Values.apiProviderManagement.ports | toYaml | nindent 2 -}} \ No newline at end of file diff --git a/helm/capif/templates/capif-events.yaml b/helm/capif/templates/capif-events.yaml deleted file mode 100644 index 40b3d7bdcf7a01aca3f6c78a108039ff1ba22ca3..0000000000000000000000000000000000000000 --- a/helm/capif/templates/capif-events.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: capif-events - labels: - io.kompose.service: capif-events - {{- include "capif.labels" . | nindent 4 }} - annotations: - kompose.cmd: kompose -f ../services/docker-compose.yml convert - kompose.version: 1.28.0 (c4137012e) -spec: - type: {{ .Values.capifEvents.type }} - selector: - io.kompose.service: capif-events - {{- include "capif.selectorLabels" . | nindent 4 }} - ports: - {{- .Values.capifEvents.ports | toYaml | nindent 2 -}} \ No newline at end of file diff --git a/helm/capif/templates/capif-routing-info.yaml b/helm/capif/templates/capif-routing-info.yaml deleted file mode 100644 index 6de48aa99149970097522dc28f0a1b4340debae3..0000000000000000000000000000000000000000 --- a/helm/capif/templates/capif-routing-info.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: capif-routing-info - labels: - io.kompose.service: capif-routing-info - {{- include "capif.labels" . | nindent 4 }} - annotations: - kompose.cmd: kompose -f ../services/docker-compose.yml convert - kompose.version: 1.28.0 (c4137012e) -spec: - type: {{ .Values.capifRoutingInfo.type }} - selector: - io.kompose.service: capif-routing-info - {{- include "capif.selectorLabels" . | nindent 4 }} - ports: - {{- .Values.capifRoutingInfo.ports | toYaml | nindent 2 -}} \ No newline at end of file diff --git a/helm/capif/templates/capif-security.yaml b/helm/capif/templates/capif-security.yaml deleted file mode 100644 index e0bf7d885643e717c9fa4b587fe0cadbb25d0fec..0000000000000000000000000000000000000000 --- a/helm/capif/templates/capif-security.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: capif-security - labels: - io.kompose.service: capif-security - {{- include "capif.labels" . | nindent 4 }} - annotations: - kompose.cmd: kompose -f ../services/docker-compose.yml convert - kompose.version: 1.28.0 (c4137012e) -spec: - type: {{ .Values.capifSecurity.type }} - selector: - io.kompose.service: capif-security - {{- include "capif.selectorLabels" . | nindent 4 }} - ports: - {{- .Values.capifSecurity.ports | toYaml | nindent 2 -}} \ No newline at end of file diff --git a/helm/capif/templates/deployment.yaml b/helm/capif/templates/deployment.yaml index ff5ffe29d413a72e428582f30400b0a986d1645f..8b137891791fe96927ad78e64b0aad7bded08bdc 100644 --- a/helm/capif/templates/deployment.yaml +++ b/helm/capif/templates/deployment.yaml @@ -1,1069 +1 @@ -{{- if eq .Values.CapifClient.enable "true" }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: capif-client - labels: - io.kompose.service: capif-client - {{- include "capif.labels" . | nindent 4 }} - annotations: - kompose.cmd: kompose -f ../services/docker-compose.yml convert -spec: - replicas: {{ .Values.CapifClient.replicas }} - selector: - matchLabels: - io.kompose.service: capif-client - {{- include "capif.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - io.kompose.network/services-default: "true" - io.kompose.service: capif-client - {{- include "capif.selectorLabels" . | nindent 8 }} - annotations: - date: "{{ now | unixEpoch }}" - spec: - hostAliases: - - ip: "{{ .Values.ingress.ip }}" - hostnames: - - "{{ .Values.nginx.nginx.env.capifHostname }}" - containers: - - env: - - name: CAPIF_HOSTNAME - value: nginx.mon.svc.cluster.local - - name: VAULT_HOSTNAME - value: {{ quote .Values.parametersVault.env.vaultHostname }} - - name: VAULT_PORT - value: {{ quote .Values.parametersVault.env.vaultPort }} - - name: VAULT_ACCESS_TOKEN - value: {{ quote .Values.parametersVault.env.vaultAccessToken }} - image: {{ .Values.CapifClient.image.repository }}:{{ .Values.CapifClient.image.tag | default .Chart.AppVersion }} - imagePullPolicy: {{ .Values.CapifClient.image.imagePullPolicy }} - name: capif-client - resources: - {{- toYaml .Values.CapifClient.resources | nindent 12 }} - restartPolicy: Always -{{- end }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: access-control-policy - labels: - io.kompose.service: access-control-policy - {{- include "capif.labels" . | nindent 4 }} - annotations: - kompose.cmd: kompose -f ../services/docker-compose.yml convert -spec: - replicas: {{ .Values.accessControlPolicy.replicas }} - selector: - matchLabels: - io.kompose.service: access-control-policy - {{- include "capif.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - io.kompose.network/services-default: "true" - io.kompose.service: access-control-policy - {{- include "capif.selectorLabels" . | nindent 8 }} - annotations: - date: "{{ now | unixEpoch }}" - spec: - hostAliases: - - ip: "{{ .Values.ingress.ip }}" - hostnames: - - "{{ .Values.nginx.nginx.env.capifHostname }}" - containers: - - env: - - name: CAPIF_HOSTNAME - value: {{ quote .Values.nginx.nginx.env.capifHostname }} - - name: MONITORING - value: {{ quote .Values.accessControlPolicy.env.monitoring }} - image: {{ .Values.accessControlPolicy.image.repository }}:{{ .Values.accessControlPolicy.image.tag | default .Chart.AppVersion }} - imagePullPolicy: {{ .Values.accessControlPolicy.image.imagePullPolicy }} - name: access-control-policy - ports: - - containerPort: 8080 - resources: - {{- toYaml .Values.accessControlPolicy.resources | nindent 12 }} - readinessProbe: - tcpSocket: - port: 8080 - initialDelaySeconds: 10 - periodSeconds: 5 - restartPolicy: Always ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: api-invocation-logs - labels: - io.kompose.service: api-invocation-logs - {{- include "capif.labels" . | nindent 4 }} - annotations: - kompose.cmd: kompose -f ../services/docker-compose.yml convert -spec: - replicas: {{ .Values.apiInvocationLogs.replicas }} - selector: - matchLabels: - io.kompose.service: api-invocation-logs - {{- include "capif.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - io.kompose.network/services-default: "true" - io.kompose.service: api-invocation-logs - {{- include "capif.selectorLabels" . | nindent 8 }} - annotations: - date: "{{ now | unixEpoch }}" - checksum/config: {{ include (print $.Template.BasePath "/capif-invocation-configmap.yaml") . | sha256sum }} - spec: - hostAliases: - - ip: "{{ .Values.ingress.ip }}" - hostnames: - - "{{ .Values.nginx.nginx.env.capifHostname }}" - containers: - - env: - - name: CAPIF_HOSTNAME - value: {{ quote .Values.nginx.nginx.env.capifHostname }} - - name: MONITORING - value: {{ quote .Values.apiInvocationLogs.apiInvocationLogs.env.monitoring }} - - name: VAULT_HOSTNAME - value: {{ quote .Values.parametersVault.env.vaultHostname }} - - name: VAULT_PORT - value: {{ quote .Values.parametersVault.env.vaultPort }} - - name: VAULT_ACCESS_TOKEN - value: {{ quote .Values.parametersVault.env.vaultAccessToken }} - - name: KUBERNETES_CLUSTER_DOMAIN - value: {{ quote .Values.kubernetesClusterDomain }} - image: {{ .Values.apiInvocationLogs.apiInvocationLogs.image.repository }}:{{ .Values.apiInvocationLogs.apiInvocationLogs.image.tag | default .Chart.AppVersion }} - imagePullPolicy: {{ .Values.apiInvocationLogs.apiInvocationLogs.image.imagePullPolicy }} - name: api-invocation-logs - ports: - - containerPort: 8080 - volumeMounts: - - name: capif-invocation-config - mountPath: /usr/src/app/config.yaml - subPath: config.yaml - resources: - {{- toYaml .Values.apiInvocationLogs.apiInvocationLogs.resources | nindent 12 }} - readinessProbe: - tcpSocket: - port: 8080 - initialDelaySeconds: 10 - periodSeconds: 5 - volumes: - - name: capif-invocation-config - configMap: - name: capif-invocation-configmap - items: - - key: "config.yaml" - path: "config.yaml" - restartPolicy: Always ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: api-invoker-management - labels: - io.kompose.service: api-invoker-management - {{- include "capif.labels" . | nindent 4 }} - annotations: - kompose.cmd: kompose -f ../services/docker-compose.yml convert -spec: - replicas: {{ .Values.apiInvokerManagement.replicas }} - selector: - matchLabels: - io.kompose.service: api-invoker-management - {{- include "capif.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - io.kompose.network/services-default: "true" - io.kompose.service: api-invoker-management - {{- include "capif.selectorLabels" . | nindent 8 }} - annotations: - date: "{{ now | unixEpoch }}" - checksum/config: {{ include (print $.Template.BasePath "/capif-invoker-configmap.yaml") . | sha256sum }} - spec: - hostAliases: - - ip: "{{ .Values.ingress.ip }}" - hostnames: - - "{{ .Values.nginx.nginx.env.capifHostname }}" - containers: - - env: - - name: KUBERNETES_CLUSTER_DOMAIN - value: {{ quote .Values.kubernetesClusterDomain }} - - name: MONITORING - value: {{ quote .Values.apiInvokerManagement.apiInvokerManagement.env.monitoring }} - - name: VAULT_HOSTNAME - value: {{ quote .Values.parametersVault.env.vaultHostname }} - - name: VAULT_PORT - value: {{ quote .Values.parametersVault.env.vaultPort }} - - name: VAULT_ACCESS_TOKEN - value: {{ quote .Values.parametersVault.env.vaultAccessToken }} - image: {{ .Values.apiInvokerManagement.apiInvokerManagement.image.repository }}:{{ - .Values.apiInvokerManagement.apiInvokerManagement.image.tag | default .Chart.AppVersion }} - imagePullPolicy: {{ .Values.apiInvokerManagement.apiInvokerManagement.image.imagePullPolicy }} - name: api-invoker-management - ports: - - containerPort: 8080 - volumeMounts: - - name: capif-invoker-config - mountPath: /usr/src/app/config.yaml - subPath: config.yaml - resources: - {{- toYaml .Values.apiInvokerManagement.apiInvokerManagement.resources | nindent 12 }} - volumes: - - name: capif-invoker-config - configMap: - name: capif-invoker-configmap - items: - - key: "config.yaml" - path: "config.yaml" - restartPolicy: Always ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: api-provider-management - labels: - io.kompose.service: api-provider-management - {{- include "capif.labels" . | nindent 4 }} - annotations: - kompose.cmd: kompose -f ../services/docker-compose.yml convert -spec: - replicas: {{ .Values.apiProviderManagement.replicas }} - selector: - matchLabels: - io.kompose.service: api-provider-management - {{- include "capif.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - io.kompose.network/services-default: "true" - io.kompose.service: api-provider-management - {{- include "capif.selectorLabels" . | nindent 8 }} - annotations: - date: "{{ now | unixEpoch }}" - checksum/config: {{ include (print $.Template.BasePath "/capif-provider-configmap.yaml") . | sha256sum }} - spec: - hostAliases: - - ip: "{{ .Values.ingress.ip }}" - hostnames: - - "{{ .Values.nginx.nginx.env.capifHostname }}" - containers: - - env: - - name: KUBERNETES_CLUSTER_DOMAIN - value: {{ quote .Values.kubernetesClusterDomain }} - - name: MONITORING - value: {{ quote .Values.apiProviderManagement.apiProviderManagement.env.monitoring }} - - name: VAULT_HOSTNAME - value: {{ quote .Values.parametersVault.env.vaultHostname }} - - name: VAULT_PORT - value: {{ quote .Values.parametersVault.env.vaultPort }} - - name: VAULT_ACCESS_TOKEN - value: {{ quote .Values.parametersVault.env.vaultAccessToken }} - image: {{ .Values.apiProviderManagement.apiProviderManagement.image.repository - }}:{{ .Values.apiProviderManagement.apiProviderManagement.image.tag | default .Chart.AppVersion }} - imagePullPolicy: {{ .Values.apiProviderManagement.apiProviderManagement.image.imagePullPolicy }} - name: api-provider-management - ports: - - containerPort: 8080 - volumeMounts: - - name: capif-provider-config - mountPath: /usr/src/app/config.yaml - subPath: config.yaml - resources: - {{- toYaml .Values.apiProviderManagement.apiProviderManagement.resources | nindent 12 }} - volumes: - - name: capif-provider-config - configMap: - name: capif-provider-configmap - items: - - key: "config.yaml" - path: "config.yaml" - restartPolicy: Always ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: capif-events - labels: - io.kompose.service: capif-events - {{- include "capif.labels" . | nindent 4 }} - annotations: - kompose.cmd: kompose -f ../services/docker-compose.yml convert -spec: - replicas: {{ .Values.capifEvents.replicas }} - selector: - matchLabels: - io.kompose.service: capif-events - {{- include "capif.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - io.kompose.network/services-default: "true" - io.kompose.service: capif-events - {{- include "capif.selectorLabels" . | nindent 8 }} - annotations: - date: "{{ now | unixEpoch }}" - checksum/config: {{ include (print $.Template.BasePath "/capif-events-configmap.yaml") . | sha256sum }} - spec: - hostAliases: - - ip: "{{ .Values.ingress.ip }}" - hostnames: - - "{{ .Values.nginx.nginx.env.capifHostname }}" - containers: - - env: - - name: KUBERNETES_CLUSTER_DOMAIN - value: {{ quote .Values.kubernetesClusterDomain }} - - name: MONITORING - value: {{ quote .Values.capifEvents.capifEvents.env.monitoring }} - image: {{ .Values.capifEvents.capifEvents.image.repository }}:{{ .Values.capifEvents.capifEvents.image.tag | default .Chart.AppVersion }} - imagePullPolicy: {{ .Values.capifEvents.capifEvents.image.imagePullPolicy }} - name: capif-events - ports: - - containerPort: 8080 - volumeMounts: - - name: capif-events-config - mountPath: /usr/src/app/config.yaml - subPath: config.yaml - resources: - {{- toYaml .Values.capifEvents.capifEvents.resources | nindent 12 }} - readinessProbe: - tcpSocket: - port: 8080 - initialDelaySeconds: 5 - periodSeconds: 5 - volumes: - - name: capif-events-config - configMap: - name: capif-events-configmap - items: - - key: "config.yaml" - path: "config.yaml" - restartPolicy: Always ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: capif-routing-info - labels: - io.kompose.service: capif-routing-info - {{- include "capif.labels" . | nindent 4 }} - annotations: - kompose.cmd: kompose -f ../services/docker-compose.yml convert -spec: - replicas: {{ .Values.capifRoutingInfo.replicas }} - selector: - matchLabels: - io.kompose.service: capif-routing-info - {{- include "capif.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - io.kompose.network/services-default: "true" - io.kompose.service: capif-routing-info - {{- include "capif.selectorLabels" . | nindent 8 }} - annotations: - date: "{{ now | unixEpoch }}" - spec: - hostAliases: - - ip: "{{ .Values.ingress.ip }}" - hostnames: - - "{{ .Values.nginx.nginx.env.capifHostname }}" - containers: - - env: - - name: KUBERNETES_CLUSTER_DOMAIN - value: {{ quote .Values.kubernetesClusterDomain }} - - name: MONITORING - value: {{ quote .Values.capifRoutingInfo.capifRoutingInfo.env.monitoring }} - image: {{ .Values.capifRoutingInfo.capifRoutingInfo.image.repository }}:{{ .Values.capifRoutingInfo.capifRoutingInfo.image.tag | default .Chart.AppVersion }} - imagePullPolicy: {{ .Values.capifRoutingInfo.capifRoutingInfo.image.imagePullPolicy }} - name: capif-routing-info - ports: - - containerPort: 8080 - resources: - {{- toYaml .Values.capifRoutingInfo.capifRoutingInfo.resources | nindent 12 }} - readinessProbe: - tcpSocket: - port: 8080 - initialDelaySeconds: 5 - periodSeconds: 5 - restartPolicy: Always ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: capif-security - labels: - io.kompose.service: capif-security - {{- include "capif.labels" . | nindent 4 }} - annotations: - kompose.cmd: kompose -f ../services/docker-compose.yml convert -spec: - replicas: {{ .Values.capifSecurity.replicas }} - selector: - matchLabels: - io.kompose.service: capif-security - {{- include "capif.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - io.kompose.network/services-default: "true" - io.kompose.service: capif-security - {{- include "capif.selectorLabels" . | nindent 8 }} - annotations: - date: "{{ now | unixEpoch }}" - checksum/config: {{ include (print $.Template.BasePath "/capif-security-configmap.yaml") . | sha256sum }} - spec: - hostAliases: - - ip: "{{ .Values.ingress.ip }}" - hostnames: - - "{{ .Values.nginx.nginx.env.capifHostname }}" - containers: - - env: - - name: CAPIF_HOSTNAME - value: {{ quote .Values.nginx.nginx.env.capifHostname }} - - name: MONITORING - value: {{ quote .Values.capifSecurity.capifSecurity.env.monitoring }} - - name: VAULT_HOSTNAME - value: {{ quote .Values.parametersVault.env.vaultHostname }} - - name: VAULT_PORT - value: {{ quote .Values.parametersVault.env.vaultPort }} - - name: VAULT_ACCESS_TOKEN - value: {{ quote .Values.parametersVault.env.vaultAccessToken }} - - name: KUBERNETES_CLUSTER_DOMAIN - value: {{ quote .Values.kubernetesClusterDomain }} - image: {{ .Values.capifSecurity.capifSecurity.image.repository }}:{{ .Values.capifSecurity.capifSecurity.image.tag | default .Chart.AppVersion }} - imagePullPolicy: {{ .Values.capifSecurity.capifSecurity.image.imagePullPolicy }} - name: capif-security - ports: - - containerPort: 8080 - volumeMounts: - - name: capif-security-config - mountPath: /usr/src/app/config.yaml - subPath: config.yaml - resources: - {{- toYaml .Values.capifSecurity.capifSecurity.resources | nindent 12 }} - volumes: - - name: capif-security-config - configMap: - name: capif-security-configmap - items: - - key: "config.yaml" - path: "config.yaml" - restartPolicy: Always - restartPolicy: Always - -{{- if eq .Values.register.enable "true" }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: register - labels: - io.kompose.service: register - {{- include "capif.labels" . | nindent 4 }} - annotations: - kompose.cmd: kompose -f ../services/docker-compose.yml convert -spec: - replicas: {{ .Values.register.replicas }} - selector: - matchLabels: - io.kompose.service: register - {{- include "capif.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - io.kompose.network/services-default: "true" - io.kompose.service: register - {{- include "capif.selectorLabels" . | nindent 8 }} - annotations: - date: "{{ now | unixEpoch }}" - checksum/config: {{ include (print $.Template.BasePath "/register-configmap.yaml") . | sha256sum }} - spec: - hostAliases: - - ip: "{{ .Values.ingress.ip }}" - hostnames: - - "{{ .Values.nginx.nginx.env.capifHostname }}" - containers: - - env: - - name: KUBERNETES_CLUSTER_DOMAIN - value: {{ quote .Values.kubernetesClusterDomain }} - - name: VAULT_HOSTNAME - value: {{ quote .Values.parametersVault.env.vaultHostname }} - - name: VAULT_PORT - value: {{ quote .Values.parametersVault.env.vaultPort }} - - name: VAULT_ACCESS_TOKEN - value: {{ quote .Values.parametersVault.env.vaultAccessToken }} - image: {{ .Values.register.register.image.repository }}:{{ .Values.register.register.image.tag | default .Chart.AppVersion }} - imagePullPolicy: {{ .Values.register.register.image.imagePullPolicy }} - name: register - ports: - - containerPort: 8080 - resources: - {{- toYaml .Values.register.register.resources | nindent 12 }} - volumeMounts: - - name: register-configmap - mountPath: /usr/src/app/config.yaml - subPath: config.yaml - volumes: - - name: register-configmap - configMap: - name: register-configmap - items: - - key: "config.yaml" - path: "config.yaml" - restartPolicy: Always ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: mongo-register - labels: - io.kompose.service: mongo-register - {{- include "capif.labels" . | nindent 4 }} - annotations: - kompose.cmd: kompose -f ../services/docker-compose.yml convert -spec: - replicas: {{ .Values.mongoRegister.replicas }} - selector: - matchLabels: - io.kompose.service: mongo-register - {{- include "capif.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - io.kompose.network/services-default: "true" - io.kompose.service: mongo-register - {{- include "capif.selectorLabels" . | nindent 8 }} - annotations: - date: "{{ now | unixEpoch }}" - spec: - hostAliases: - - ip: "{{ .Values.ingress.ip }}" - hostnames: - - "{{ .Values.nginx.nginx.env.capifHostname }}" - containers: - - env: - - name: MONGO_INITDB_ROOT_PASSWORD - value: {{ quote .Values.mongoRegister.mongo.env.mongoInitdbRootPassword }} - - name: MONGO_INITDB_ROOT_USERNAME - value: {{ quote .Values.mongoRegister.mongo.env.mongoInitdbRootUsername }} - - name: KUBERNETES_CLUSTER_DOMAIN - value: {{ quote .Values.kubernetesClusterDomain }} - image: {{ .Values.mongoRegister.mongo.image.repository }}:{{ .Values.mongoRegister.mongo.image.tag | default .Chart.AppVersion }} - imagePullPolicy: {{ .Values.mongoRegister.mongo.image.imagePullPolicy }} - name: mongo-register - {{- if .Values.mongoRegister.mongo.persistence.enable }} - volumeMounts: - - name: mongo-register-pvc - mountPath: /data/db - {{- end }} - ports: - - containerPort: 27017 - securityContext: - runAsUser: 999 - resources: - {{- toYaml .Values.mongoRegister.mongo.resources | nindent 12 }} - readinessProbe: - tcpSocket: - port: 27017 -# initialDelaySeconds: 5 - periodSeconds: 5 - {{- if .Values.mongoRegister.mongo.persistence.enable }} - volumes: - - name: mongo-register-pvc - persistentVolumeClaim: - claimName: mongo-register-pvc - {{- end }} - restartPolicy: Always -{{- end }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: logs - labels: - io.kompose.service: logs - {{- include "capif.labels" . | nindent 4 }} - annotations: - kompose.cmd: kompose -f ../services/docker-compose.yml convert -spec: - replicas: {{ .Values.logs.replicas }} - selector: - matchLabels: - io.kompose.service: logs - {{- include "capif.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - io.kompose.network/services-default: "true" - io.kompose.service: logs - {{- include "capif.selectorLabels" . | nindent 8 }} - annotations: - date: "{{ now | unixEpoch }}" - checksum/config: {{ include (print $.Template.BasePath "/capif-logs-configmap.yaml") . | sha256sum }} - spec: - hostAliases: - - ip: "{{ .Values.ingress.ip }}" - hostnames: - - "{{ .Values.nginx.nginx.env.capifHostname }}" - containers: - - env: - - name: KUBERNETES_CLUSTER_DOMAIN - value: {{ quote .Values.kubernetesClusterDomain }} - - name: MONITORING - value: {{ quote .Values.logs.logs.env.monitoring }} - image: {{ .Values.logs.logs.image.repository }}:{{ .Values.logs.logs.image.tag | default .Chart.AppVersion }} - imagePullPolicy: {{ .Values.logs.logs.image.imagePullPolicy }} - name: logs - ports: - - containerPort: 8080 - volumeMounts: - - name: capif-logs-config - mountPath: /usr/src/app/config.yaml - subPath: config.yaml - resources: - {{- toYaml .Values.logs.logs.resources | nindent 12 }} - readinessProbe: - tcpSocket: - port: 8080 - initialDelaySeconds: 5 - periodSeconds: 5 - volumes: - - name: capif-logs-config - configMap: - name: capif-logs-configmap - items: - - key: "config.yaml" - path: "config.yaml" - restartPolicy: Always ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: mongo - labels: - io.kompose.service: mongo - {{- include "capif.labels" . | nindent 4 }} - annotations: - kompose.cmd: kompose -f ../services/docker-compose.yml convert -spec: - replicas: {{ .Values.mongo.replicas }} - strategy: - type: Recreate - selector: - matchLabels: - io.kompose.service: mongo - {{- include "capif.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - io.kompose.network/services-default: "true" - io.kompose.service: mongo - {{- include "capif.selectorLabels" . | nindent 8 }} - annotations: - date: "{{ now | unixEpoch }}" - spec: - hostAliases: - - ip: "{{ .Values.ingress.ip }}" - hostnames: - - "{{ .Values.nginx.nginx.env.capifHostname }}" - containers: - - env: - - name: MONGO_INITDB_ROOT_PASSWORD - value: {{ quote .Values.mongo.mongo.env.mongoInitdbRootPassword }} - - name: MONGO_INITDB_ROOT_USERNAME - value: {{ quote .Values.mongo.mongo.env.mongoInitdbRootUsername }} - - name: KUBERNETES_CLUSTER_DOMAIN - value: {{ quote .Values.kubernetesClusterDomain }} - image: {{ .Values.mongo.mongo.image.repository }}:{{ .Values.mongo.mongo.image.tag | default .Chart.AppVersion }} - imagePullPolicy: {{ .Values.mongo.mongo.image.imagePullPolicy }} - name: mongo - ports: - - containerPort: 27017 - securityContext: - runAsUser: 999 - {{- if eq .Values.mongo.persistence.enable "true" }} - volumeMounts: - - name: mongo-pvc - mountPath: /data/db - {{- end }} - resources: - {{- toYaml .Values.mongo.mongo.resources | nindent 12 }} - livenessProbe: - tcpSocket: - port: 27017 - initialDelaySeconds: 20 - periodSeconds: 5 - readinessProbe: - tcpSocket: - port: 27017 -# initialDelaySeconds: 5 - periodSeconds: 5 - - name: mongo-helper - image: busybox - command: - - sh - - -c - - while true ; do echo alive ; sleep 10 ; done - {{- if eq .Values.mongo.persistence.enable "true" }} - volumeMounts: - - mountPath: /mongodata - name: mongo-pvc - {{- end }} - {{- if eq .Values.mongo.persistence.enable "true" }} - volumes: - - name: mongo-pvc - persistentVolumeClaim: - claimName: mongo-pvc - {{- end }} - restartPolicy: Always ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: mongo-express - labels: - io.kompose.service: mongo-express - {{- include "capif.labels" . | nindent 4 }} - annotations: - kompose.cmd: kompose -f ../services/docker-compose.yml convert -spec: - replicas: {{ .Values.mongoExpress.replicas }} - selector: - matchLabels: - io.kompose.service: mongo-express - {{- include "capif.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - io.kompose.network/services-default: "true" - io.kompose.service: mongo-express - {{- include "capif.selectorLabels" . | nindent 8 }} - annotations: - date: "{{ now | unixEpoch }}" - spec: - hostAliases: - - ip: "{{ .Values.ingress.ip }}" - hostnames: - - "{{ .Values.nginx.nginx.env.capifHostname }}" - containers: - - env: - - name: ME_CONFIG_MONGODB_ADMINPASSWORD - value: {{ quote .Values.mongoExpress.mongoExpress.env.meConfigMongodbAdminpassword - }} - - name: ME_CONFIG_MONGODB_ADMINUSERNAME - value: {{ quote .Values.mongoExpress.mongoExpress.env.meConfigMongodbAdminusername - }} - - name: ME_CONFIG_MONGODB_URL - value: {{ quote .Values.mongoExpress.mongoExpress.env.meConfigMongodbUrl }} - - name: KUBERNETES_CLUSTER_DOMAIN - value: {{ quote .Values.kubernetesClusterDomain }} - image: {{ .Values.mongoExpress.mongoExpress.image.repository }}:{{ .Values.mongoExpress.mongoExpress.image.tag | default .Chart.AppVersion }} - imagePullPolicy: {{ .Values.mongoExpress.mongoExpress.image.imagePullPolicy }} - name: mongo-express - ports: - - containerPort: 8081 - resources: - {{- toYaml .Values.mongoExpress.mongoExpress.resources | nindent 12 }} - readinessProbe: - tcpSocket: - port: 8081 -# initialDelaySeconds: 0 - periodSeconds: 5 - restartPolicy: Always ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: mongo-register-express - labels: - io.kompose.service: mongo-register-express - {{- include "capif.labels" . | nindent 4 }} - annotations: - kompose.cmd: kompose -f ../services/docker-compose.yml convert -spec: - replicas: {{ .Values.mongoRegisterExpress.replicas }} - selector: - matchLabels: - io.kompose.service: mongo-register-express - {{- include "capif.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - io.kompose.network/services-default: "true" - io.kompose.service: mongo-register-express - {{- include "capif.selectorLabels" . | nindent 8 }} - annotations: - date: "{{ now | unixEpoch }}" - spec: - hostAliases: - - ip: "{{ .Values.ingress.ip }}" - hostnames: - - "{{ .Values.nginx.nginx.env.capifHostname }}" - containers: - - env: - - name: ME_CONFIG_MONGODB_ADMINPASSWORD - value: {{ quote .Values.mongoRegisterExpress.mongoRegisterExpress.env.meConfigMongodbAdminpassword - }} - - name: ME_CONFIG_MONGODB_ADMINUSERNAME - value: {{ quote .Values.mongoRegisterExpress.mongoRegisterExpress.env.meConfigMongodbAdminusername - }} - - name: ME_CONFIG_MONGODB_URL - value: {{ quote .Values.mongoRegisterExpress.mongoRegisterExpress.env.meConfigMongodbUrl }} - - name: KUBERNETES_CLUSTER_DOMAIN - value: {{ quote .Values.kubernetesClusterDomain }} - image: {{ .Values.mongoRegisterExpress.mongoRegisterExpress.image.repository }}:{{ .Values.mongoRegisterExpress.mongoRegisterExpress.image.tag | default .Chart.AppVersion }} - imagePullPolicy: {{ .Values.mongoRegisterExpress.mongoRegisterExpress.image.imagePullPolicy }} - name: mongo-register-express - ports: - - containerPort: 8081 - resources: - {{- toYaml .Values.mongoRegisterExpress.mongoRegisterExpress.resources | nindent 12 }} - readinessProbe: - tcpSocket: - port: 8081 -# initialDelaySeconds: 0 - periodSeconds: 5 - restartPolicy: Always ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: nginx - labels: - io.kompose.service: nginx - {{- include "capif.labels" . | nindent 4 }} - annotations: - kompose.cmd: kompose -f ../services/docker-compose.yml convert -spec: - replicas: {{ .Values.nginx.replicas }} - selector: - matchLabels: - io.kompose.service: nginx - {{- include "capif.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - io.kompose.network/services-default: "true" - io.kompose.service: nginx - {{- include "capif.selectorLabels" . | nindent 8 }} - annotations: - date: "{{ now | unixEpoch }}" - spec: - hostAliases: - - ip: "{{ .Values.ingress.ip }}" - hostnames: - - "{{ .Values.nginx.nginx.env.capifHostname }}" - containers: - - env: - - name: CAPIF_HOSTNAME - value: {{ quote .Values.nginx.nginx.env.capifHostname }} - - name: VAULT_HOSTNAME - value: {{ quote .Values.parametersVault.env.vaultHostname }} - - name: VAULT_PORT - value: {{ quote .Values.parametersVault.env.vaultPort }} - - name: VAULT_ACCESS_TOKEN - value: {{ quote .Values.parametersVault.env.vaultAccessToken }} - - name: KUBERNETES_CLUSTER_DOMAIN - value: {{ quote .Values.kubernetesClusterDomain }} - image: {{ .Values.nginx.nginx.image.repository }}:{{ .Values.nginx.nginx.image.tag | default .Chart.AppVersion }} - imagePullPolicy: {{ .Values.nginx.nginx.image.imagePullPolicy }} - name: nginx - ports: - - containerPort: 8080 - - containerPort: 443 - livenessProbe: - tcpSocket: - port: 8080 - initialDelaySeconds: 20 - periodSeconds: 5 -# readinessProbe: -# tcpSocket: -# port: 8080 -# initialDelaySeconds: 60 -# periodSeconds: 5 - resources: - {{- toYaml .Values.nginx.nginx.resources | nindent 12 }} - restartPolicy: Always ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: published-apis - labels: - io.kompose.service: published-apis - {{- include "capif.labels" . | nindent 4 }} - annotations: - kompose.cmd: kompose -f ../services/docker-compose.yml convert -spec: - replicas: {{ .Values.publishedApis.replicas }} - selector: - matchLabels: - io.kompose.service: published-apis - {{- include "capif.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - io.kompose.network/services-default: "true" - io.kompose.service: published-apis - {{- include "capif.selectorLabels" . | nindent 8 }} - annotations: - date: "{{ now | unixEpoch }}" - checksum/config: {{ include (print $.Template.BasePath "/capif-published-configmap.yaml") . | sha256sum }} - spec: - hostAliases: - - ip: "{{ .Values.ingress.ip }}" - hostnames: - - "{{ .Values.nginx.nginx.env.capifHostname }}" - containers: - - env: - - name: KUBERNETES_CLUSTER_DOMAIN - value: {{ quote .Values.kubernetesClusterDomain }} - - name: MONITORING - value: {{ quote .Values.publishedApis.publishedApis.env.monitoring }} - image: {{ .Values.publishedApis.publishedApis.image.repository }}:{{ .Values.publishedApis.publishedApis.image.tag | default .Chart.AppVersion }} - imagePullPolicy: {{ .Values.publishedApis.publishedApis.image.imagePullPolicy }} - name: published-apis - ports: - - containerPort: 8080 - volumeMounts: - - name: capif-published-config - mountPath: /usr/src/app/config.yaml - subPath: config.yaml - resources: - {{- toYaml .Values.publishedApis.publishedApis.resources | nindent 12 }} - readinessProbe: - tcpSocket: - port: 8080 - initialDelaySeconds: 5 - periodSeconds: 5 - volumes: - - name: capif-published-config - configMap: - name: capif-published-configmap - items: - - key: "config.yaml" - path: "config.yaml" - restartPolicy: Always ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: redis - labels: - io.kompose.service: redis - {{- include "capif.labels" . | nindent 4 }} - annotations: - kompose.cmd: kompose -f ../services/docker-compose.yml convert -spec: - replicas: {{ .Values.redis.replicas }} - selector: - matchLabels: - io.kompose.service: redis - {{- include "capif.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - io.kompose.network/services-default: "true" - io.kompose.service: redis - {{- include "capif.selectorLabels" . | nindent 8 }} - annotations: - date: "{{ now | unixEpoch }}" - spec: - hostAliases: - - ip: "{{ .Values.ingress.ip }}" - hostnames: - - "{{ .Values.nginx.nginx.env.capifHostname }}" - containers: - - args: - - redis-server - env: - - name: REDIS_REPLICATION_MODE - value: {{ quote .Values.redis.redis.env.redisReplicationMode }} - - name: KUBERNETES_CLUSTER_DOMAIN - value: {{ quote .Values.kubernetesClusterDomain }} - image: {{ .Values.redis.redis.image.repository }}:{{ .Values.redis.redis.image.tag | default .Chart.AppVersion }} - imagePullPolicy: {{ .Values.redis.redis.image.imagePullPolicy }} - name: redis - ports: - - containerPort: 6379 - resources: - {{- toYaml .Values.redis.redis.resources | nindent 12 }} - readinessProbe: - tcpSocket: - port: 6379 -# initialDelaySeconds: 5 - periodSeconds: 5 - livenessProbe: - tcpSocket: - port: 6379 - initialDelaySeconds: 5 - periodSeconds: 5 - restartPolicy: Always ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: service-apis - labels: - io.kompose.service: service-apis - {{- include "capif.labels" . | nindent 4 }} - annotations: - kompose.cmd: kompose -f ../services/docker-compose.yml convert -spec: - replicas: {{ .Values.serviceApis.replicas }} - selector: - matchLabels: - io.kompose.service: service-apis - {{- include "capif.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - io.kompose.network/services-default: "true" - io.kompose.service: service-apis - {{- include "capif.selectorLabels" . | nindent 8 }} - annotations: - date: "{{ now | unixEpoch }}" - checksum/config: {{ include (print $.Template.BasePath "/capif-service-configmap.yaml") . | sha256sum }} - spec: - hostAliases: - - ip: "{{ .Values.ingress.ip }}" - hostnames: - - "{{ .Values.nginx.nginx.env.capifHostname }}" - containers: - - env: - - name: KUBERNETES_CLUSTER_DOMAIN - value: {{ quote .Values.kubernetesClusterDomain }} - - name: MONITORING - value: {{ quote .Values.serviceApis.serviceApis.env.monitoring }} - image: {{ .Values.serviceApis.serviceApis.image.repository }}:{{ .Values.serviceApis.serviceApis.image.tag | default .Chart.AppVersion }} - imagePullPolicy: {{ .Values.serviceApis.serviceApis.image.imagePullPolicy }} - name: service-apis - ports: - - containerPort: 8080 - volumeMounts: - - name: capif-service-config - mountPath: /usr/src/app/config.yaml - subPath: config.yaml - resources: - {{- toYaml .Values.serviceApis.serviceApis.resources | nindent 12 }} - readinessProbe: - tcpSocket: - port: 8080 - initialDelaySeconds: 5 - periodSeconds: 5 - volumes: - - name: capif-service-config - configMap: - name: capif-service-configmap - items: - - key: "config.yaml" - path: "config.yaml" - restartPolicy: Always diff --git a/helm/capif/templates/logs.yaml b/helm/capif/templates/logs.yaml deleted file mode 100644 index 7382eff22fd777be0631d70f913efdf947c8c4b5..0000000000000000000000000000000000000000 --- a/helm/capif/templates/logs.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: logs - labels: - io.kompose.service: logs - {{- include "capif.labels" . | nindent 4 }} - annotations: - kompose.cmd: kompose -f ../services/docker-compose.yml convert - kompose.version: 1.28.0 (c4137012e) -spec: - type: {{ .Values.logs.type }} - selector: - io.kompose.service: logs - {{- include "capif.selectorLabels" . | nindent 4 }} - ports: - {{- .Values.logs.ports | toYaml | nindent 2 -}} \ No newline at end of file diff --git a/helm/capif/templates/mongo-express.yaml b/helm/capif/templates/mongo-express.yaml deleted file mode 100644 index 28d553b2fa05594f414638d5122e3cc442889ec7..0000000000000000000000000000000000000000 --- a/helm/capif/templates/mongo-express.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: mongo-express - labels: - io.kompose.service: mongo-express - {{- include "capif.labels" . | nindent 4 }} - annotations: - kompose.cmd: kompose -f ../services/docker-compose.yml convert - kompose.version: 1.28.0 (c4137012e) -spec: - type: {{ .Values.mongoExpress.type }} - selector: - io.kompose.service: mongo-express - {{- include "capif.selectorLabels" . | nindent 4 }} - ports: - {{- .Values.mongoExpress.ports | toYaml | nindent 2 -}} \ No newline at end of file diff --git a/helm/capif/templates/mongo-pvc.yaml b/helm/capif/templates/mongo-pvc.yaml deleted file mode 100644 index 3c80c148266faef3cad2a038ab7ec00b1ff0e6bb..0000000000000000000000000000000000000000 --- a/helm/capif/templates/mongo-pvc.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if eq .Values.monitoring.enable "true" }} -{{- if eq .Values.mongo.persistence.enable "true" }} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - labels: - io.kompose.service: mongo-pvc - name: mongo-pvc -spec: - storageClassName: {{ .Values.mongo.persistence.storageClass }} - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .Values.mongo.persistence.storage }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/helm/capif/templates/mongo-register-express.yaml b/helm/capif/templates/mongo-register-express.yaml deleted file mode 100644 index 5de4b224cf20b07598636b1b6d228cccbf58c60b..0000000000000000000000000000000000000000 --- a/helm/capif/templates/mongo-register-express.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: mongo-register-express - labels: - io.kompose.service: mongo-register-express - {{- include "capif.labels" . | nindent 4 }} - annotations: - kompose.cmd: kompose -f ../services/docker-compose.yml convert - kompose.version: 1.28.0 (c4137012e) -spec: - type: {{ .Values.mongoRegisterExpress.type }} - selector: - io.kompose.service: mongo-register-express - {{- include "capif.selectorLabels" . | nindent 4 }} - ports: - {{- .Values.mongoRegisterExpress.ports | toYaml | nindent 2 -}} \ No newline at end of file diff --git a/helm/capif/templates/mongo-register-pvc.yaml b/helm/capif/templates/mongo-register-pvc.yaml deleted file mode 100644 index b5a11d663ee0d10949768b4f1073908154b5d0c2..0000000000000000000000000000000000000000 --- a/helm/capif/templates/mongo-register-pvc.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if eq .Values.monitoring.enable "true" }} -{{- if .Values.mongoRegister.mongo.persistence.enable }} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - labels: - io.kompose.service: mongo-register - name: mongo-register-pvc -spec: - storageClassName: {{ .Values.mongoRegister.mongo.persistence.storageClass }} - accessModes: - - ReadWriteMany - resources: - requests: - storage: {{ .Values.mongoRegister.mongo.persistence.storage }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/helm/capif/templates/mongo-register.yaml b/helm/capif/templates/mongo-register.yaml deleted file mode 100644 index 82b307f5f2bae9e026b1efb78c15a09d319d7306..0000000000000000000000000000000000000000 --- a/helm/capif/templates/mongo-register.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: mongo-register - labels: - io.kompose.service: mongo-register - {{- include "capif.labels" . | nindent 4 }} - annotations: - kompose.cmd: kompose -f ../services/docker-compose.yml convert - kompose.version: 1.28.0 (c4137012e) -spec: - type: {{ .Values.mongoRegister.type }} - selector: - io.kompose.service: mongo-register - {{- include "capif.selectorLabels" . | nindent 4 }} - ports: - {{- .Values.mongoRegister.ports | toYaml | nindent 2 -}} \ No newline at end of file diff --git a/helm/capif/templates/mongo.yaml b/helm/capif/templates/mongo.yaml deleted file mode 100644 index 864276480d68191f6363191ab080936d43484d17..0000000000000000000000000000000000000000 --- a/helm/capif/templates/mongo.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: mongo - labels: - io.kompose.service: mongo - {{- include "capif.labels" . | nindent 4 }} - annotations: - kompose.cmd: kompose -f ../services/docker-compose.yml convert - kompose.version: 1.28.0 (c4137012e) -spec: - type: {{ .Values.mongo.type }} - selector: - io.kompose.service: mongo - {{- include "capif.selectorLabels" . | nindent 4 }} - ports: - {{- .Values.mongo.ports | toYaml | nindent 2 -}} \ No newline at end of file diff --git a/helm/capif/templates/nginx-ingress-route.yaml b/helm/capif/templates/nginx-ingress-route.yaml deleted file mode 100644 index 57ca0bed1a4c8de978e244a34f346edb8606b003..0000000000000000000000000000000000000000 --- a/helm/capif/templates/nginx-ingress-route.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if eq .Values.nginx.ingressType "IngressRoute" }} ---- -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: nginx-capif-ingress-route -spec: - entryPoints: [web] - routes: - - kind: Rule - match: Host(`{{ .Values.nginx.nginx.env.capifHostname }} && Path(`/ca-root`, `/sign-csr`, `/certdata`, `/register`, `/testdata`, `/getauth`, `/test`)`) - services: - - kind: Service - name: nginx - port: 8080 - scheme: http -{{- end }} \ No newline at end of file diff --git a/helm/capif/templates/nginx-ssl-ingress-route.yaml b/helm/capif/templates/nginx-ssl-ingress-route.yaml deleted file mode 100644 index 8c806b69a712ee995f4c97c8e406383acb507190..0000000000000000000000000000000000000000 --- a/helm/capif/templates/nginx-ssl-ingress-route.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if eq .Values.nginx.ingressType "IngressRoute" }} ---- -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: nginx-ssl-capif-ingress-route -spec: - entryPoints: [web] - routes: - - kind: Rule - match: Host(`{{ .Values.nginx.nginx.env.capifHostname }}`) - services: - - kind: Service - name: nginx - port: 443 - tls: - passthrough: true -{{- end }} \ No newline at end of file diff --git a/helm/capif/templates/nginx-ssl-route.yaml b/helm/capif/templates/nginx-ssl-route.yaml deleted file mode 100644 index 3e24b72131a56915468f2dc40329fbf9c480f222..0000000000000000000000000000000000000000 --- a/helm/capif/templates/nginx-ssl-route.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if eq .Values.env "openshift" }} -apiVersion: route.openshift.io/v1 -kind: Route -metadata: - labels: - name: nginx-ssl -spec: - host: {{ .Values.nginx.nginx.env.capifHostname }} - port: - targetPort: "443" - tls: - termination: passthrough - to: - kind: Service - name: nginx - weight: 100 -status: - ingress: - - conditions: - host: {{ .Values.nginx.nginx.env.capifHostname }} - routerCanonicalHostname: router-default.apps.ocp-epg.hi.inet -{{- end }} \ No newline at end of file diff --git a/helm/capif/templates/nginx-ssl.yaml b/helm/capif/templates/nginx-ssl.yaml deleted file mode 100644 index 39487d524ac7a2f5e7dc52fd4dee83b0dfb46958..0000000000000000000000000000000000000000 --- a/helm/capif/templates/nginx-ssl.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if eq .Values.nginx.ingressType "Ingress" }} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: nginx-register - labels: - {{- include "capif.labels" . | nindent 4 }} - {{- with .Values.nginx.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - cert-manager.io/issuer: letsencrypt-issuer - {{- end }} -spec: -{{- if .Values.nginx.ingressClassName }} - ingressClassName: {{ .Values.nginx.ingressClassName }} -{{- end }} - rules: - - host: "{{ .Values.nginx.nginx.env.registerHostname }}" - http: - paths: - - backend: - service: - name: 'register' - port: - number: 8084 - path: / - pathType: Prefix - tls: - - hosts: - - "{{ .Values.nginx.nginx.env.registerHostname }}" - secretName: letsencrypt-secret -{{- end }} \ No newline at end of file diff --git a/helm/capif/templates/nginx.yaml b/helm/capif/templates/nginx.yaml deleted file mode 100644 index 61856f56231201a76f82b2dce5b79c802a8e6953..0000000000000000000000000000000000000000 --- a/helm/capif/templates/nginx.yaml +++ /dev/null @@ -1,48 +0,0 @@ -{{- if eq .Values.nginx.ingressType "Ingress" }} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: nginx - labels: - {{- include "capif.labels" . | nindent 4 }} - {{- with .Values.nginx.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - nginx.ingress.kubernetes.io/ssl-passthrough: "true" - nginx.ingress.kubernetes.io/ssl-redirect: "true" - {{- end }} -spec: -{{- if .Values.nginx.ingressClassName }} - ingressClassName: {{ .Values.nginx.ingressClassName }} -{{- end }} - rules: - - host: "{{ .Values.nginx.nginx.env.capifHostname }}" - http: - paths: - - backend: - service: - name: 'nginx' - port: - number: 443 - path: / - pathType: Prefix -{{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: nginx - labels: - io.kompose.service: nginx - {{- include "capif.labels" . | nindent 4 }} - annotations: - kompose.cmd: kompose -f ../services/docker-compose.yml convert - kompose.version: 1.28.0 (c4137012e) -spec: - type: {{ .Values.nginx.type }} - selector: - io.kompose.service: nginx - {{- include "capif.selectorLabels" . | nindent 4 }} - ports: - {{- .Values.nginx.ports | toYaml | nindent 2 -}} \ No newline at end of file diff --git a/helm/capif/templates/published-apis.yaml b/helm/capif/templates/published-apis.yaml deleted file mode 100644 index a5444f1640bf02b113d3bfd967bcde78122efcf2..0000000000000000000000000000000000000000 --- a/helm/capif/templates/published-apis.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: published-apis - labels: - io.kompose.service: published-apis - {{- include "capif.labels" . | nindent 4 }} - annotations: - kompose.cmd: kompose -f ../services/docker-compose.yml convert - kompose.version: 1.28.0 (c4137012e) -spec: - type: {{ .Values.publishedApis.type }} - selector: - io.kompose.service: published-apis - {{- include "capif.selectorLabels" . | nindent 4 }} - ports: - {{- .Values.publishedApis.ports | toYaml | nindent 2 -}} \ No newline at end of file diff --git a/helm/capif/templates/redis.yaml b/helm/capif/templates/redis.yaml deleted file mode 100644 index 3254a95f48f9b36be9de55d7f0c1d08df2ba5f73..0000000000000000000000000000000000000000 --- a/helm/capif/templates/redis.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: redis - labels: - io.kompose.service: redis - {{- include "capif.labels" . | nindent 4 }} - annotations: - kompose.cmd: kompose -f ../services/docker-compose.yml convert - kompose.version: 1.28.0 (c4137012e) -spec: - type: {{ .Values.redis.type }} - selector: - io.kompose.service: redis - {{- include "capif.selectorLabels" . | nindent 4 }} - ports: - {{- .Values.redis.ports | toYaml | nindent 2 -}} \ No newline at end of file diff --git a/helm/capif/templates/register-configmap.yaml b/helm/capif/templates/register-configmap.yaml deleted file mode 100644 index 7dcc300663333ac8276f068571b6a8380df4458e..0000000000000000000000000000000000000000 --- a/helm/capif/templates/register-configmap.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: register-configmap - labels: - {{- include "capif.labels" . | nindent 4 }} -data: - config.yaml: |- - mongo: { - 'user': 'root', - 'password': 'example', - 'db': 'capif_users', - 'col': 'user', - 'host': '{{ .Values.register.register.env.mongoHost }}', - 'port': '{{ .Values.register.register.env.mongoPort }}' - } - ca_factory: { - "url": "{{ .Values.parametersVault.env.vaultHostname }}", - "port": "{{ .Values.parametersVault.env.vaultPort }}", - "token": "{{ .Values.parametersVault.env.vaultAccessToken }}" - } - register: { - register_uuid: '6ba7b810-9dad-11d1-80b4-00c04fd430c8', - refresh_expiration: 30, #days - token_expiration: 10, #mins - admin_users: {admin: "password123"} - } \ No newline at end of file diff --git a/helm/capif/templates/register.yaml b/helm/capif/templates/register.yaml deleted file mode 100644 index 2de1d64248110745b5999c1e50e1b5801166b709..0000000000000000000000000000000000000000 --- a/helm/capif/templates/register.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if eq .Values.register.enable "true" }} -apiVersion: v1 -kind: Service -metadata: - name: register - labels: - io.kompose.service: register - {{- include "capif.labels" . | nindent 4 }} - annotations: - kompose.cmd: kompose -f ../services/docker-compose.yml convert - kompose.version: 1.28.0 (c4137012e) -spec: - type: {{ .Values.register.type }} - selector: - io.kompose.service: register - {{- include "capif.selectorLabels" . | nindent 4 }} - ports: - {{- .Values.register.ports | toYaml | nindent 2 -}} -{{- end }} \ No newline at end of file diff --git a/helm/capif/templates/service-apis.yaml b/helm/capif/templates/service-apis.yaml deleted file mode 100644 index bff1af594b5ceba6a7ba58a78103fb1b885b43ea..0000000000000000000000000000000000000000 --- a/helm/capif/templates/service-apis.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: service-apis - labels: - io.kompose.service: service-apis - {{- include "capif.labels" . | nindent 4 }} - annotations: - kompose.cmd: kompose -f ../services/docker-compose.yml convert - kompose.version: 1.28.0 (c4137012e) -spec: - type: {{ .Values.serviceApis.type }} - selector: - io.kompose.service: service-apis - {{- include "capif.selectorLabels" . | nindent 4 }} - ports: - {{- .Values.serviceApis.ports | toYaml | nindent 2 -}} \ No newline at end of file diff --git a/helm/capif/values.yaml b/helm/capif/values.yaml index f017ac0f0add5d0c6f03325104c3b5a3dbd2a365..a2c734795d50e70d046c2c933fc9eaac7bf375df 100644 --- a/helm/capif/values.yaml +++ b/helm/capif/values.yaml @@ -1,540 +1,6 @@ -# -- The Environment variable. Use openshift if you are deploying in Openshift cluster. anotherwise use the field empty -env: "" - -# Use the Ip address dude for the kubernetes to your Ingress Controller ej: kubectl -n NAMESPACE_CAPIF get ing -ingress: - ip: "10.17.173.127" - monitoring: enable: "true" -accessControlPolicy: - image: - # -- The docker image repository to use - repository: "public.ecr.aws/o2v4a8t6/opencapif/access-control-policy" - # -- The docker image tag to use - # @default Chart version - tag: "" - # -- Image pull policy: Always, IfNotPresent - imagePullPolicy: Always - # -- If env.monitoring: true. Setup monitoring.enable: true - env: - monitoring: "true" - resources: - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 100m - memory: 128Mi - ports: - - name: "8080" - port: 8080 - targetPort: 8080 - replicas: 1 - type: ClusterIP - -CapifClient: - # -- If enable capif client. - enable: "" - image: - # -- The docker image repository to use - repository: "public.ecr.aws/o2v4a8t6/opencapif/client" - # -- The docker image tag to use - # @default Chart version - tag: "" - # -- Image pull policy: Always, IfNotPresent - imagePullPolicy: Always - resources: - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 100m - memory: 128Mi - ports: - - name: "8080" - port: 8080 - targetPort: 8080 - replicas: 1 - type: ClusterIP - -apiInvocationLogs: - apiInvocationLogs: - image: - # -- The docker image repository to use - repository: "public.ecr.aws/o2v4a8t6/opencapif/api-invocation-logs-api" - # -- The docker image tag to use - # @default Chart version - tag: "" - # -- Image pull policy: Always, IfNotPresent - imagePullPolicy: Always - # -- If env.monitoring: true. Setup monitoring.enable: true - env: - monitoring: "true" - resources: - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 100m - memory: 128Mi - ports: - - name: "8080" - port: 8080 - targetPort: 8080 - replicas: 1 - type: ClusterIP -apiInvokerManagement: - apiInvokerManagement: - image: - # -- The docker image repository to use - repository: "public.ecr.aws/o2v4a8t6/opencapif/api-invoker-management-api" - # -- The docker image tag to use - # @default Chart version - tag: "" - # -- Image pull policy: Always, IfNotPresent - imagePullPolicy: Always - # -- If env.monitoring: true. Setup monitoring.enable: true - env: - monitoring: "true" - resources: - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 100m - memory: 128Mi - ports: - - name: "8080" - port: 8080 - targetPort: 8080 - replicas: 1 - type: ClusterIP -apiProviderManagement: - apiProviderManagement: - image: - # -- The docker image repository to use - repository: "public.ecr.aws/o2v4a8t6/opencapif/api-provider-management-api" - # -- The docker image tag to use - # @default Chart version - tag: "" - # -- Image pull policy: Always, IfNotPresent - imagePullPolicy: Always - # -- If env.monitoring: true. Setup monitoring.enable: true - env: - monitoring: "true" - resources: - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 100m - memory: 128Mi - ports: - - name: "8080" - port: 8080 - targetPort: 8080 - replicas: 1 - type: ClusterIP -capifEvents: - capifEvents: - image: - # -- The docker image repository to use - repository: "public.ecr.aws/o2v4a8t6/opencapif/events-api" - # -- The docker image tag to use - # @default Chart version - tag: "" - # -- Image pull policy: Always, IfNotPresent - imagePullPolicy: Always - # -- If env.monitoring: true. Setup monitoring.enable: true - env: - monitoring: "true" - resources: - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 100m - memory: 128Mi - ports: - - name: "8080" - port: 8080 - targetPort: 8080 - replicas: 1 - type: ClusterIP -capifRoutingInfo: - capifRoutingInfo: - image: - # -- The docker image repository to use - repository: "public.ecr.aws/o2v4a8t6/opencapif/routing-info-api" - # -- The docker image tag to use - # @default Chart version - tag: "" - # -- Image pull policy: Always, IfNotPresent - imagePullPolicy: Always - # -- If env.monitoring: true. Setup monitoring.enable: true - env: - monitoring: "true" - resources: - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 100m - memory: 128Mi - ports: - - name: "8080" - port: 8080 - targetPort: 8080 - replicas: 1 - type: ClusterIP -capifSecurity: - capifSecurity: - image: - # -- The docker image repository to use - repository: "public.ecr.aws/o2v4a8t6/opencapif/security-api" - # -- The docker image tag to use - # @default Chart version - tag: "" - # -- Image pull policy: Always, IfNotPresent - imagePullPolicy: Always - # -- If env.monitoring: true. Setup monitoring.enable: true - env: - monitoring: "true" - resources: - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 100m - memory: 128Mi - ports: - - name: "8080" - port: 8080 - targetPort: 8080 - replicas: 1 - type: ClusterIP -register: - # -- If register enabled. enable: true, enable: "" = not enabled - enable: "true" - register: - image: - # -- The docker image repository to use - repository: "public.ecr.aws/o2v4a8t6/opencapif/register" - # -- The docker image tag to use - # @default Chart version - tag: "" - # -- Image pull policy: Always, IfNotPresent - imagePullPolicy: Always - env: - mongoHost: mongo-register - mongoPort: 27017 - resources: - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 100m - memory: 128Mi - ports: - - name: "8080" - port: 8084 - targetPort: 8080 - replicas: 1 - type: ClusterIP -mongoRegister: - mongo: - env: - # User's password MongoDB - mongoInitdbRootPassword: example - # Name of User's mongodb - mongoInitdbRootUsername: root - image: - # -- The docker image repository to use - repository: "mongo" - # -- The docker image tag to use - # @default Chart version - tag: "6.0.2" - # -- Image pull policy: Always, IfNotPresent - imagePullPolicy: Always - # -- If mongoRegister.mongo.persistence enabled. enable: true, enable: false is = not enabled - persistence: - enable: true - storage: 8Gi - storageClass: nfs-01 - resources: {} -# limits: -# cpu: 100m -# memory: 128Mi -# requests: -# cpu: 100m -# memory: 128Mi - ports: - - name: "27017" - port: 27017 - targetPort: 27017 - replicas: 1 - type: ClusterIP - -kubernetesClusterDomain: cluster.local -logs: - # -- If register enabled. enable: true, enable: "" = not enabled - enable: "true" - logs: - image: - # -- The docker image repository to use - repository: "public.ecr.aws/o2v4a8t6/opencapif/auditing-api" - # -- The docker image tag to use - # @default Chart version - tag: "" - # -- Image pull policy: Always, IfNotPresent - imagePullPolicy: Always - # -- If env.monitoring: true. Setup monitoring.enable: true - env: - monitoring: "true" - resources: - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 100m - memory: 128Mi - ports: - - name: "8080" - port: 8080 - targetPort: 8080 - replicas: 1 - type: ClusterIP -mongo: - mongo: - env: - # User's password MongoDB - mongoInitdbRootPassword: example - # Name of User's mongodb - mongoInitdbRootUsername: root - image: - # -- The docker image repository to use - repository: "mongo" - # -- The docker image tag to use - # @default Chart version - tag: "6.0.2" - # -- Image pull policy: Always, IfNotPresent - imagePullPolicy: Always - resources: {} -# limits: -# cpu: 100m -# memory: 128Mi -# requests: -# cpu: 100m -# memory: 128Mi - ports: - - name: "27017" - port: 27017 - targetPort: 27017 - replicas: 1 - type: ClusterIP - # -- If mongo.persistence enabled. enable: true, enable: "" = not enabled - persistence: - enable: "true" - storage: 8Gi - storageClass: nfs-01 -mongoExpress: - mongoExpress: - env: - # User's password MongoDB - meConfigMongodbAdminpassword: example - # Name of User's mongodb - meConfigMongodbAdminusername: root - # URI for connecting MongoDB - meConfigMongodbUrl: mongodb://root:example@mongo:27017/ - image: - # -- The docker image repository to use - repository: "mongo-express" - # -- The docker image tag to use - # @default Chart version - tag: "1.0.0-alpha.4" - # -- Image pull policy: Always, IfNotPresent - imagePullPolicy: Always - resources: - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 100m - memory: 128Mi - ports: - - name: "8082" - port: 8082 - targetPort: 8081 - replicas: 1 - type: ClusterIP -mongoRegisterExpress: - mongoRegisterExpress: - env: - # User's password MongoDB - meConfigMongodbAdminpassword: example - # Name of User's mongodb - meConfigMongodbAdminusername: root - # URI for connecting MongoDB - meConfigMongodbUrl: mongodb://root:example@mongo-register:27017/ - image: - # -- The docker image repository to use - repository: "mongo-express" - # -- The docker image tag to use - # @default Chart version - tag: "1.0.0-alpha.4" - # -- Image pull policy: Always, IfNotPresent - imagePullPolicy: Always - resources: - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 100m - memory: 128Mi - ports: - - name: "8082" - port: 8082 - targetPort: 8081 - replicas: 1 - type: ClusterIP -nginx: - # -- if nginx.ingressType: "Ingress". set up monitoring.prometheus.ingress: true - # and monitoring.grafana.ingress: true - # Use IngressRoute if you want to use Gateway API. ex traefix - ingressType: "Ingress" - ingressClassName: nginx - annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - nginx.ingress.kubernetes.io/ssl-passthrough: "true" - nginx.ingress.kubernetes.io/ssl-redirect: "true" - nginx: - env: - # -- Ingress's host to Capif - capifHostname: "my-capif.apps.ocp-epg.hi.inet" - registerHostname: "register.app.ocp-epg.hi.inet" - image: - # -- The docker image repository to use - repository: "public.ecr.aws/o2v4a8t6/opencapif/nginx" - # -- The docker image tag to use - # @default Chart version - tag: "" - # -- Image pull policy: Always, IfNotPresent - imagePullPolicy: Always - resources: - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 100m - memory: 128Mi - ports: - - name: "8080" - port: 8080 - targetPort: 8080 - - name: "443" - port: 443 - targetPort: 443 - replicas: 1 - type: ClusterIP -publishedApis: - ports: - - name: "8080" - port: 8080 - targetPort: 8080 - publishedApis: - image: - # -- The docker image repository to use - repository: "public.ecr.aws/o2v4a8t6/opencapif/publish-service-api" - # -- The docker image tag to use - # @default Chart version - tag: "" - # -- Image pull policy: Always, IfNotPresent - imagePullPolicy: Always - # -- If env.monitoring: true. Setup monitoring.enable: true - env: - monitoring: "true" - resources: - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 100m - memory: 128Mi - replicas: 1 - type: ClusterIP -redis: - ports: - - name: "6379" - port: 6379 - targetPort: 6379 - redis: - env: - # Mode of replication - redisReplicationMode: master - image: - # -- The docker image repository to use - repository: "redis" - # -- The docker image tag to use - # @default Chart version - tag: "alpine" - # -- Image pull policy: Always, IfNotPresent - imagePullPolicy: Always - resources: - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 100m - memory: 128Mi - replicas: 1 - type: ClusterIP -serviceApis: - ports: - - name: "8080" - port: 8080 - targetPort: 8080 - replicas: 1 - serviceApis: - image: - # -- The docker image repository to use - repository: "public.ecr.aws/o2v4a8t6/opencapif/discover-service-api" - # -- The docker image tag to use - # @default Chart version - tag: "" - # -- Image pull policy: Always, IfNotPresent - imagePullPolicy: Always - # -- If env.monitoring: true. Setup monitoring.enable: true - env: - monitoring: "true" - resources: - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 100m - memory: 128Mi - type: ClusterIP -parametersVault: - env: - vaultHostname: vault-internal.mon.svc.cluster.local - vaultPort: 8200 - vaultAccessToken: dev-only-token - -helper: - env: - vaultHostname: vault-internal.mon.svc.cluster.local - vaultPort: 8200 - vaultAccessToken: dev-only-token - mongoHost: mongo - mongoPort: 27017 - capifHostname: my-capif.apps.ocp-epg.hi.inet - mongoInitdbRootUsername: root - mongoInitdbRootPassword: example - # -- With tempo.enabled: false. It won't be deployed # -- If monitoring.enable: "true". Also enable tempo.enabled: true tempo: @@ -546,6 +12,7 @@ tempo: persistence: enabled: true size: 3Gi + monitoring: # -- If monitoring enabled. enable: true, enable: "" = not enabled enable: "true" @@ -710,4 +177,3 @@ monitoring: ingressRoute: enable: "" host: grafana.5gnacar.int - diff --git a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/__main__.py b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/app.py similarity index 93% rename from services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/__main__.py rename to services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/app.py index 84f93cd054c01164237ac785b875fdbb102e199e..b4594103fdeb9f9b0c7be4ae9d3ab2deb0a1165d 100644 --- a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/__main__.py +++ b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/app.py @@ -2,13 +2,10 @@ import connexion import logging -from api_invoker_management import encoder - -from flask import Flask, jsonify, request +import encoder from flask_jwt_extended import JWTManager, jwt_required, create_access_token -from pymongo import MongoClient -from .config import Config -from .core.consumer_messager import Subscriber +from config import Config +from core.consumer_messager import Subscriber from logging.handlers import RotatingFileHandler import os from fluent import sender @@ -23,12 +20,6 @@ from opentelemetry.sdk.trace.export import BatchSpanProcessor from opentelemetry.instrumentation.redis import RedisInstrumentor - -import sys -import uuid - - - NAME = "Invoker-Service" def configure_monitoring(app, config): @@ -145,9 +136,4 @@ subscriber = Subscriber() @app.app.before_first_request def create_listener_message(): - executor.submit(subscriber.listen) - -if __name__ == '__main__': - import logging - app.run(debug=True, port=8080) - + executor.submit(subscriber.listen) \ No newline at end of file diff --git a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/config.py b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/config.py index 11e1c4f3626d7440c6cd999ed118afb3c93caa2e..01f9914cc141eb3c49fd73506e9b1c5470edd781 100644 --- a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/config.py +++ b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/config.py @@ -5,7 +5,7 @@ import os class Config: def __init__(self): self.cached = 0 - self.file="./config.yaml" + self.file="../config.yaml" self.my_config = {} stamp = os.stat(self.file).st_mtime diff --git a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/controllers/default_controller.py b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/controllers/default_controller.py index 12c217cfd224b92362eb86e4713e47f5882f1bcc..9ea3c42833a20adcf5d6ef598fc17de3efdfd644 100644 --- a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/controllers/default_controller.py +++ b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/controllers/default_controller.py @@ -1,14 +1,11 @@ import connexion -from api_invoker_management.models.api_invoker_enrolment_details import APIInvokerEnrolmentDetails # noqa: E501 +from ..models.api_invoker_enrolment_details import APIInvokerEnrolmentDetails # noqa: E501 from ..core.apiinvokerenrolmentdetails import InvokerManagementOperations from ..core.validate_user import ControlAccess -import json from flask import Response, request, current_app from flask_jwt_extended import jwt_required, get_jwt_identity -from ..encoder import JSONEncoder -from ..models.problem_details import ProblemDetails from cryptography import x509 from cryptography.hazmat.backends import default_backend from ..core.publisher import Publisher diff --git a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/apiinvokerenrolmentdetails.py b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/apiinvokerenrolmentdetails.py index 9bad92e8cafdaa8e0390eb09488ab477f8c92ed9..5a265b6b128a159fbb10f87d0ef375fc32c94a29 100644 --- a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/apiinvokerenrolmentdetails.py +++ b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/apiinvokerenrolmentdetails.py @@ -6,7 +6,7 @@ from .responses import bad_request_error, not_found_error, forbidden_error, inte from flask import current_app, Flask, Response import json from datetime import datetime -from ..util import dict_to_camel_case +from ..util import dict_to_camel_case, clean_empty from .auth_manager import AuthManager from .resources import Resource from ..config import Config @@ -74,7 +74,6 @@ class InvokerManagementOperations(Resource): api_invoker_id = 'INV'+str(secrets.token_hex(15)) cert = self.__sign_cert(apiinvokerenrolmentdetail.onboarding_information.api_invoker_public_key, api_invoker_id) - apiinvokerenrolmentdetail.api_invoker_id = api_invoker_id current_app.logger.debug(cert) apiinvokerenrolmentdetail.onboarding_information.api_invoker_certificate = cert['data']['certificate'] @@ -92,7 +91,7 @@ class InvokerManagementOperations(Resource): self.auth_manager.add_auth_invoker(cert['data']['certificate'], api_invoker_id) - res = make_response(object=apiinvokerenrolmentdetail, status=201) + res = make_response(object=dict_to_camel_case(clean_empty(apiinvokerenrolmentdetail.to_dict())), status=201) res.headers['Location'] = "/api-invoker-management/v1/onboardedInvokers/" + str(api_invoker_id) if res.status_code == 201: @@ -134,7 +133,9 @@ class InvokerManagementOperations(Resource): current_app.logger.debug("Invoker Resource inserted in database") - res = make_response(object=APIInvokerEnrolmentDetails().from_dict(dict_to_camel_case(result)), status=200) + invoker_updated = APIInvokerEnrolmentDetails().from_dict(dict_to_camel_case(result)) + + res = make_response(object=dict_to_camel_case(clean_empty(invoker_updated.to_dict())), status=200) if res.status_code == 200: current_app.logger.info("Invoker Updated") RedisEvent("API_INVOKER_UPDATED", "apiInvokerIds", [onboard_id]).send_event() diff --git a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/auth_manager.py b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/auth_manager.py index cfab01e271b46df831399394a92ce54732ff8003..c3736a6d4e2e95d58ab6a96c1e62fe42404538f1 100644 --- a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/auth_manager.py +++ b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/auth_manager.py @@ -1,5 +1,3 @@ - -from flask import current_app from cryptography import x509 from cryptography.hazmat.backends import default_backend from .resources import Resource diff --git a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/invoker_internal_ops.py b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/invoker_internal_ops.py index a0aa138a0d9c63b49446b4fa04c93e6afde3d03a..a680d4d53205846ed11e6723b553138877c564d8 100644 --- a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/invoker_internal_ops.py +++ b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/invoker_internal_ops.py @@ -1,6 +1,5 @@ from .resources import Resource -from flask import current_app class InvokerInternalOperations(Resource): diff --git a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/publisher.py b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/publisher.py index 3898c4b8309b14a05f8b5de89626fac8ebea4fc4..34fcdf453873b4b59a894d9f6b96b7ce1a217c2e 100644 --- a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/publisher.py +++ b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/publisher.py @@ -1,6 +1,4 @@ import redis -import sys -from flask import current_app class Publisher(): diff --git a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/resources.py b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/resources.py index 94e29ec07359c93a78d520f24fa91c88971d65c4..efbe3c2d4cf28cec298ef17b394011dcd6aa66cb 100644 --- a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/resources.py +++ b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/resources.py @@ -1,5 +1,5 @@ from abc import ABC, abstractmethod -from ..db.db import MongoDatabse +from db.db import MongoDatabse class Resource(ABC): diff --git a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/responses.py b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/responses.py index 962c4b6dd6ae07bce79dc8e810f10a507d526663..96ace13619f80f897251bf57a4ad2f9dfb1b755b 100644 --- a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/responses.py +++ b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/responses.py @@ -2,6 +2,7 @@ from ..models.problem_details import ProblemDetails from ..encoder import JSONEncoder from flask import Response import json +from ..util import dict_to_camel_case, clean_empty mimetype = "application/json" @@ -13,19 +14,35 @@ def make_response(object, status): def internal_server_error(detail, cause): prob = ProblemDetails(title="Internal Server Error", status=500, detail=detail, cause=cause) + prob = prob.to_dict() + prob = clean_empty(prob) + prob = dict_to_camel_case(prob) + return Response(json.dumps(prob, cls=JSONEncoder), status=500, mimetype=mimetype) def forbidden_error(detail, cause): prob = ProblemDetails(title="Forbidden", status=403, detail=detail, cause=cause) + prob = prob.to_dict() + prob = clean_empty(prob) + prob = dict_to_camel_case(prob) + return Response(json.dumps(prob, cls=JSONEncoder), status=403, mimetype=mimetype) def bad_request_error(detail, cause, invalid_params): prob = ProblemDetails(title="Bad Request", status=400, detail=detail, cause=cause, invalid_params=invalid_params) + prob = prob.to_dict() + prob = clean_empty(prob) + prob = dict_to_camel_case(prob) + return Response(json.dumps(prob, cls=JSONEncoder), status=400, mimetype=cause) def not_found_error(detail, cause): prob = ProblemDetails(title="Not Found", status=404, detail=detail, cause=cause) + prob = prob.to_dict() + prob = clean_empty(prob) + prob = dict_to_camel_case(prob) + return Response(json.dumps(prob, cls=JSONEncoder), status=404, mimetype=mimetype) \ No newline at end of file diff --git a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/validate_user.py b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/validate_user.py index 5a2a5dc560b1a7a6c2a62791ded0792da4746a90..bcf0d880f669fa3a298c08da63df17f58213d2ec 100644 --- a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/validate_user.py +++ b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/core/validate_user.py @@ -4,6 +4,8 @@ from ..models.problem_details import ProblemDetails from ..encoder import JSONEncoder from .resources import Resource from .responses import internal_server_error +from ..util import dict_to_camel_case, clean_empty + class ControlAccess(Resource): @@ -18,6 +20,9 @@ class ControlAccess(Resource): if cert_entry is not None: if cert_entry["cert_signature"] != cert_signature: prob = ProblemDetails(title="Unauthorized", detail="User not authorized", cause="You are not the owner of this resource") + prob = prob.to_dict() + prob = clean_empty(prob) + prob = dict_to_camel_case(prob) return Response(json.dumps(prob, cls=JSONEncoder), status=401, mimetype="application/json") except Exception as e: diff --git a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/db/db.py b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/db/db.py index b92280aea934b75d2cdee519fae0345744a2df6a..1ef0262504047495eba1c6f05d4d2e3de8d5391d 100644 --- a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/db/db.py +++ b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/db/db.py @@ -1,8 +1,7 @@ -import atexit import time from pymongo import MongoClient from pymongo.errors import AutoReconnect -from ..config import Config +from config import Config from bson.codec_options import CodecOptions import os from opentelemetry.instrumentation.pymongo import PymongoInstrumentor diff --git a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/encoder.py b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/encoder.py index 04b06eb0adb09b675ccd98384aa98fc9fabbbe2c..80bad8fa9220ab873e044b7adc0a849746088ad5 100644 --- a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/encoder.py +++ b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/encoder.py @@ -1,7 +1,7 @@ from connexion.apps.flask_app import FlaskJSONEncoder import six -from api_invoker_management.models.base_model_ import Model +from models.base_model_ import Model class JSONEncoder(FlaskJSONEncoder): diff --git a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/util.py b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/util.py index 6ce55d89b6a2673f6ad15702c9335d578877825e..27ba971d63477ec583e6c0fe54097c652daab757 100644 --- a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/util.py +++ b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/util.py @@ -1,8 +1,20 @@ import datetime import six -import typing -from api_invoker_management import typing_utils +import typing_utils + + +def clean_empty(d): + if isinstance(d, dict): + return { + k: v + for k, v in ((k, clean_empty(v)) for k, v in d.items()) + if v + } + if isinstance(d, list): + return [v for v in map(clean_empty, d) if v] + return d + def dict_to_camel_case(my_dict): diff --git a/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/wsgi.py b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/wsgi.py new file mode 100644 index 0000000000000000000000000000000000000000..6026b0fa96078634d3455ab93d71dcdc78774276 --- /dev/null +++ b/services/TS29222_CAPIF_API_Invoker_Management_API/api_invoker_management/wsgi.py @@ -0,0 +1,4 @@ +from app import app + +if __name__ == "__main__": + app.run() diff --git a/services/TS29222_CAPIF_API_Invoker_Management_API/prepare_invoker.sh b/services/TS29222_CAPIF_API_Invoker_Management_API/prepare_invoker.sh index 90ce2be086ecaa87740728f0f1f32c10627b0c1e..df73fa6481be279fa52e2d825b529024f1f36bff 100644 --- a/services/TS29222_CAPIF_API_Invoker_Management_API/prepare_invoker.sh +++ b/services/TS29222_CAPIF_API_Invoker_Management_API/prepare_invoker.sh @@ -14,5 +14,5 @@ curl -vv -k -retry 30 \ --request GET "$VAULT_ADDR/v1/secret/data/server_cert/pub" 2>/dev/null | jq -r '.data.data.pub_key' -j > /usr/src/app/api_invoker_management/pubkey.pem -cd /usr/src/app/ -python3 -m api_invoker_management \ No newline at end of file +gunicorn --bind 0.0.0.0:8080 \ + --chdir /usr/src/app/api_invoker_management wsgi:app \ No newline at end of file diff --git a/services/TS29222_CAPIF_API_Invoker_Management_API/requirements.txt b/services/TS29222_CAPIF_API_Invoker_Management_API/requirements.txt index d6cb4ae96c79f7d5e13dff3f0b3f25f29a4eff65..ae880009b3e4c009bc4c663f49f9e49857ef63c5 100644 --- a/services/TS29222_CAPIF_API_Invoker_Management_API/requirements.txt +++ b/services/TS29222_CAPIF_API_Invoker_Management_API/requirements.txt @@ -20,4 +20,5 @@ opentelemetry-api == 1.19.0 opentelemetry-sdk == 1.19.0 flask_executor == 1.0.0 Werkzeug == 2.2.3 - +gunicorn==22.0.0 +packaging==24.0 diff --git a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/__main__.py b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/app.py similarity index 81% rename from services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/__main__.py rename to services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/app.py index ee714167dd600054ebe09f2d6cbadda5d4ec7300..94ca3edcb2b4b9ea9b93ad9b63171ecc6f1d9822 100644 --- a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/__main__.py +++ b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/app.py @@ -3,14 +3,13 @@ import connexion import logging -from api_provider_management import encoder +import encoder from flask_jwt_extended import JWTManager from logging.handlers import RotatingFileHandler -from .config import Config +from config import Config import os import sys from fluent import sender -from flask_executor import Executor from opentelemetry.instrumentation.flask import FlaskInstrumentor from opentelemetry import trace from opentelemetry.trace.propagation.tracecontext import TraceContextTextMapPropagator @@ -106,32 +105,24 @@ def verbose_formatter(): datefmt='%d/%m/%Y %H:%M:%S' ) -def main(): - with open("/usr/src/app/api_provider_management/pubkey.pem", "rb") as pub_file: - pub_data = pub_file.read() +with open("/usr/src/app/api_provider_management/pubkey.pem", "rb") as pub_file: + pub_data = pub_file.read() - app = connexion.App(__name__, specification_dir='./openapi/') - app.app.json_encoder = encoder.JSONEncoder - app.add_api('openapi.yaml', - arguments={'title': 'CAPIF_API_Provider_Management_API'}, - pythonic_params=True) +app = connexion.App(__name__, specification_dir='./openapi/') +app.app.json_encoder = encoder.JSONEncoder +app.add_api('openapi.yaml', + arguments={'title': 'CAPIF_API_Provider_Management_API'}, + pythonic_params=True) - config = Config() - configure_logging(app.app) +config = Config() +configure_logging(app.app) - monitoring_value = os.environ.get("MONITORING", "").lower() - if monitoring_value == "true": - configure_monitoring(app.app, config.get_config()) +monitoring_value = os.environ.get("MONITORING", "").lower() +if monitoring_value == "true": + configure_monitoring(app.app, config.get_config()) - app.app.config['JWT_ALGORITHM'] = 'RS256' - app.app.config['JWT_PUBLIC_KEY'] = pub_data +app.app.config['JWT_ALGORITHM'] = 'RS256' +app.app.config['JWT_PUBLIC_KEY'] = pub_data - JWTManager(app.app) - - - app.run(port=8080, debug=True) - - -if __name__ == '__main__': - main() +JWTManager(app.app) diff --git a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/config.py b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/config.py index 377b14f8c368cebf98409223d089fc31326d1987..bed212ac136607ee7459f333b0f50bf7f3481b6b 100644 --- a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/config.py +++ b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/config.py @@ -5,7 +5,7 @@ import os class Config: def __init__(self): self.cached = 0 - self.file="./config.yaml" + self.file="../config.yaml" self.my_config = {} stamp = os.stat(self.file).st_mtime if stamp != self.cached: diff --git a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/controllers/default_controller.py b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/controllers/default_controller.py index f5bcf167319a5d29255b0b2c688c2e3ab60f460f..d9a190cd5cd48ceca8fcb7c8ecea79bc5c173b29 100644 --- a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/controllers/default_controller.py +++ b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/controllers/default_controller.py @@ -1,19 +1,18 @@ import connexion -import six -import json - from flask import Response, request, current_app + from ..core.provider_enrolment_details_api import ProviderManagementOperations -from ..encoder import JSONEncoder -from api_provider_management.models.api_provider_enrolment_details import APIProviderEnrolmentDetails # noqa: E501 -from api_provider_management.models.problem_details import ProblemDetails # noqa: E501 -from api_provider_management import util +from ..models.api_provider_enrolment_details import APIProviderEnrolmentDetails # noqa: E501 +from ..models.problem_details import ProblemDetails # noqa: E501 +from .. import util +from ..core.validate_user import ControlAccess + from cryptography import x509 from cryptography.hazmat.backends import default_backend from flask_jwt_extended import jwt_required, get_jwt_identity from cryptography import x509 from functools import wraps -from ..core.validate_user import ControlAccess + import sys diff --git a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/controllers/individual_api_provider_enrolment_details_controller.py b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/controllers/individual_api_provider_enrolment_details_controller.py index dde822bbfbd9a8099bf4f7dcc9f84dfc7f57a2ad..dee8d1539b8945e2ff049a9ad8afb5dc4a0c34c9 100644 --- a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/controllers/individual_api_provider_enrolment_details_controller.py +++ b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/controllers/individual_api_provider_enrolment_details_controller.py @@ -1,15 +1,12 @@ -from email.quoprimime import body_decode import connexion -import six -import json - from flask import Response, request, current_app from ..core.provider_enrolment_details_api import ProviderManagementOperations from ..encoder import JSONEncoder -from api_provider_management.models.api_provider_enrolment_details import APIProviderEnrolmentDetails # noqa: E501 -from api_provider_management.models.api_provider_enrolment_details_patch import APIProviderEnrolmentDetailsPatch # noqa: E501 -from api_provider_management.models.problem_details import ProblemDetails # noqa: E501 -from api_provider_management import util +from ..models.api_provider_enrolment_details import APIProviderEnrolmentDetails # noqa: E501 +from ..models.api_provider_enrolment_details_patch import APIProviderEnrolmentDetailsPatch # noqa: E501 +from ..models.problem_details import ProblemDetails # noqa: E501 +from .. import util + from cryptography.hazmat.backends import default_backend from cryptography import x509 diff --git a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/auth_manager.py b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/auth_manager.py index a4a2d2419926d281426ce7876f4d45c1165fed40..cfa302ada519fbe9116b2bc33cae39ddeb009f87 100644 --- a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/auth_manager.py +++ b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/auth_manager.py @@ -1,5 +1,4 @@ -from flask import current_app from cryptography import x509 from cryptography.hazmat.backends import default_backend from .resources import Resource diff --git a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/provider_enrolment_details_api.py b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/provider_enrolment_details_api.py index 399ac7457f971397966d7385f5ad2702babc338e..0b54ee8152e85552bd99c5d64560498e67e69721 100644 --- a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/provider_enrolment_details_api.py +++ b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/provider_enrolment_details_api.py @@ -45,7 +45,7 @@ class ProviderManagementOperations(Resource): api_provider_enrolment_details.api_prov_dom_id = secrets.token_hex(15) - current_app.logger.debug("Geretaing certs to api prov funcs") + current_app.logger.debug("Generating certs to api prov funcs") for api_provider_func in api_provider_enrolment_details.api_prov_funcs: api_provider_func.api_prov_func_id = api_provider_func.api_prov_func_role + str(secrets.token_hex(15)) @@ -64,7 +64,8 @@ class ProviderManagementOperations(Resource): current_app.logger.debug("Provider inserted in database") - res = make_response(object=api_provider_enrolment_details, status=201) + res = make_response(object=dict_to_camel_case(api_provider_enrolment_details.to_dict()), status=201) + res.headers['Location'] = "/api-provider-management/v1/registrations/" + str(api_provider_enrolment_details.api_prov_dom_id) return res @@ -123,22 +124,21 @@ class ProviderManagementOperations(Resource): for api_func in api_prov_funcs: if func.api_prov_func_id == api_func["api_prov_func_id"]: if func.api_prov_func_role != api_func["api_prov_func_role"]: - return bad_request_error(detail="Bad Role in provider", cause="Different role in update reqeuest", invalid_params=[{"param":"api_prov_func_role","reason":"differente role with same id"}]) + return bad_request_error(detail="Bad Role in provider", cause="Different role in update reqeuest", invalid_params=[{"param":"api_prov_func_role","reason":"different role with same id"}]) if func.reg_info.api_prov_pub_key != api_func["reg_info"]["api_prov_pub_key"]: certificate = sign_certificate(func.reg_info.api_prov_pub_key, api_func["api_prov_func_id"]) func.reg_info.api_prov_cert = certificate self.auth_manager.update_auth_provider(certificate, func.api_prov_func_id, api_prov_dom_id, func.api_prov_func_role) - api_provider_enrolment_details = api_provider_enrolment_details.to_dict() api_provider_enrolment_details = clean_empty(api_provider_enrolment_details) result = mycol.find_one_and_update(result, {"$set":api_provider_enrolment_details}, projection={'_id': 0},return_document=ReturnDocument.AFTER ,upsert=False) - result = clean_empty(result) current_app.logger.debug("Provider domain updated in database") - return make_response(object=APIProviderEnrolmentDetails().from_dict(dict_to_camel_case(result)), status=200) + provider_updated = APIProviderEnrolmentDetails().from_dict(dict_to_camel_case(result)) + return make_response(object=dict_to_camel_case(provider_updated.to_dict()), status=200) except Exception as e: exception = "An exception occurred in update provider" @@ -163,8 +163,8 @@ class ProviderManagementOperations(Resource): result = clean_empty(result) current_app.logger.debug("Provider domain updated in database") - - return make_response(object=APIProviderEnrolmentDetails().from_dict(dict_to_camel_case(result)), status=200) + provider_updated = APIProviderEnrolmentDetails().from_dict(dict_to_camel_case(result)) + return make_response(object=dict_to_camel_case(provider_updated.to_dict()), status=200) except Exception as e: exception = "An exception occurred in patch provider" diff --git a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/publisher.py b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/publisher.py index 38d7259fbf3480e808cd67c3f25f965a5ffcdba4..acedb7e3e337fda548faf59c1a1b240a4ca6f905 100644 --- a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/publisher.py +++ b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/publisher.py @@ -1,5 +1,4 @@ import redis -import sys class Publisher(): diff --git a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/resources.py b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/resources.py index 86e99d4bfcd5811fcc9256cfdb82839266dbd8b5..7b8092ab35ed7214a6eddfdad30577747e3a673a 100644 --- a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/resources.py +++ b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/resources.py @@ -1,6 +1,6 @@ -from abc import ABC, abstractmethod -from ..db.db import MongoDatabse -from .publisher import Publisher +from abc import ABC +from db.db import MongoDatabse +from core.publisher import Publisher class Resource(ABC): diff --git a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/responses.py b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/responses.py index 962c4b6dd6ae07bce79dc8e810f10a507d526663..4ad6bb852aa030e61f7c9e21d1ba80ec1866dbee 100644 --- a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/responses.py +++ b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/responses.py @@ -1,31 +1,49 @@ from ..models.problem_details import ProblemDetails from ..encoder import JSONEncoder -from flask import Response +from ..util import dict_to_camel_case, clean_empty +from flask import Response, current_app import json mimetype = "application/json" + def make_response(object, status): res = Response(json.dumps(object, cls=JSONEncoder), status=status, mimetype=mimetype) return res + def internal_server_error(detail, cause): prob = ProblemDetails(title="Internal Server Error", status=500, detail=detail, cause=cause) - return Response(json.dumps(prob, cls=JSONEncoder), status=500, mimetype=mimetype) + prob = prob.to_dict() + prob = clean_empty(prob) + + return Response(json.dumps(dict_to_camel_case(prob), cls=JSONEncoder), status=500, mimetype=mimetype) + def forbidden_error(detail, cause): prob = ProblemDetails(title="Forbidden", status=403, detail=detail, cause=cause) - return Response(json.dumps(prob, cls=JSONEncoder), status=403, mimetype=mimetype) + prob = prob.to_dict() + prob = clean_empty(prob) + + return Response(json.dumps(dict_to_camel_case(prob), cls=JSONEncoder), status=403, mimetype=mimetype) + def bad_request_error(detail, cause, invalid_params): prob = ProblemDetails(title="Bad Request", status=400, detail=detail, cause=cause, invalid_params=invalid_params) - return Response(json.dumps(prob, cls=JSONEncoder), status=400, mimetype=cause) + prob = prob.to_dict() + prob = clean_empty(prob) + + return Response(json.dumps(dict_to_camel_case(prob), cls=JSONEncoder), status=400, mimetype=cause) + def not_found_error(detail, cause): prob = ProblemDetails(title="Not Found", status=404, detail=detail, cause=cause) - return Response(json.dumps(prob, cls=JSONEncoder), status=404, mimetype=mimetype) \ No newline at end of file + prob = prob.to_dict() + prob = clean_empty(prob) + + return Response(json.dumps(dict_to_camel_case(prob), cls=JSONEncoder), status=404, mimetype=mimetype) \ No newline at end of file diff --git a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/sign_certificate.py b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/sign_certificate.py index dff8006a5cf875df443d4ac661180ba14e86083e..1e23a8104ede297eaa13a2c870c7df5635ad412c 100644 --- a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/sign_certificate.py +++ b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/sign_certificate.py @@ -1,6 +1,5 @@ import requests import json -import sys from ..config import Config def sign_certificate(publick_key, provider_id): diff --git a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/validate_user.py b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/validate_user.py index 4d101aee06bd0e3a763f8727c7bdb2f9a09caa61..4a9445dcac121dd9c073cab1bd3cca64e4e849b8 100644 --- a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/validate_user.py +++ b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/validate_user.py @@ -4,6 +4,7 @@ from ..models.problem_details import ProblemDetails from ..encoder import JSONEncoder from .resources import Resource from .responses import internal_server_error +from ..util import dict_to_camel_case, clean_empty class ControlAccess(Resource): @@ -18,6 +19,9 @@ class ControlAccess(Resource): if cert_entry is not None: if cert_entry["cert_signature"] != cert_signature: prob = ProblemDetails(title="Unauthorized", detail="User not authorized", cause="You are not the owner of this resource") + prob = prob.to_dict() + prob = clean_empty(prob) + prob = dict_to_camel_case(prob) return Response(json.dumps(prob, cls=JSONEncoder), status=401, mimetype="application/json") except Exception as e: diff --git a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/db/db.py b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/db/db.py index 2eea8cc11c9c76635389a5c98d79bddb205d4ee0..024529c6927f900e815804567bf3dd283c3d2a57 100644 --- a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/db/db.py +++ b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/db/db.py @@ -1,8 +1,7 @@ -import atexit import time from pymongo import MongoClient from pymongo.errors import AutoReconnect -from ..config import Config +from config import Config from bson.codec_options import CodecOptions import os from opentelemetry.instrumentation.pymongo import PymongoInstrumentor diff --git a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/encoder.py b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/encoder.py index 01531f242309ec381907e92bba20d3cf9f01306d..3f1c01ce6812b1ff12e0d1d284bc433e951e1ea6 100644 --- a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/encoder.py +++ b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/encoder.py @@ -1,8 +1,7 @@ from connexion.apps.flask_app import FlaskJSONEncoder import six -from api_provider_management.models.base_model_ import Model - +from models.base_model_ import Model class JSONEncoder(FlaskJSONEncoder): include_nulls = False diff --git a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/util.py b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/util.py index e769d2852d772e8716895c7c9313987f4e44bf74..6fc44d5dbab0b9106f0531b8296b0197f8f927ff 100644 --- a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/util.py +++ b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/util.py @@ -1,8 +1,6 @@ import datetime - import six -import typing -from api_provider_management import typing_utils +import typing_utils def clean_empty(d): if isinstance(d, dict): diff --git a/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/wsgi.py b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/wsgi.py new file mode 100644 index 0000000000000000000000000000000000000000..6026b0fa96078634d3455ab93d71dcdc78774276 --- /dev/null +++ b/services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/wsgi.py @@ -0,0 +1,4 @@ +from app import app + +if __name__ == "__main__": + app.run() diff --git a/services/TS29222_CAPIF_API_Provider_Management_API/prepare_provider.sh b/services/TS29222_CAPIF_API_Provider_Management_API/prepare_provider.sh index 93bf420144dcbd0fdfb40055dc94104d9e63d07b..5ec3096850c15a6a5ec6f9ad7173e61a122baf97 100644 --- a/services/TS29222_CAPIF_API_Provider_Management_API/prepare_provider.sh +++ b/services/TS29222_CAPIF_API_Provider_Management_API/prepare_provider.sh @@ -13,7 +13,7 @@ curl -vv -k -retry 30 \ --request GET "$VAULT_ADDR/v1/secret/data/server_cert/pub" 2>/dev/null | jq -r '.data.data.pub_key' -j > /usr/src/app/api_provider_management/pubkey.pem +gunicorn --bind 0.0.0.0:8080 \ + --chdir /usr/src/app/api_provider_management wsgi:app -cd /usr/src/app/ -python3 -m api_provider_management diff --git a/services/TS29222_CAPIF_API_Provider_Management_API/requirements.txt b/services/TS29222_CAPIF_API_Provider_Management_API/requirements.txt index 03fc57fbbb9e2aa95e6c9dd07cca4b9fd78a3046..aa6fdc57f0247d97eab7791523c6d21ea808ef48 100644 --- a/services/TS29222_CAPIF_API_Provider_Management_API/requirements.txt +++ b/services/TS29222_CAPIF_API_Provider_Management_API/requirements.txt @@ -19,4 +19,5 @@ opentelemetry-api == 1.17.0 opentelemetry-sdk == 1.17.0 flask_executor == 1.0.0 Werkzeug == 2.2.3 - +gunicorn==22.0.0 +packaging==24.0 diff --git a/services/TS29222_CAPIF_Access_Control_Policy_API/Dockerfile b/services/TS29222_CAPIF_Access_Control_Policy_API/Dockerfile index 92dcb338cb2592781871d50a47f69796ab664f41..c69bd56afa7c975dd03c3f83115145b076594dd1 100644 --- a/services/TS29222_CAPIF_Access_Control_Policy_API/Dockerfile +++ b/services/TS29222_CAPIF_Access_Control_Policy_API/Dockerfile @@ -11,6 +11,6 @@ COPY . /usr/src/app EXPOSE 8080 -ENTRYPOINT ["python3"] +ENTRYPOINT ["gunicorn"] -CMD ["-m", "openapi_server"] \ No newline at end of file +CMD ["--bind", "0.0.0.0:8080", "--chdir", "/usr/src/app/capif_acl", "wsgi:app"] \ No newline at end of file diff --git a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/__init__.py b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/__init__.py similarity index 100% rename from services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/__init__.py rename to services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/__init__.py diff --git a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/__main__.py b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/app.py similarity index 94% rename from services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/__main__.py rename to services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/app.py index ae9ad7ec47c744fd6e3cc488d9c1200c9d251501..a47335578bcb2c66a5392cc3d9d830a8f2e1723e 100644 --- a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/__main__.py +++ b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/app.py @@ -2,19 +2,17 @@ import connexion -from openapi_server import encoder +import encoder import logging -from flask import Flask, jsonify, request from flask_jwt_extended import JWTManager, jwt_required, create_access_token -from pymongo import MongoClient from logging.handlers import RotatingFileHandler -from .config import Config +from config import Config from datetime import datetime import os from fluent import sender -from .core.consumer_messager import Subscriber +from core.consumer_messager import Subscriber from flask_executor import Executor from flask_apscheduler import APScheduler from opentelemetry.instrumentation.flask import FlaskInstrumentor @@ -117,11 +115,8 @@ app.add_api('openapi.yaml', arguments={'title': 'CAPIF_Access_Control_policy_API'}, pythonic_params=True) - config = Config() - - jwt = JWTManager(app.app) configure_logging(app.app) @@ -138,12 +133,9 @@ subscriber = Subscriber() scheduler = APScheduler() scheduler.api_enabled = True scheduler.init_app(app.app) +scheduler.start() @scheduler.task('date', id='listener', next_run_time=datetime.now()) def up_listener(): with scheduler.app.app_context(): executor.submit(subscriber.listen()) - -if __name__ == '__main__': - scheduler.start() - app.run(debug=True,port=8080, use_reloader=False) diff --git a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/config.py b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/config.py similarity index 92% rename from services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/config.py rename to services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/config.py index 11e1c4f3626d7440c6cd999ed118afb3c93caa2e..01f9914cc141eb3c49fd73506e9b1c5470edd781 100644 --- a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/config.py +++ b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/config.py @@ -5,7 +5,7 @@ import os class Config: def __init__(self): self.cached = 0 - self.file="./config.yaml" + self.file="../config.yaml" self.my_config = {} stamp = os.stat(self.file).st_mtime diff --git a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/controllers/__init__.py b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/controllers/__init__.py similarity index 100% rename from services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/controllers/__init__.py rename to services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/controllers/__init__.py diff --git a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/controllers/default_controller.py b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/controllers/default_controller.py similarity index 98% rename from services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/controllers/default_controller.py rename to services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/controllers/default_controller.py index c17e19585710f78c4374eb50e1cafa2070973432..eb047f064d5012bd8fc5743ff0e4d358ca075298 100644 --- a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/controllers/default_controller.py +++ b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/controllers/default_controller.py @@ -1,4 +1,4 @@ -from typing import Dict + from functools import wraps from flask import request, current_app from cryptography import x509 @@ -6,6 +6,7 @@ from cryptography.hazmat.backends import default_backend from ..core.accesscontrolpolicyapi import accessControlPolicyApi + def cert_validation(): def _cert_validation(f): @wraps(f) diff --git a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/controllers/security_controller_.py b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/controllers/security_controller_.py similarity index 100% rename from services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/controllers/security_controller_.py rename to services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/controllers/security_controller_.py diff --git a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/core/accesscontrolpolicyapi.py b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/core/accesscontrolpolicyapi.py similarity index 98% rename from services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/core/accesscontrolpolicyapi.py rename to services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/core/accesscontrolpolicyapi.py index f644caef07f1ffb72d8ed4fc5492f37ebf97e14e..d82ac984b04e746ad372a3e0574a67e50a77d88f 100644 --- a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/core/accesscontrolpolicyapi.py +++ b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/core/accesscontrolpolicyapi.py @@ -4,6 +4,7 @@ from .responses import make_response, not_found_error, internal_server_error from ..models.access_control_policy_list import AccessControlPolicyList from ..util import dict_to_camel_case, clean_empty + class accessControlPolicyApi(Resource): def get_acl(self, service_api_id, aef_id, api_invoker_id, supported_features): @@ -45,7 +46,7 @@ class accessControlPolicyApi(Resource): return not_found_error(f"No ACLs found for the requested service: {service_api_id}, aef_id: {aef_id}, invoker: {api_invoker_id} and supportedFeatures: {supported_features}", "Wrong id") acl = AccessControlPolicyList(api_invoker_policies) - response = acl.to_dict() + response = clean_empty(acl.to_dict()) return make_response(object=dict_to_camel_case(response), status=200) except Exception as e: diff --git a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/core/consumer_messager.py b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/core/consumer_messager.py similarity index 98% rename from services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/core/consumer_messager.py rename to services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/core/consumer_messager.py index 72c51eeacdbf45668cde55141e17a4ad87db0e09..0da24408e801f22693e0412636df090680c1424c 100644 --- a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/core/consumer_messager.py +++ b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/core/consumer_messager.py @@ -1,6 +1,6 @@ # subscriber.py import redis -from ..config import Config +from config import Config from .internal_service_ops import InternalServiceOps from flask import current_app diff --git a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/core/internal_service_ops.py b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/core/internal_service_ops.py similarity index 96% rename from services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/core/internal_service_ops.py rename to services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/core/internal_service_ops.py index 26a7d53795a41899aa2ff4726a80685fcdc01db2..1e5aa20c0d708dee31e51b2586e0295ba3ea629a 100644 --- a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/core/internal_service_ops.py +++ b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/core/internal_service_ops.py @@ -1,11 +1,12 @@ from flask import current_app from .resources import Resource -from ..models.api_invoker_policy import ApiInvokerPolicy -from ..models.time_range_list import TimeRangeList +from models.api_invoker_policy import ApiInvokerPolicy +from models.time_range_list import TimeRangeList from datetime import datetime, timedelta + from .redis_event import RedisEvent -from ..util import dict_to_camel_case, clean_empty +from util import dict_to_camel_case, clean_empty class InternalServiceOps(Resource): diff --git a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/core/publisher.py b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/core/publisher.py similarity index 83% rename from services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/core/publisher.py rename to services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/core/publisher.py index 3898c4b8309b14a05f8b5de89626fac8ebea4fc4..8292de4d4330b14c17be74e7448403b56fc5b9e3 100644 --- a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/core/publisher.py +++ b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/core/publisher.py @@ -1,6 +1,5 @@ import redis -import sys -from flask import current_app + class Publisher(): diff --git a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/core/redis_event.py b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/core/redis_event.py similarity index 97% rename from services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/core/redis_event.py rename to services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/core/redis_event.py index aadbdbb6b3116cf288648de41effdb12b9ca9143..40e3e406830e58a72359e4283d8ff6e0d66bb893 100644 --- a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/core/redis_event.py +++ b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/core/redis_event.py @@ -1,4 +1,4 @@ -from ..encoder import JSONEncoder +from encoder import JSONEncoder from .publisher import Publisher import json diff --git a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/core/resources.py b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/core/resources.py similarity index 53% rename from services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/core/resources.py rename to services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/core/resources.py index 94e29ec07359c93a78d520f24fa91c88971d65c4..d5a3552d6b3459a77d30df65d0bbda4a86c7fa61 100644 --- a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/core/resources.py +++ b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/core/resources.py @@ -1,5 +1,6 @@ -from abc import ABC, abstractmethod -from ..db.db import MongoDatabse +from abc import ABC +from db.db import MongoDatabse + class Resource(ABC): diff --git a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/core/responses.py b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/core/responses.py similarity index 73% rename from services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/core/responses.py rename to services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/core/responses.py index 962c4b6dd6ae07bce79dc8e810f10a507d526663..9d5ea092050de02f5813149bde790f9becaa3c90 100644 --- a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/core/responses.py +++ b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/core/responses.py @@ -1,31 +1,53 @@ from ..models.problem_details import ProblemDetails from ..encoder import JSONEncoder from flask import Response +from ..util import dict_to_camel_case, clean_empty import json mimetype = "application/json" + def make_response(object, status): res = Response(json.dumps(object, cls=JSONEncoder), status=status, mimetype=mimetype) return res + def internal_server_error(detail, cause): prob = ProblemDetails(title="Internal Server Error", status=500, detail=detail, cause=cause) + prob = prob.to_dict() + prob = clean_empty(prob) + prob = dict_to_camel_case(prob) + return Response(json.dumps(prob, cls=JSONEncoder), status=500, mimetype=mimetype) + def forbidden_error(detail, cause): prob = ProblemDetails(title="Forbidden", status=403, detail=detail, cause=cause) + prob = prob.to_dict() + prob = clean_empty(prob) + prob = dict_to_camel_case(prob) + return Response(json.dumps(prob, cls=JSONEncoder), status=403, mimetype=mimetype) + def bad_request_error(detail, cause, invalid_params): prob = ProblemDetails(title="Bad Request", status=400, detail=detail, cause=cause, invalid_params=invalid_params) + prob = prob.to_dict() + prob = clean_empty(prob) + prob = dict_to_camel_case(prob) + return Response(json.dumps(prob, cls=JSONEncoder), status=400, mimetype=cause) + def not_found_error(detail, cause): prob = ProblemDetails(title="Not Found", status=404, detail=detail, cause=cause) + prob = prob.to_dict() + prob = clean_empty(prob) + prob = dict_to_camel_case(prob) + return Response(json.dumps(prob, cls=JSONEncoder), status=404, mimetype=mimetype) \ No newline at end of file diff --git a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/db/db.py b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/db/db.py similarity index 97% rename from services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/db/db.py rename to services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/db/db.py index 843a4215baab6b54212daae7848baa0133c95242..e485c8923ea861c669454a68eb99716f86406023 100644 --- a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/db/db.py +++ b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/db/db.py @@ -1,8 +1,8 @@ -import atexit + import time from pymongo import MongoClient from pymongo.errors import AutoReconnect -from ..config import Config +from config import Config from bson.codec_options import CodecOptions import os from opentelemetry.instrumentation.pymongo import PymongoInstrumentor diff --git a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/encoder.py b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/encoder.py similarity index 91% rename from services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/encoder.py rename to services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/encoder.py index 3bbef854f3b83dc985aea885756fd7147fa00001..80bad8fa9220ab873e044b7adc0a849746088ad5 100644 --- a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/encoder.py +++ b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/encoder.py @@ -1,7 +1,7 @@ from connexion.apps.flask_app import FlaskJSONEncoder import six -from openapi_server.models.base_model_ import Model +from models.base_model_ import Model class JSONEncoder(FlaskJSONEncoder): diff --git a/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/models/__init__.py b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/models/__init__.py new file mode 100644 index 0000000000000000000000000000000000000000..4c4e60f91034863564e2c69f9c75a1d883d6990d --- /dev/null +++ b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/models/__init__.py @@ -0,0 +1,10 @@ +# coding: utf-8 + +# flake8: noqa +from __future__ import absolute_import +# import models into model package +from capif_acl.models.access_control_policy_list import AccessControlPolicyList +from capif_acl.models.api_invoker_policy import ApiInvokerPolicy +from capif_acl.models.invalid_param import InvalidParam +from capif_acl.models.problem_details import ProblemDetails +from capif_acl.models.time_range_list import TimeRangeList diff --git a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/models/access_control_policy_list.py b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/models/access_control_policy_list.py similarity index 90% rename from services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/models/access_control_policy_list.py rename to services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/models/access_control_policy_list.py index 98f3fc122323f37a2868acd21375c3a6870b6970..b3cacd4164aab94158436597b462dc967f91a2f7 100644 --- a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/models/access_control_policy_list.py +++ b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/models/access_control_policy_list.py @@ -5,11 +5,11 @@ from datetime import date, datetime # noqa: F401 from typing import List, Dict # noqa: F401 -from openapi_server.models.base_model_ import Model -from openapi_server.models.api_invoker_policy import ApiInvokerPolicy -from openapi_server import util +from capif_acl.models.base_model_ import Model +from capif_acl.models.api_invoker_policy import ApiInvokerPolicy +from capif_acl import util -from openapi_server.models.api_invoker_policy import ApiInvokerPolicy # noqa: E501 +from capif_acl.models.api_invoker_policy import ApiInvokerPolicy # noqa: E501 class AccessControlPolicyList(Model): """NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). diff --git a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/models/api_invoker_policy.py b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/models/api_invoker_policy.py similarity index 96% rename from services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/models/api_invoker_policy.py rename to services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/models/api_invoker_policy.py index a5f1b477c384bd485981ea49ab09ffb793796b1d..86ffec0cf84c8c867ebbd8db1594eb2746140591 100644 --- a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/models/api_invoker_policy.py +++ b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/models/api_invoker_policy.py @@ -5,11 +5,11 @@ from datetime import date, datetime # noqa: F401 from typing import List, Dict # noqa: F401 -from openapi_server.models.base_model_ import Model -from openapi_server.models.time_range_list import TimeRangeList -from openapi_server import util +from capif_acl.models.base_model_ import Model +from capif_acl.models.time_range_list import TimeRangeList +from capif_acl import util -from openapi_server.models.time_range_list import TimeRangeList # noqa: E501 +from capif_acl.models.time_range_list import TimeRangeList # noqa: E501 class ApiInvokerPolicy(Model): """NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech). diff --git a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/models/base_model_.py b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/models/base_model_.py similarity index 98% rename from services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/models/base_model_.py rename to services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/models/base_model_.py index 916e582ec27f19e7dbbb65885786760d5e7e4e98..cce5379c767ede112d5fdcdcffa34403bddb2884 100644 --- a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/models/base_model_.py +++ b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/models/base_model_.py @@ -3,7 +3,7 @@ import pprint import six import typing -from openapi_server import util +from capif_acl import util T = typing.TypeVar('T') diff --git a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/models/invalid_param.py b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/models/invalid_param.py similarity index 96% rename from services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/models/invalid_param.py rename to services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/models/invalid_param.py index 8d91e6c3f6dfe46c67a864916c0f8cd282d41f81..88606c4107c7ac4b408a0548af2feb398233b555 100644 --- a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/models/invalid_param.py +++ b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/models/invalid_param.py @@ -5,8 +5,8 @@ from datetime import date, datetime # noqa: F401 from typing import List, Dict # noqa: F401 -from openapi_server.models.base_model_ import Model -from openapi_server import util +from capif_acl.models.base_model_ import Model +from capif_acl import util class InvalidParam(Model): diff --git a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/models/problem_details.py b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/models/problem_details.py similarity index 97% rename from services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/models/problem_details.py rename to services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/models/problem_details.py index 08f2908c2964db647b8f890d2931f08dfceafeff..25caab4e29a65d9df08d966a551618c69a2ffa45 100644 --- a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/models/problem_details.py +++ b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/models/problem_details.py @@ -5,12 +5,12 @@ from datetime import date, datetime # noqa: F401 from typing import List, Dict # noqa: F401 -from openapi_server.models.base_model_ import Model -from openapi_server.models.invalid_param import InvalidParam +from capif_acl.models.base_model_ import Model +from capif_acl.models.invalid_param import InvalidParam import re -from openapi_server import util +from capif_acl import util -from openapi_server.models.invalid_param import InvalidParam # noqa: E501 +from capif_acl.models.invalid_param import InvalidParam # noqa: E501 import re # noqa: E501 class ProblemDetails(Model): diff --git a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/models/time_range_list.py b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/models/time_range_list.py similarity index 96% rename from services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/models/time_range_list.py rename to services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/models/time_range_list.py index eb18a7ed915166f82490460850cf108c384397c8..eaacad60592ff7acf1a9c2b7b71c21dfb6fd5083 100644 --- a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/models/time_range_list.py +++ b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/models/time_range_list.py @@ -5,8 +5,8 @@ from datetime import date, datetime # noqa: F401 from typing import List, Dict # noqa: F401 -from openapi_server.models.base_model_ import Model -from openapi_server import util +from capif_acl.models.base_model_ import Model +from capif_acl import util class TimeRangeList(Model): diff --git a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/openapi/openapi.yaml b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/openapi/openapi.yaml similarity index 99% rename from services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/openapi/openapi.yaml rename to services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/openapi/openapi.yaml index 6f8c99d300bdb9b5224f8164f2c38e160c513699..1621baa9a449be7d8bb2377e7b2b6fd590cbec5d 100644 --- a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/openapi/openapi.yaml +++ b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/openapi/openapi.yaml @@ -130,7 +130,7 @@ paths: description: Service Unavailable default: description: Generic Error - x-openapi-router-controller: openapi_server.controllers.default_controller + x-openapi-router-controller: capif_acl.controllers.default_controller components: responses: "307": diff --git a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/test/__init__.py b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/test/__init__.py similarity index 89% rename from services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/test/__init__.py rename to services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/test/__init__.py index 364aba9fbf880b8a6d2d011380bd092f2e5d973a..5d664f823dc74e062cbb804324de82bf7d239643 100644 --- a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/test/__init__.py +++ b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/test/__init__.py @@ -3,7 +3,7 @@ import logging import connexion from flask_testing import TestCase -from openapi_server.encoder import JSONEncoder +from capif_acl.encoder import JSONEncoder class BaseTestCase(TestCase): diff --git a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/test/test_default_controller.py b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/test/test_default_controller.py similarity index 79% rename from services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/test/test_default_controller.py rename to services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/test/test_default_controller.py index c850757e5ca3b3f1d5aa5ed6349b8ce22fb4186d..44ed0bee14671018ffb842dfe7e98edf26875ec2 100644 --- a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/test/test_default_controller.py +++ b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/test/test_default_controller.py @@ -3,12 +3,7 @@ from __future__ import absolute_import import unittest -from flask import json -from six import BytesIO - -from openapi_server.models.access_control_policy_list import AccessControlPolicyList # noqa: E501 -from openapi_server.models.problem_details import ProblemDetails # noqa: E501 -from openapi_server.test import BaseTestCase +from test import BaseTestCase class TestDefaultController(BaseTestCase): diff --git a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/typing_utils.py b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/typing_utils.py similarity index 100% rename from services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/typing_utils.py rename to services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/typing_utils.py diff --git a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/util.py b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/util.py similarity index 98% rename from services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/util.py rename to services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/util.py index 672406d079a400d7d50956c018539f2d5c95e370..27903905e56c3a50fd6e8ee7ca314a931e2e494e 100644 --- a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/util.py +++ b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/util.py @@ -1,8 +1,8 @@ import datetime import six -import typing -from openapi_server import typing_utils +import typing_utils + def clean_empty(d): if isinstance(d, dict): @@ -15,6 +15,7 @@ def clean_empty(d): return [v for v in map(clean_empty, d) if v] return d + def dict_to_camel_case(my_dict): @@ -41,8 +42,6 @@ def dict_to_camel_case(my_dict): return result - - def _deserialize(data, klass): """Deserializes dict, list, str into an object. diff --git a/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/wsgi.py b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/wsgi.py new file mode 100644 index 0000000000000000000000000000000000000000..6026b0fa96078634d3455ab93d71dcdc78774276 --- /dev/null +++ b/services/TS29222_CAPIF_Access_Control_Policy_API/capif_acl/wsgi.py @@ -0,0 +1,4 @@ +from app import app + +if __name__ == "__main__": + app.run() diff --git a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/models/__init__.py b/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/models/__init__.py deleted file mode 100644 index a4269de2a23336ebf21fb6fe2813f1bc573459d0..0000000000000000000000000000000000000000 --- a/services/TS29222_CAPIF_Access_Control_Policy_API/openapi_server/models/__init__.py +++ /dev/null @@ -1,10 +0,0 @@ -# coding: utf-8 - -# flake8: noqa -from __future__ import absolute_import -# import models into model package -from openapi_server.models.access_control_policy_list import AccessControlPolicyList -from openapi_server.models.api_invoker_policy import ApiInvokerPolicy -from openapi_server.models.invalid_param import InvalidParam -from openapi_server.models.problem_details import ProblemDetails -from openapi_server.models.time_range_list import TimeRangeList diff --git a/services/TS29222_CAPIF_Access_Control_Policy_API/requirements.txt b/services/TS29222_CAPIF_Access_Control_Policy_API/requirements.txt index e336fd8c5dad3c42fb17aea32dc1a8ed8c4f36f4..8457c828fd2ae17ea5f4a001c9b61bdad1fe8b1b 100644 --- a/services/TS29222_CAPIF_Access_Control_Policy_API/requirements.txt +++ b/services/TS29222_CAPIF_Access_Control_Policy_API/requirements.txt @@ -22,3 +22,5 @@ redis == 4.5.4 flask_executor == 1.0.0 Flask-APScheduler == 1.12.4 Flask-Script == 2.0.6 +gunicorn==22.0.0 +packaging==24.0 \ No newline at end of file diff --git a/services/TS29222_CAPIF_Auditing_API/Dockerfile b/services/TS29222_CAPIF_Auditing_API/Dockerfile index d7030b67013b0e43402f59ff7374a52c099a6b9d..4908c19cbc4b57479053a5f908561f10da17d7eb 100644 --- a/services/TS29222_CAPIF_Auditing_API/Dockerfile +++ b/services/TS29222_CAPIF_Auditing_API/Dockerfile @@ -12,6 +12,6 @@ COPY . /usr/src/app EXPOSE 8080 -ENTRYPOINT ["python3"] +ENTRYPOINT ["gunicorn"] -CMD ["-m", "logs"] \ No newline at end of file +CMD ["--bind", "0.0.0.0:8080", "--chdir", "/usr/src/app/logs", "wsgi:app"] \ No newline at end of file diff --git a/services/TS29222_CAPIF_Auditing_API/logs/__main__.py b/services/TS29222_CAPIF_Auditing_API/logs/app.py similarity index 97% rename from services/TS29222_CAPIF_Auditing_API/logs/__main__.py rename to services/TS29222_CAPIF_Auditing_API/logs/app.py index ac6df6d737a1cc1625a84e5443594a26b292e853..a0bd01c992a215111595507f5e5a105ac57bf387 100644 --- a/services/TS29222_CAPIF_Auditing_API/logs/__main__.py +++ b/services/TS29222_CAPIF_Auditing_API/logs/app.py @@ -3,8 +3,8 @@ import connexion import logging from logging.handlers import RotatingFileHandler -from logs import encoder -from .config import Config +import encoder +from config import Config import os from fluent import sender from opentelemetry.instrumentation.flask import FlaskInstrumentor @@ -112,6 +112,3 @@ config = Config() monitoring_value = os.environ.get("MONITORING", "").lower() if monitoring_value == "true": configure_monitoring(app.app, config.get_config()) - -if __name__ == '__main__': - app.run(port=8080) diff --git a/services/TS29222_CAPIF_Auditing_API/logs/config.py b/services/TS29222_CAPIF_Auditing_API/logs/config.py index d04bd1acd87603f491b09f464d8db1d6cdc52ad7..97ab831fc7a69163163f7182f1f8c61bd9e3ffc4 100644 --- a/services/TS29222_CAPIF_Auditing_API/logs/config.py +++ b/services/TS29222_CAPIF_Auditing_API/logs/config.py @@ -5,7 +5,7 @@ import os class Config: def __init__(self): self.cached = 0 - self.file="./config.yaml" + self.file="../config.yaml" self.my_config = {} stamp = os.stat(self.file).st_mtime diff --git a/services/TS29222_CAPIF_Auditing_API/logs/controllers/default_controller.py b/services/TS29222_CAPIF_Auditing_API/logs/controllers/default_controller.py index c330f47dcf64184d10590cbf343373a19c255099..ead9ec5341d13bf3150ad460f174c3c91e714f3c 100644 --- a/services/TS29222_CAPIF_Auditing_API/logs/controllers/default_controller.py +++ b/services/TS29222_CAPIF_Auditing_API/logs/controllers/default_controller.py @@ -1,21 +1,8 @@ -import connexion -import six -import sys - -from logs.models.interface_description import InterfaceDescription # noqa: E501 -from logs.models.invocation_log import InvocationLog # noqa: E501 -from logs.models.operation import Operation # noqa: E501 -from logs.models.problem_details import ProblemDetails # noqa: E501 -from logs.models.protocol import Protocol # noqa: E501 -from logs import util +from ..util import deserialize_datetime from ..core.auditoperations import AuditOperations -import json from flask import Response, request, current_app -from ..encoder import JSONEncoder -from cryptography import x509 -from cryptography.hazmat.backends import default_backend -import pymongo + from ..core.responses import bad_request_error audit_operations = AuditOperations() @@ -65,8 +52,8 @@ def api_invocation_logs_get(aef_id=None, api_invoker_id=None, time_range_start=N cause="Mandatory parameters missing", invalid_params=[ {"param": "aef_id or api_invoker_id", "reason": "missing"}]) - time_range_start = util.deserialize_datetime(time_range_start) - time_range_end = util.deserialize_datetime(time_range_end) + time_range_start = deserialize_datetime(time_range_start) + time_range_end = deserialize_datetime(time_range_end) query_params = {"aef_id": aef_id, "api_invoker_id": api_invoker_id, diff --git a/services/TS29222_CAPIF_Auditing_API/logs/core/auditoperations.py b/services/TS29222_CAPIF_Auditing_API/logs/core/auditoperations.py index ac83701ce453c122e8445e41d808b9d658fd3928..6632d2808e8ec3f82bf19ff9a2a947dc1b6de2c6 100644 --- a/services/TS29222_CAPIF_Auditing_API/logs/core/auditoperations.py +++ b/services/TS29222_CAPIF_Auditing_API/logs/core/auditoperations.py @@ -1,11 +1,9 @@ -import sys from flask import current_app, Flask, Response import json -import sys -from datetime import datetime + from .resources import Resource -from bson import json_util + from ..util import dict_to_camel_case, clean_empty from .responses import bad_request_error, not_found_error, forbidden_error, internal_server_error, make_response from ..models.invocation_log import InvocationLog @@ -57,11 +55,9 @@ class AuditOperations (Resource): if not result['logs']: return not_found_error(detail="Parameters do not match any log entry", cause="No logs found") - - result = dict_to_camel_case(clean_empty(result)) - invocation_log = InvocationLog(result['aefId'], result['apiInvokerId'], result['logs'], - result['supportedFeatures']) - res = make_response(object=invocation_log, status=200) + invocation_log = InvocationLog(result['aef_id'], result['api_invoker_id'], result['logs'], + result['supported_features']) + res = make_response(object=dict_to_camel_case(clean_empty(invocation_log.to_dict())), status=200) current_app.logger.debug("Found invocation logs") return res diff --git a/services/TS29222_CAPIF_Auditing_API/logs/core/resources.py b/services/TS29222_CAPIF_Auditing_API/logs/core/resources.py index d55b30c74cf87bf22eec115dfc1bd0e6d413a018..d5a3552d6b3459a77d30df65d0bbda4a86c7fa61 100644 --- a/services/TS29222_CAPIF_Auditing_API/logs/core/resources.py +++ b/services/TS29222_CAPIF_Auditing_API/logs/core/resources.py @@ -1,5 +1,5 @@ -from abc import ABC, abstractmethod -from ..db.db import MongoDatabse +from abc import ABC +from db.db import MongoDatabse class Resource(ABC): diff --git a/services/TS29222_CAPIF_Auditing_API/logs/core/responses.py b/services/TS29222_CAPIF_Auditing_API/logs/core/responses.py index 5986c5000910cc9c0f0d579051db9477f5943c17..9d5ea092050de02f5813149bde790f9becaa3c90 100644 --- a/services/TS29222_CAPIF_Auditing_API/logs/core/responses.py +++ b/services/TS29222_CAPIF_Auditing_API/logs/core/responses.py @@ -1,6 +1,7 @@ from ..models.problem_details import ProblemDetails from ..encoder import JSONEncoder from flask import Response +from ..util import dict_to_camel_case, clean_empty import json mimetype = "application/json" @@ -15,22 +16,38 @@ def make_response(object, status): def internal_server_error(detail, cause): prob = ProblemDetails(title="Internal Server Error", status=500, detail=detail, cause=cause) + prob = prob.to_dict() + prob = clean_empty(prob) + prob = dict_to_camel_case(prob) + return Response(json.dumps(prob, cls=JSONEncoder), status=500, mimetype=mimetype) def forbidden_error(detail, cause): prob = ProblemDetails(title="Forbidden", status=403, detail=detail, cause=cause) + prob = prob.to_dict() + prob = clean_empty(prob) + prob = dict_to_camel_case(prob) + return Response(json.dumps(prob, cls=JSONEncoder), status=403, mimetype=mimetype) def bad_request_error(detail, cause, invalid_params): prob = ProblemDetails(title="Bad Request", status=400, detail=detail, cause=cause, invalid_params=invalid_params) + prob = prob.to_dict() + prob = clean_empty(prob) + prob = dict_to_camel_case(prob) + return Response(json.dumps(prob, cls=JSONEncoder), status=400, mimetype=cause) def not_found_error(detail, cause): prob = ProblemDetails(title="Not Found", status=404, detail=detail, cause=cause) + prob = prob.to_dict() + prob = clean_empty(prob) + prob = dict_to_camel_case(prob) + return Response(json.dumps(prob, cls=JSONEncoder), status=404, mimetype=mimetype) \ No newline at end of file diff --git a/services/TS29222_CAPIF_Auditing_API/logs/db/db.py b/services/TS29222_CAPIF_Auditing_API/logs/db/db.py index b2fc38cb0e59ffe2a2d6c2fa8483acbd13dddac4..cf7c0d2ca60425a2e5a842aad94d97c095a47761 100644 --- a/services/TS29222_CAPIF_Auditing_API/logs/db/db.py +++ b/services/TS29222_CAPIF_Auditing_API/logs/db/db.py @@ -1,9 +1,8 @@ -import atexit + import time from pymongo import MongoClient from pymongo.errors import AutoReconnect -from ..config import Config -from bson.codec_options import CodecOptions +from config import Config import os from opentelemetry.instrumentation.pymongo import PymongoInstrumentor diff --git a/services/TS29222_CAPIF_Auditing_API/logs/encoder.py b/services/TS29222_CAPIF_Auditing_API/logs/encoder.py index 55259f5fafc566e72cad147c9f1fada83c2d5130..80bad8fa9220ab873e044b7adc0a849746088ad5 100644 --- a/services/TS29222_CAPIF_Auditing_API/logs/encoder.py +++ b/services/TS29222_CAPIF_Auditing_API/logs/encoder.py @@ -1,7 +1,7 @@ from connexion.apps.flask_app import FlaskJSONEncoder import six -from logs.models.base_model_ import Model +from models.base_model_ import Model class JSONEncoder(FlaskJSONEncoder): diff --git a/services/TS29222_CAPIF_Auditing_API/logs/util.py b/services/TS29222_CAPIF_Auditing_API/logs/util.py index ff812577975f62d6488f6ebc71bbed8492b7c0d3..ec1430110f5a167f67a8c083cfda84af63a678d4 100644 --- a/services/TS29222_CAPIF_Auditing_API/logs/util.py +++ b/services/TS29222_CAPIF_Auditing_API/logs/util.py @@ -1,8 +1,8 @@ import datetime import six -import typing -from logs import typing_utils +import typing_utils + def clean_empty(d): if isinstance(d, dict): @@ -15,6 +15,7 @@ def clean_empty(d): return [v for v in map(clean_empty, d) if v] return d + def dict_to_camel_case(my_dict): diff --git a/services/TS29222_CAPIF_Auditing_API/logs/wsgi.py b/services/TS29222_CAPIF_Auditing_API/logs/wsgi.py new file mode 100644 index 0000000000000000000000000000000000000000..6026b0fa96078634d3455ab93d71dcdc78774276 --- /dev/null +++ b/services/TS29222_CAPIF_Auditing_API/logs/wsgi.py @@ -0,0 +1,4 @@ +from app import app + +if __name__ == "__main__": + app.run() diff --git a/services/TS29222_CAPIF_Auditing_API/requirements.txt b/services/TS29222_CAPIF_Auditing_API/requirements.txt index d6dacc0e5e03ce9c24e9b64b88dadd9b081885a0..4ed2ea2b8dd1a5694cbfe3f91a37f7c294a79b01 100644 --- a/services/TS29222_CAPIF_Auditing_API/requirements.txt +++ b/services/TS29222_CAPIF_Auditing_API/requirements.txt @@ -19,3 +19,6 @@ opentelemetry-sdk == 1.17.0 flask_executor == 1.0.0 cryptography == 42.0.8 Werkzeug == 2.2.3 +pyopenssl == 24.1.0 +gunicorn==22.0.0 +packaging==24.0 diff --git a/services/TS29222_CAPIF_Discover_Service_API/Dockerfile b/services/TS29222_CAPIF_Discover_Service_API/Dockerfile index efa70c90c56f5e1cb49d14f0c551f2ce04a924e0..9f1d46ea6ee674e69b958e111488d41b7013028d 100644 --- a/services/TS29222_CAPIF_Discover_Service_API/Dockerfile +++ b/services/TS29222_CAPIF_Discover_Service_API/Dockerfile @@ -12,6 +12,6 @@ COPY . /usr/src/app EXPOSE 8080 -ENTRYPOINT ["python3"] +ENTRYPOINT ["gunicorn"] -CMD ["-m", "service_apis"] \ No newline at end of file +CMD ["--bind", "0.0.0.0:8080", "--chdir", "/usr/src/app/service_apis", "wsgi:app"] \ No newline at end of file diff --git a/services/TS29222_CAPIF_Discover_Service_API/requirements.txt b/services/TS29222_CAPIF_Discover_Service_API/requirements.txt index 61747f230282f105ddcc73c2927d3aeaa07c467d..ea568fcdf8464a1f303bbcad8afc8b01f34ed0f2 100644 --- a/services/TS29222_CAPIF_Discover_Service_API/requirements.txt +++ b/services/TS29222_CAPIF_Discover_Service_API/requirements.txt @@ -20,4 +20,6 @@ opentelemetry-api == 1.17.0 opentelemetry-sdk == 1.17.0 flask_executor == 1.0.0 flask_executor == 1.0.0 -Werkzeug == 2.2.3 \ No newline at end of file +Werkzeug == 2.2.3 +gunicorn==22.0.0 +packaging==24.0 diff --git a/services/TS29222_CAPIF_Discover_Service_API/service_apis/__main__.py b/services/TS29222_CAPIF_Discover_Service_API/service_apis/app.py similarity index 94% rename from services/TS29222_CAPIF_Discover_Service_API/service_apis/__main__.py rename to services/TS29222_CAPIF_Discover_Service_API/service_apis/app.py index 84523da2b5096c3ee07f5bebeedc02a3bd39953c..2e37d0ef069c123196aea32416201aaf5f161992 100644 --- a/services/TS29222_CAPIF_Discover_Service_API/service_apis/__main__.py +++ b/services/TS29222_CAPIF_Discover_Service_API/service_apis/app.py @@ -2,18 +2,15 @@ import connexion -from service_apis import encoder +import encoder -import pymongo import logging -from flask import Flask, jsonify, request from flask_jwt_extended import JWTManager, jwt_required, create_access_token -from pymongo import MongoClient from logging.handlers import RotatingFileHandler -from .config import Config +from config import Config + import os from fluent import sender -from flask_executor import Executor from opentelemetry.instrumentation.flask import FlaskInstrumentor from opentelemetry import trace from opentelemetry.exporter.otlp.proto.grpc.trace_exporter import OTLPSpanExporter @@ -23,10 +20,9 @@ from opentelemetry.sdk.trace import TracerProvider from opentelemetry.sdk.trace.export import BatchSpanProcessor from opentelemetry.instrumentation.redis import RedisInstrumentor - - NAME = "Discover-Service" + def configure_monitoring(app, config): resource = Resource(attributes={"service.name": NAME}) @@ -126,7 +122,3 @@ if monitoring_value == "true": configure_monitoring(app.app, config.get_config()) jwt = JWTManager(app.app) - - -if __name__ == '__main__': - app.run(debug=True, port=8080) diff --git a/services/TS29222_CAPIF_Discover_Service_API/service_apis/config.py b/services/TS29222_CAPIF_Discover_Service_API/service_apis/config.py index d04bd1acd87603f491b09f464d8db1d6cdc52ad7..97ab831fc7a69163163f7182f1f8c61bd9e3ffc4 100644 --- a/services/TS29222_CAPIF_Discover_Service_API/service_apis/config.py +++ b/services/TS29222_CAPIF_Discover_Service_API/service_apis/config.py @@ -5,7 +5,7 @@ import os class Config: def __init__(self): self.cached = 0 - self.file="./config.yaml" + self.file="../config.yaml" self.my_config = {} stamp = os.stat(self.file).st_mtime diff --git a/services/TS29222_CAPIF_Discover_Service_API/service_apis/controllers/default_controller.py b/services/TS29222_CAPIF_Discover_Service_API/service_apis/controllers/default_controller.py index aef2022efcf54738587431c9a84a38b43a8dcc09..2c81a78e019e640b140dbde5f6463f7784502ee2 100644 --- a/services/TS29222_CAPIF_Discover_Service_API/service_apis/controllers/default_controller.py +++ b/services/TS29222_CAPIF_Discover_Service_API/service_apis/controllers/default_controller.py @@ -1,13 +1,6 @@ -import sys -from service_apis.core.discoveredapis import DiscoverApisOperations -import json +from ..core.discoveredapis import DiscoverApisOperations from flask import Response, request, current_app -from service_apis.encoder import JSONEncoder -from service_apis.models.problem_details import ProblemDetails -from cryptography import x509 -from cryptography.hazmat.backends import default_backend -import pymongo discover_apis = DiscoverApisOperations() diff --git a/services/TS29222_CAPIF_Discover_Service_API/service_apis/core/discoveredapis.py b/services/TS29222_CAPIF_Discover_Service_API/service_apis/core/discoveredapis.py index f56b5851bbbf4862d10f4f4bf32aa72ba05daaee..9ad5462dfb1ae4ea1d2fb46851b6d8cc04959962 100644 --- a/services/TS29222_CAPIF_Discover_Service_API/service_apis/core/discoveredapis.py +++ b/services/TS29222_CAPIF_Discover_Service_API/service_apis/core/discoveredapis.py @@ -1,18 +1,9 @@ -import sys -import pymongo from flask import current_app, Flask, Response -import json -from service_apis.core.responses import internal_server_error, forbidden_error ,make_response, not_found_error -from service_apis.db.db import MongoDatabse -from service_apis.encoder import JSONEncoder -from service_apis.models.problem_details import ProblemDetails -from service_apis.models.service_api_description import ServiceAPIDescription -from service_apis.models.discovered_apis import DiscoveredAPIs -from service_apis.util import dict_to_camel_case, clean_empty -from service_apis.core.resources import Resource -from bson import json_util - +from ..core.responses import internal_server_error, forbidden_error ,make_response, not_found_error +from ..models.discovered_apis import DiscoveredAPIs +from ..util import dict_to_camel_case, clean_empty +from ..core.resources import Resource class DiscoverApisOperations(Resource): @@ -46,16 +37,13 @@ class DiscoverApisOperations(Resource): discoved_apis = services.find(my_query, {"_id":0, "api_name":1, "api_id":1, "aef_profiles":1, "description":1, "supported_features":1, "shareable_info":1, "service_api_category":1, "api_supp_feats":1, "pub_api_path":1, "ccf_id":1}) json_docs = [] for discoved_api in discoved_apis: - my_api = dict_to_camel_case(discoved_api) - my_api = clean_empty(my_api) - json_docs.append(my_api) + json_docs.append(discoved_api) if len(json_docs) == 0: return not_found_error(detail="API Invoker " + api_invoker_id + " has no API Published that accomplish filter conditions", cause="No API Published accomplish filter conditions") apis_discoveres = DiscoveredAPIs(service_api_descriptions=json_docs) - res = make_response(object=apis_discoveres, status=200) - current_app.logger.debug("Discovered APIs by: " + api_invoker_id) + res = make_response(object=dict_to_camel_case(clean_empty(apis_discoveres.to_dict())), status=200) return res except Exception as e: diff --git a/services/TS29222_CAPIF_Discover_Service_API/service_apis/core/resources.py b/services/TS29222_CAPIF_Discover_Service_API/service_apis/core/resources.py index 94e29ec07359c93a78d520f24fa91c88971d65c4..efbe3c2d4cf28cec298ef17b394011dcd6aa66cb 100644 --- a/services/TS29222_CAPIF_Discover_Service_API/service_apis/core/resources.py +++ b/services/TS29222_CAPIF_Discover_Service_API/service_apis/core/resources.py @@ -1,5 +1,5 @@ from abc import ABC, abstractmethod -from ..db.db import MongoDatabse +from db.db import MongoDatabse class Resource(ABC): diff --git a/services/TS29222_CAPIF_Discover_Service_API/service_apis/core/responses.py b/services/TS29222_CAPIF_Discover_Service_API/service_apis/core/responses.py index 4f035781f68629246ade764083b620e3df3c72ae..df9905f96f4eaa990334d30c8b99fd58521cd28a 100644 --- a/services/TS29222_CAPIF_Discover_Service_API/service_apis/core/responses.py +++ b/services/TS29222_CAPIF_Discover_Service_API/service_apis/core/responses.py @@ -1,7 +1,7 @@ from ..models.problem_details import ProblemDetails from ..encoder import JSONEncoder from flask import Response -from bson import json_util +from ..util import dict_to_camel_case, clean_empty import json mimetype = "application/json" @@ -14,19 +14,35 @@ def make_response(object, status): def internal_server_error(detail, cause): prob = ProblemDetails(title="Internal Server Error", status=500, detail=detail, cause=cause) + prob = prob.to_dict() + prob = clean_empty(prob) + prob = dict_to_camel_case(prob) + return Response(json.dumps(prob, cls=JSONEncoder), status=500, mimetype=mimetype) def forbidden_error(detail, cause): prob = ProblemDetails(title="Forbidden", status=403, detail=detail, cause=cause) + prob = prob.to_dict() + prob = clean_empty(prob) + prob = dict_to_camel_case(prob) + return Response(json.dumps(prob, cls=JSONEncoder), status=403, mimetype=mimetype) def bad_request_error(detail, cause, invalid_params): prob = ProblemDetails(title="Bad Request", status=400, detail=detail, cause=cause, invalid_params=invalid_params) + prob = prob.to_dict() + prob = clean_empty(prob) + prob = dict_to_camel_case(prob) + return Response(json.dumps(prob, cls=JSONEncoder), status=400, mimetype=cause) def not_found_error(detail, cause): prob = ProblemDetails(title="Not Found", status=404, detail=detail, cause=cause) + prob = prob.to_dict() + prob = clean_empty(prob) + prob = dict_to_camel_case(prob) + return Response(json.dumps(prob, cls=JSONEncoder), status=404, mimetype=mimetype) \ No newline at end of file diff --git a/services/TS29222_CAPIF_Discover_Service_API/service_apis/db/db.py b/services/TS29222_CAPIF_Discover_Service_API/service_apis/db/db.py index bd3b28cb7b2f627cd8a82500fe23b11231d1236d..fb741fbfa6d23a29ce7df142f68a02b7885c946c 100644 --- a/services/TS29222_CAPIF_Discover_Service_API/service_apis/db/db.py +++ b/services/TS29222_CAPIF_Discover_Service_API/service_apis/db/db.py @@ -1,8 +1,7 @@ -import atexit import time from pymongo import MongoClient from pymongo.errors import AutoReconnect -from ..config import Config +from config import Config from bson.codec_options import CodecOptions import os from opentelemetry.instrumentation.pymongo import PymongoInstrumentor @@ -11,6 +10,7 @@ monitoring_value = os.environ.get("MONITORING", "").lower() if monitoring_value == "true": PymongoInstrumentor().instrument() + class MongoDatabse(): def __init__(self): diff --git a/services/TS29222_CAPIF_Discover_Service_API/service_apis/encoder.py b/services/TS29222_CAPIF_Discover_Service_API/service_apis/encoder.py index c02675977bb308223c728bfbb3a393fb99c5a588..80bad8fa9220ab873e044b7adc0a849746088ad5 100644 --- a/services/TS29222_CAPIF_Discover_Service_API/service_apis/encoder.py +++ b/services/TS29222_CAPIF_Discover_Service_API/service_apis/encoder.py @@ -1,7 +1,7 @@ from connexion.apps.flask_app import FlaskJSONEncoder import six -from service_apis.models.base_model_ import Model +from models.base_model_ import Model class JSONEncoder(FlaskJSONEncoder): diff --git a/services/TS29222_CAPIF_Discover_Service_API/service_apis/util.py b/services/TS29222_CAPIF_Discover_Service_API/service_apis/util.py index b3f89d7add5037cf33a17d3c717e8295080d8a8b..c39e5fabe5806ecc746990ca002cbedb72676827 100644 --- a/services/TS29222_CAPIF_Discover_Service_API/service_apis/util.py +++ b/services/TS29222_CAPIF_Discover_Service_API/service_apis/util.py @@ -1,9 +1,7 @@ import datetime -import sys import six -import typing -from service_apis import typing_utils +import typing_utils def clean_empty(d): if isinstance(d, dict): @@ -27,6 +25,8 @@ def dict_to_camel_case(my_dict): my_key= ''.join([my_key[0].lower(), my_key[1:]]) if my_key == "serviceApiCategory": my_key = "serviceAPICategory" + elif my_key == "serviceApiDescriptions": + my_key = "serviceAPIDescriptions" if isinstance(value, list): result[my_key] = list(map( diff --git a/services/TS29222_CAPIF_Discover_Service_API/service_apis/wsgi.py b/services/TS29222_CAPIF_Discover_Service_API/service_apis/wsgi.py new file mode 100644 index 0000000000000000000000000000000000000000..6026b0fa96078634d3455ab93d71dcdc78774276 --- /dev/null +++ b/services/TS29222_CAPIF_Discover_Service_API/service_apis/wsgi.py @@ -0,0 +1,4 @@ +from app import app + +if __name__ == "__main__": + app.run() diff --git a/services/TS29222_CAPIF_Events_API/Dockerfile b/services/TS29222_CAPIF_Events_API/Dockerfile index ddcf2da935752d7eb90aa1dd59c2eb5811eaf5e0..1fef3f2ede15e1de5674980d38a35fbbeebb6c7b 100644 --- a/services/TS29222_CAPIF_Events_API/Dockerfile +++ b/services/TS29222_CAPIF_Events_API/Dockerfile @@ -13,6 +13,6 @@ COPY . /usr/src/app EXPOSE 8080 -ENTRYPOINT ["python3"] +ENTRYPOINT ["gunicorn"] -CMD ["-m", "capif_events"] \ No newline at end of file +CMD ["--bind", "0.0.0.0:8080", "--chdir", "/usr/src/app/capif_events", "wsgi:app"] \ No newline at end of file diff --git a/services/TS29222_CAPIF_Events_API/capif_events/__main__.py b/services/TS29222_CAPIF_Events_API/capif_events/app.py similarity index 95% rename from services/TS29222_CAPIF_Events_API/capif_events/__main__.py rename to services/TS29222_CAPIF_Events_API/capif_events/app.py index b566f66d2bd004336f840f17aca140c835788230..eb43ca1920fc5ac7e37e4f5ebf091e66da19c09a 100644 --- a/services/TS29222_CAPIF_Events_API/capif_events/__main__.py +++ b/services/TS29222_CAPIF_Events_API/capif_events/app.py @@ -4,21 +4,21 @@ import connexion import sys import logging -from capif_events import encoder +import encoder from flask import Flask, jsonify, request from flask_jwt_extended import JWTManager, jwt_required, create_access_token from pymongo import MongoClient -from .config import Config -from .core.notifications import Notifications -from .core.consumer_messager import Subscriber + +from core.notifications import Notifications +from core.consumer_messager import Subscriber from multiprocessing import Process from threading import Thread from flask_executor import Executor from flask_apscheduler import APScheduler from logging.handlers import RotatingFileHandler -from .config import Config +from config import Config import os from fluent import sender from flask_executor import Executor @@ -32,7 +32,6 @@ from opentelemetry.sdk.trace.export import BatchSpanProcessor from opentelemetry.instrumentation.redis import RedisInstrumentor - NAME = "Events-Service" def configure_monitoring(app, config): @@ -147,6 +146,3 @@ subscriber = Subscriber() @app.app.before_first_request def create_listener_message(): executor.submit(subscriber.listen) - -if __name__ == '__main__': - app.run(debug=True, port=8080) diff --git a/services/TS29222_CAPIF_Events_API/capif_events/config.py b/services/TS29222_CAPIF_Events_API/capif_events/config.py index 377b14f8c368cebf98409223d089fc31326d1987..bed212ac136607ee7459f333b0f50bf7f3481b6b 100644 --- a/services/TS29222_CAPIF_Events_API/capif_events/config.py +++ b/services/TS29222_CAPIF_Events_API/capif_events/config.py @@ -5,7 +5,7 @@ import os class Config: def __init__(self): self.cached = 0 - self.file="./config.yaml" + self.file="../config.yaml" self.my_config = {} stamp = os.stat(self.file).st_mtime if stamp != self.cached: diff --git a/services/TS29222_CAPIF_Events_API/capif_events/core/events_apis.py b/services/TS29222_CAPIF_Events_API/capif_events/core/events_apis.py index 1ece644c124fcf17b47f8aaea59ab4c67c1b0e86..d6b5bdff29dcec3161150bd42b8c24b62636633b 100644 --- a/services/TS29222_CAPIF_Events_API/capif_events/core/events_apis.py +++ b/services/TS29222_CAPIF_Events_API/capif_events/core/events_apis.py @@ -12,7 +12,7 @@ from .resources import Resource from bson import json_util from .responses import internal_server_error, not_found_error, make_response, bad_request_error from ..db.db import MongoDatabse -from ..util import dict_to_camel_case +from ..util import dict_to_camel_case, clean_empty from .auth_manager import AuthManager class EventSubscriptionsOperations(Resource): @@ -73,7 +73,7 @@ class EventSubscriptionsOperations(Resource): self.auth_manager.add_auth_event(subscription_id, subscriber_id) - res = make_response(object=event_subscription, status=201) + res = make_response(object=dict_to_camel_case(clean_empty(event_subscription.to_dict())), status=201) res.headers['Location'] = "http://localhost:8080/capif-events/v1/" + \ str(subscriber_id) + "/subscriptions/" + str(subscription_id) diff --git a/services/TS29222_CAPIF_Events_API/capif_events/core/notifications.py b/services/TS29222_CAPIF_Events_API/capif_events/core/notifications.py index 2229a7182fadb59adec89bac65565dc5affe4bea..3b32d1106838fd9760afa1c4dedd2b5fc378d0db 100644 --- a/services/TS29222_CAPIF_Events_API/capif_events/core/notifications.py +++ b/services/TS29222_CAPIF_Events_API/capif_events/core/notifications.py @@ -1,15 +1,16 @@ #import concurrent import requests from .internal_event_ops import InternalEventOperations -from ..models.event_notification import EventNotification -from ..models.access_control_policy_list_ext import AccessControlPolicyListExt -from ..models.capif_event_detail import CAPIFEventDetail -from ..encoder import JSONEncoder +from models.event_notification import EventNotification +from models.access_control_policy_list_ext import AccessControlPolicyListExt +from models.capif_event_detail import CAPIFEventDetail +from encoder import JSONEncoder import sys import json from flask import current_app import asyncio import aiohttp +from util import dict_to_camel_case, clean_empty class Notifications(): @@ -33,9 +34,9 @@ class Notifications(): event_detail={redis_event.get('key'):redis_event.get('information')} current_app.logger.debug(event_detail) data = EventNotification(sub["subscription_id"], events=redis_event.get('event'), event_detail=event_detail) - current_app.logger.debug(json.dumps(data,cls=JSONEncoder)) + current_app.logger.debug(json.dumps(data.to_dict(),cls=JSONEncoder)) - asyncio.run(self.send(url, json.loads(json.dumps(data,cls=JSONEncoder)))) + asyncio.run(self.send(url, dict_to_camel_case(clean_empty(data.to_dict())))) except Exception as e: current_app.logger.error("An exception occurred ::" + str(e)) diff --git a/services/TS29222_CAPIF_Events_API/capif_events/core/resources.py b/services/TS29222_CAPIF_Events_API/capif_events/core/resources.py index 94e29ec07359c93a78d520f24fa91c88971d65c4..efbe3c2d4cf28cec298ef17b394011dcd6aa66cb 100644 --- a/services/TS29222_CAPIF_Events_API/capif_events/core/resources.py +++ b/services/TS29222_CAPIF_Events_API/capif_events/core/resources.py @@ -1,5 +1,5 @@ from abc import ABC, abstractmethod -from ..db.db import MongoDatabse +from db.db import MongoDatabse class Resource(ABC): diff --git a/services/TS29222_CAPIF_Events_API/capif_events/core/responses.py b/services/TS29222_CAPIF_Events_API/capif_events/core/responses.py index 962c4b6dd6ae07bce79dc8e810f10a507d526663..7862390ddb6ad27d60a0e9a1d2e4f358111f2270 100644 --- a/services/TS29222_CAPIF_Events_API/capif_events/core/responses.py +++ b/services/TS29222_CAPIF_Events_API/capif_events/core/responses.py @@ -1,6 +1,7 @@ from ..models.problem_details import ProblemDetails from ..encoder import JSONEncoder from flask import Response +from ..util import dict_to_camel_case, clean_empty import json mimetype = "application/json" @@ -13,19 +14,35 @@ def make_response(object, status): def internal_server_error(detail, cause): prob = ProblemDetails(title="Internal Server Error", status=500, detail=detail, cause=cause) + prob = prob.to_dict() + prob = clean_empty(prob) + prob = dict_to_camel_case(prob) + return Response(json.dumps(prob, cls=JSONEncoder), status=500, mimetype=mimetype) def forbidden_error(detail, cause): prob = ProblemDetails(title="Forbidden", status=403, detail=detail, cause=cause) + prob = prob.to_dict() + prob = clean_empty(prob) + prob = dict_to_camel_case(prob) + return Response(json.dumps(prob, cls=JSONEncoder), status=403, mimetype=mimetype) def bad_request_error(detail, cause, invalid_params): prob = ProblemDetails(title="Bad Request", status=400, detail=detail, cause=cause, invalid_params=invalid_params) + prob = prob.to_dict() + prob = clean_empty(prob) + prob = dict_to_camel_case(prob) + return Response(json.dumps(prob, cls=JSONEncoder), status=400, mimetype=cause) def not_found_error(detail, cause): prob = ProblemDetails(title="Not Found", status=404, detail=detail, cause=cause) + prob = prob.to_dict() + prob = clean_empty(prob) + prob = dict_to_camel_case(prob) + return Response(json.dumps(prob, cls=JSONEncoder), status=404, mimetype=mimetype) \ No newline at end of file diff --git a/services/TS29222_CAPIF_Events_API/capif_events/core/validate_user.py b/services/TS29222_CAPIF_Events_API/capif_events/core/validate_user.py index 18d54a2ec108ecd87483cf0c314e52c8eb6fad6c..be87defb5d803bd80211c83f13a25c8d8fd53ec9 100644 --- a/services/TS29222_CAPIF_Events_API/capif_events/core/validate_user.py +++ b/services/TS29222_CAPIF_Events_API/capif_events/core/validate_user.py @@ -4,6 +4,7 @@ from ..models.problem_details import ProblemDetails from ..encoder import JSONEncoder from .resources import Resource from .responses import internal_server_error +from ..util import dict_to_camel_case, clean_empty class ControlAccess(Resource): @@ -18,6 +19,11 @@ class ControlAccess(Resource): if cert_entry is not None: if cert_entry["cert_signature"] != cert_signature or "event_subscriptions" not in cert_entry["resources"] or event_id not in cert_entry["resources"]["event_subscriptions"]: prob = ProblemDetails(title="Unauthorized", detail="User not authorized", cause="You are not the owner of this resource") + + prob = prob.to_dict() + prob = clean_empty(prob) + prob = dict_to_camel_case(prob) + return Response(json.dumps(prob, cls=JSONEncoder), status=401, mimetype="application/json") except Exception as e: diff --git a/services/TS29222_CAPIF_Events_API/capif_events/db/db.py b/services/TS29222_CAPIF_Events_API/capif_events/db/db.py index be7bf3932f3b6a5f878046d0594526fedd060c1b..68391d8866eaa6f88cbbbb5ab90fe07e792b17d6 100644 --- a/services/TS29222_CAPIF_Events_API/capif_events/db/db.py +++ b/services/TS29222_CAPIF_Events_API/capif_events/db/db.py @@ -2,7 +2,7 @@ import atexit import time from pymongo import MongoClient from pymongo.errors import AutoReconnect -from ..config import Config +from config import Config from bson.codec_options import CodecOptions import os from opentelemetry.instrumentation.pymongo import PymongoInstrumentor diff --git a/services/TS29222_CAPIF_Events_API/capif_events/encoder.py b/services/TS29222_CAPIF_Events_API/capif_events/encoder.py index f6b018f22f8e92eb3c919f4cb4546d61a550fcd0..80bad8fa9220ab873e044b7adc0a849746088ad5 100644 --- a/services/TS29222_CAPIF_Events_API/capif_events/encoder.py +++ b/services/TS29222_CAPIF_Events_API/capif_events/encoder.py @@ -1,7 +1,7 @@ from connexion.apps.flask_app import FlaskJSONEncoder import six -from capif_events.models.base_model_ import Model +from models.base_model_ import Model class JSONEncoder(FlaskJSONEncoder): diff --git a/services/TS29222_CAPIF_Events_API/capif_events/util.py b/services/TS29222_CAPIF_Events_API/capif_events/util.py index 396c6a5b258c051cf1c86b93d2bf79e998463ace..f067fde2be418e00a062b17852b3f051171ea4ef 100644 --- a/services/TS29222_CAPIF_Events_API/capif_events/util.py +++ b/services/TS29222_CAPIF_Events_API/capif_events/util.py @@ -2,32 +2,39 @@ import datetime import six import typing -from capif_events import typing_utils +import typing_utils -def dict_to_camel_case(my_dict): +def clean_empty(d): + if isinstance(d, dict): + return { + k: v + for k, v in ((k, clean_empty(v)) for k, v in d.items()) + if v is not None or v == 0 + } + if isinstance(d, list): + return [v for v in map(clean_empty, d) if v is not None or v == 0] + return d +def dict_to_camel_case(my_dict): result = {} - for attr, value in my_dict.items(): - - my_key = ''.join(word.title() for word in attr.split('_')) - my_key= ''.join([my_key[0].lower(), my_key[1:]]) - + if len(attr.split('_')) != 1: + my_key = ''.join(word.title() for word in attr.split('_')) + my_key= ''.join([my_key[0].lower(), my_key[1:]]) + else: + my_key = attr if isinstance(value, list): result[my_key] = list(map( lambda x: dict_to_camel_case(x) if isinstance(x, dict) else x, value )) - elif hasattr(value, "to_dict"): result[my_key] = dict_to_camel_case(value) - elif isinstance(value, dict): value = dict_to_camel_case(value) result[my_key] = value else: result[my_key] = value - return result diff --git a/services/TS29222_CAPIF_Events_API/capif_events/wsgi.py b/services/TS29222_CAPIF_Events_API/capif_events/wsgi.py new file mode 100644 index 0000000000000000000000000000000000000000..6026b0fa96078634d3455ab93d71dcdc78774276 --- /dev/null +++ b/services/TS29222_CAPIF_Events_API/capif_events/wsgi.py @@ -0,0 +1,4 @@ +from app import app + +if __name__ == "__main__": + app.run() diff --git a/services/TS29222_CAPIF_Events_API/requirements.txt b/services/TS29222_CAPIF_Events_API/requirements.txt index efc0c6f252b814f171c7dfa062cda2c7e1e6fed7..63d456f6c3524931f3a2ba3e081d17798733ce21 100644 --- a/services/TS29222_CAPIF_Events_API/requirements.txt +++ b/services/TS29222_CAPIF_Events_API/requirements.txt @@ -19,8 +19,10 @@ flask_jwt_extended cryptography == 42.0.8 rfc3987 == 1.3.8 redis == 4.5.4 -flask_executor == 1.0.0 Flask-APScheduler == 1.12.4 aiohttp == 3.9.5 async-timeout == 4.0.3 Werkzeug == 2.2.3 +pyopenssl == 24.1.0 +gunicorn==22.0.0 +packaging==24.0 diff --git a/services/TS29222_CAPIF_Logging_API_Invocation_API/Dockerfile b/services/TS29222_CAPIF_Logging_API_Invocation_API/Dockerfile index 7339cecd74384864a4d4414b579e0dbc012e6b1c..4248907cc2319d8bf85ae446f9e9d77c1ea3be80 100644 --- a/services/TS29222_CAPIF_Logging_API_Invocation_API/Dockerfile +++ b/services/TS29222_CAPIF_Logging_API_Invocation_API/Dockerfile @@ -12,6 +12,6 @@ COPY . /usr/src/app EXPOSE 8080 -ENTRYPOINT ["python3"] +ENTRYPOINT ["gunicorn"] -CMD ["-m", "api_invocation_logs"] \ No newline at end of file +CMD ["--bind", "0.0.0.0:8080", "--chdir", "/usr/src/app/api_invocation_logs", "wsgi:app"] \ No newline at end of file diff --git a/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/__main__.py b/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/app.py similarity index 97% rename from services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/__main__.py rename to services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/app.py index b99223180b39f0f19e781dd06e87094c59cefbe0..5eb97b36adedad2c2f900925a4eb013884cef02f 100644 --- a/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/__main__.py +++ b/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/app.py @@ -3,8 +3,8 @@ import connexion import logging from logging.handlers import RotatingFileHandler -from api_invocation_logs import encoder -from .config import Config +import encoder +from config import Config import os from fluent import sender from opentelemetry.instrumentation.flask import FlaskInstrumentor @@ -16,10 +16,9 @@ from opentelemetry.sdk.trace import TracerProvider from opentelemetry.sdk.trace.export import BatchSpanProcessor - - NAME = "Logging-Service" + def configure_monitoring(app, config): resource = Resource(attributes={"service.name": NAME}) @@ -116,6 +115,3 @@ config = Config() monitoring_value = os.environ.get("MONITORING", "").lower() if monitoring_value == "true": configure_monitoring(app.app, config.get_config()) - -if __name__ == '__main__': - app.run(port=8080) diff --git a/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/config.py b/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/config.py index d04bd1acd87603f491b09f464d8db1d6cdc52ad7..97ab831fc7a69163163f7182f1f8c61bd9e3ffc4 100644 --- a/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/config.py +++ b/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/config.py @@ -5,7 +5,7 @@ import os class Config: def __init__(self): self.cached = 0 - self.file="./config.yaml" + self.file="../config.yaml" self.my_config = {} stamp = os.stat(self.file).st_mtime diff --git a/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/controllers/default_controller.py b/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/controllers/default_controller.py index eb0cd986a51c521efd0f201c10cb529f65e45d51..7ce9972710b904bdd045e6ca7525f0e46785fa06 100644 --- a/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/controllers/default_controller.py +++ b/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/controllers/default_controller.py @@ -1,13 +1,11 @@ import connexion -from api_invocation_logs.models.invocation_log import InvocationLog # noqa: E501 +from ..models.invocation_log import InvocationLog # noqa: E501 from ..core.invocationlogs import LoggingInvocationOperations -import json from flask import Response, request, current_app -from ..encoder import JSONEncoder -from ..models.problem_details import ProblemDetails + from ..core.validate_user import ControlAccess from cryptography import x509 from cryptography.hazmat.backends import default_backend diff --git a/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/core/invocationlogs.py b/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/core/invocationlogs.py index 00cf9b7d902663a8ef93e804fd5379e967af66a2..06e597cd2fe70812198b0cdb15df3ac6827708d4 100644 --- a/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/core/invocationlogs.py +++ b/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/core/invocationlogs.py @@ -1,23 +1,18 @@ -import sys + import os -import pymongo + import secrets from flask import current_app, Flask, Response -import json -from ..db.db import MongoDatabse -from ..encoder import JSONEncoder -from ..models.problem_details import ProblemDetails from pymongo import ReturnDocument from ..util import dict_to_camel_case, clean_empty +from ..encoder import JSONEncoder from .resources import Resource -from .responses import bad_request_error, internal_server_error, forbidden_error, not_found_error, unauthorized_error, make_response -from ..models.invocation_log import InvocationLog -# from .publisher import Publisher + +from .responses import internal_server_error, not_found_error, unauthorized_error, make_response from .redis_event import RedisEvent -import copy +import json -# publisher_ops = Publisher() class LoggingInvocationOperations(Resource): @@ -85,7 +80,7 @@ class LoggingInvocationOperations(Resource): current_app.logger.debug("Check service apis") event=None - invocation_log_base=json.loads(json.dumps(invocationlog, cls=JSONEncoder)) + invocation_log_base=json.loads(json.dumps(invocationlog.to_dict(), cls=JSONEncoder)) for log in invocationlog.logs: result = self.__check_service_apis(log.api_id, log.api_name) @@ -102,9 +97,9 @@ class LoggingInvocationOperations(Resource): event="SERVICE_API_INVOCATION_FAILURE" current_app.logger.info(event) - invocation_log_base['logs']=[log] + invocation_log_base['logs']=[log.to_dict()] invocationLogs=[invocation_log_base] - RedisEvent(event,"invocationLogs",invocationLogs).send_event() + RedisEvent(event,"invocation_logs",invocationLogs).send_event() current_app.logger.debug("After log check") @@ -127,7 +122,7 @@ class LoggingInvocationOperations(Resource): existing_invocationlog['logs'].append(updated_invocation_log) mycol.find_one_and_update(my_query, {"$set": existing_invocationlog}, projection={'_id': 0, 'log_id': 0}, return_document=ReturnDocument.AFTER, upsert=False) - res = make_response(object=invocationlog, status=201) + res = make_response(object=dict_to_camel_case(clean_empty(invocationlog.to_dict())), status=201) current_app.logger.debug("Invocation Logs response ready") apis_added = {log.api_id:log.api_name for log in invocationlog.logs} diff --git a/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/core/resources.py b/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/core/resources.py index d55b30c74cf87bf22eec115dfc1bd0e6d413a018..d5a3552d6b3459a77d30df65d0bbda4a86c7fa61 100644 --- a/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/core/resources.py +++ b/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/core/resources.py @@ -1,5 +1,5 @@ -from abc import ABC, abstractmethod -from ..db.db import MongoDatabse +from abc import ABC +from db.db import MongoDatabse class Resource(ABC): diff --git a/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/core/responses.py b/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/core/responses.py index 3a136b1459f0cad9410148983fbdfbbe294a03d0..6940f646be2ef7a7b20fa33cc1b3b8e6ca008ffb 100644 --- a/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/core/responses.py +++ b/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/core/responses.py @@ -1,8 +1,8 @@ from ..models.problem_details import ProblemDetails from ..encoder import JSONEncoder from flask import Response +from ..util import dict_to_camel_case, clean_empty import json -from bson import json_util mimetype = "application/json" @@ -16,28 +16,48 @@ def make_response(object, status): def internal_server_error(detail, cause): prob = ProblemDetails(title="Internal Server Error", status=500, detail=detail, cause=cause) + prob = prob.to_dict() + prob = clean_empty(prob) + prob = dict_to_camel_case(prob) + return Response(json.dumps(prob, cls=JSONEncoder), status=500, mimetype=mimetype) def forbidden_error(detail, cause): prob = ProblemDetails(title="Forbidden", status=403, detail=detail, cause=cause) + prob = prob.to_dict() + prob = clean_empty(prob) + prob = dict_to_camel_case(prob) + return Response(json.dumps(prob, cls=JSONEncoder), status=403, mimetype=mimetype) def bad_request_error(detail, cause, invalid_params): prob = ProblemDetails(title="Bad Request", status=400, detail=detail, cause=cause, invalid_params=invalid_params) + prob = prob.to_dict() + prob = clean_empty(prob) + prob = dict_to_camel_case(prob) + return Response(json.dumps(prob, cls=JSONEncoder), status=400, mimetype=cause) def not_found_error(detail, cause): prob = ProblemDetails(title="Not Found", status=404, detail=detail, cause=cause) + prob = prob.to_dict() + prob = clean_empty(prob) + prob = dict_to_camel_case(prob) + return Response(json.dumps(prob, cls=JSONEncoder), status=404, mimetype=mimetype) def unauthorized_error(detail, cause): prob = ProblemDetails(title="Unauthorized", status=401, detail=detail, cause=cause) + prob = prob.to_dict() + prob = clean_empty(prob) + prob = dict_to_camel_case(prob) + return Response(json.dumps(prob, cls=JSONEncoder), status=401, mimetype=mimetype) \ No newline at end of file diff --git a/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/core/validate_user.py b/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/core/validate_user.py index 2a8943738218ab542605b4a3e5053ddd7dbefaf9..13d8b6ab7a82a8287308b347454a35dc6d719b26 100644 --- a/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/core/validate_user.py +++ b/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/core/validate_user.py @@ -4,6 +4,8 @@ from ..models.problem_details import ProblemDetails from ..encoder import JSONEncoder from .resources import Resource from .responses import internal_server_error +from ..util import dict_to_camel_case, clean_empty + class ControlAccess(Resource): @@ -18,6 +20,9 @@ class ControlAccess(Resource): if cert_entry is not None: if cert_entry["cert_signature"] != cert_signature: prob = ProblemDetails(title="Unauthorized", detail="User not authorized", cause="You are not the owner of this resource") + prob = prob.to_dict() + prob = clean_empty(prob) + prob = dict_to_camel_case(prob) return Response(json.dumps(prob, cls=JSONEncoder), status=401, mimetype="application/json") except Exception as e: diff --git a/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/db/db.py b/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/db/db.py index 17daff1e4cb812847b69c92a63b874cf8b6972d0..87cc3a65f5101267a9c81ca548812a533b6bca23 100644 --- a/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/db/db.py +++ b/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/db/db.py @@ -1,9 +1,8 @@ -import atexit + import time from pymongo import MongoClient from pymongo.errors import AutoReconnect -from ..config import Config -from bson.codec_options import CodecOptions +from config import Config import os from opentelemetry.instrumentation.pymongo import PymongoInstrumentor diff --git a/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/encoder.py b/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/encoder.py index efa1154be1714b16879b8fa9ee6d09169c86076e..80bad8fa9220ab873e044b7adc0a849746088ad5 100644 --- a/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/encoder.py +++ b/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/encoder.py @@ -1,7 +1,7 @@ from connexion.apps.flask_app import FlaskJSONEncoder import six -from api_invocation_logs.models.base_model_ import Model +from models.base_model_ import Model class JSONEncoder(FlaskJSONEncoder): diff --git a/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/util.py b/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/util.py index af555673357bf337cf79d74e3dae42b9c84dafb9..ec1430110f5a167f67a8c083cfda84af63a678d4 100644 --- a/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/util.py +++ b/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/util.py @@ -1,8 +1,8 @@ import datetime import six -import typing -from api_invocation_logs import typing_utils +import typing_utils + def clean_empty(d): if isinstance(d, dict): @@ -15,6 +15,7 @@ def clean_empty(d): return [v for v in map(clean_empty, d) if v] return d + def dict_to_camel_case(my_dict): diff --git a/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/wsgi.py b/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/wsgi.py new file mode 100644 index 0000000000000000000000000000000000000000..6026b0fa96078634d3455ab93d71dcdc78774276 --- /dev/null +++ b/services/TS29222_CAPIF_Logging_API_Invocation_API/api_invocation_logs/wsgi.py @@ -0,0 +1,4 @@ +from app import app + +if __name__ == "__main__": + app.run() diff --git a/services/TS29222_CAPIF_Logging_API_Invocation_API/requirements.txt b/services/TS29222_CAPIF_Logging_API_Invocation_API/requirements.txt index 2de683cb37f0858d4e6e2cd75bbb70ac9f055d71..e01a501d7287a08f524d44be47d5847aa48696e1 100644 --- a/services/TS29222_CAPIF_Logging_API_Invocation_API/requirements.txt +++ b/services/TS29222_CAPIF_Logging_API_Invocation_API/requirements.txt @@ -20,3 +20,6 @@ opentelemetry-sdk == 1.17.0 flask_executor == 1.0.0 cryptography == 42.0.8 Werkzeug == 2.2.3 +pyopenssl == 24.1.0 +gunicorn==22.0.0 +packaging==24.0 diff --git a/services/TS29222_CAPIF_Publish_Service_API/Dockerfile b/services/TS29222_CAPIF_Publish_Service_API/Dockerfile index b2e6167309094b21ac6526fb45d679861032d65f..c11e2d64a014a7a98ec58a902e9b64d26519f405 100644 --- a/services/TS29222_CAPIF_Publish_Service_API/Dockerfile +++ b/services/TS29222_CAPIF_Publish_Service_API/Dockerfile @@ -12,6 +12,6 @@ COPY . /usr/src/app EXPOSE 8080 -ENTRYPOINT ["python3"] +ENTRYPOINT ["gunicorn"] -CMD ["-m", "published_apis"] \ No newline at end of file +CMD ["--bind", "0.0.0.0:8080", "--chdir", "/usr/src/app/published_apis", "wsgi:app"] \ No newline at end of file diff --git a/services/TS29222_CAPIF_Publish_Service_API/published_apis/__main__.py b/services/TS29222_CAPIF_Publish_Service_API/published_apis/app.py similarity index 94% rename from services/TS29222_CAPIF_Publish_Service_API/published_apis/__main__.py rename to services/TS29222_CAPIF_Publish_Service_API/published_apis/app.py index aa5f60c62a0846ad229b17d333545308c2e3d0f8..3c0c4735b508ff2ac60322d2a28ce31b81306700 100644 --- a/services/TS29222_CAPIF_Publish_Service_API/published_apis/__main__.py +++ b/services/TS29222_CAPIF_Publish_Service_API/published_apis/app.py @@ -3,15 +3,14 @@ import connexion import logging -from published_apis import encoder +# from published_apis import encoder +import encoder -from flask import Flask, jsonify, request from flask_jwt_extended import JWTManager, jwt_required, create_access_token -from pymongo import MongoClient -from .config import Config +from config import Config from logging.handlers import RotatingFileHandler -from .core.consumer_messager import Subscriber -from flask_executor import Executor +from core.consumer_messager import Subscriber + import os from fluent import sender from flask_executor import Executor @@ -24,10 +23,9 @@ from opentelemetry.sdk.trace import TracerProvider from opentelemetry.sdk.trace.export import BatchSpanProcessor from opentelemetry.instrumentation.redis import RedisInstrumentor - - NAME = "Publish-Service" + def configure_monitoring(app, config): resource = Resource(attributes={"service.name": NAME}) @@ -86,7 +84,6 @@ def configure_monitoring(app, config): l.addHandler(FluentBitHandler()) - def configure_logging(app): del app.logger.handlers[:] loggers = [app.logger, ] @@ -114,6 +111,7 @@ def verbose_formatter(): datefmt='%d/%m/%Y %H:%M:%S' ) + app = connexion.App(__name__, specification_dir='./openapi/') app.app.json_encoder = encoder.JSONEncoder app.add_api('openapi.yaml', @@ -134,10 +132,7 @@ if monitoring_value == "true": executor = Executor(app.app) subscriber = Subscriber() + @app.app.before_first_request def up_listener(): executor.submit(subscriber.listen) - - -if __name__ == '__main__': - app.run(debug=True, port=8080) diff --git a/services/TS29222_CAPIF_Publish_Service_API/published_apis/config.py b/services/TS29222_CAPIF_Publish_Service_API/published_apis/config.py index 11e1c4f3626d7440c6cd999ed118afb3c93caa2e..01f9914cc141eb3c49fd73506e9b1c5470edd781 100644 --- a/services/TS29222_CAPIF_Publish_Service_API/published_apis/config.py +++ b/services/TS29222_CAPIF_Publish_Service_API/published_apis/config.py @@ -5,7 +5,7 @@ import os class Config: def __init__(self): self.cached = 0 - self.file="./config.yaml" + self.file="../config.yaml" self.my_config = {} stamp = os.stat(self.file).st_mtime diff --git a/services/TS29222_CAPIF_Publish_Service_API/published_apis/controllers/default_controller.py b/services/TS29222_CAPIF_Publish_Service_API/published_apis/controllers/default_controller.py index dd43886f522f8c131e0a3c6e7ae569d8f5fde3f9..62e506a6be747d94efa513917913f03a75f20ca3 100644 --- a/services/TS29222_CAPIF_Publish_Service_API/published_apis/controllers/default_controller.py +++ b/services/TS29222_CAPIF_Publish_Service_API/published_apis/controllers/default_controller.py @@ -1,19 +1,15 @@ import connexion -from published_apis.models.service_api_description import ServiceAPIDescription # noqa: E501 -from ..core import serviceapidescriptions +from ..models.service_api_description import ServiceAPIDescription # noqa: E501 from ..core.serviceapidescriptions import PublishServiceOperations -from ..core.publisher import Publisher from flask import Response, request, current_app -from flask_jwt_extended import jwt_required, get_jwt_identity -from flask import current_app -from ..encoder import JSONEncoder -from ..models.problem_details import ProblemDetails + from cryptography import x509 from cryptography.hazmat.backends import default_backend from ..core.validate_user import ControlAccess from functools import wraps + service_operations = PublishServiceOperations() valid_user = ControlAccess() diff --git a/services/TS29222_CAPIF_Publish_Service_API/published_apis/core/auth_manager.py b/services/TS29222_CAPIF_Publish_Service_API/published_apis/core/auth_manager.py index 6e329a486848233a1c0600e5625d095e32a54661..cb2f0b937a55d762a7f02bcdbc09d44a1865a5b9 100644 --- a/services/TS29222_CAPIF_Publish_Service_API/published_apis/core/auth_manager.py +++ b/services/TS29222_CAPIF_Publish_Service_API/published_apis/core/auth_manager.py @@ -1,7 +1,5 @@ from flask import current_app -from cryptography import x509 -from cryptography.hazmat.backends import default_backend from .resources import Resource diff --git a/services/TS29222_CAPIF_Publish_Service_API/published_apis/core/consumer_messager.py b/services/TS29222_CAPIF_Publish_Service_API/published_apis/core/consumer_messager.py index 6f40a047f5c7d6378a9518a1c492f24bebaddf69..f781ead9e3beb684bf6face38ef9c0e4fd5cc5bc 100644 --- a/services/TS29222_CAPIF_Publish_Service_API/published_apis/core/consumer_messager.py +++ b/services/TS29222_CAPIF_Publish_Service_API/published_apis/core/consumer_messager.py @@ -1,10 +1,5 @@ # subscriber.py import redis -import time -import sys -import json -import asyncio -from threading import Thread from .internal_service_ops import InternalServiceOps from flask import current_app diff --git a/services/TS29222_CAPIF_Publish_Service_API/published_apis/core/publisher.py b/services/TS29222_CAPIF_Publish_Service_API/published_apis/core/publisher.py index f7b0c3c4b25f9abbe24d2dc734a72a93ffe0af01..34fcdf453873b4b59a894d9f6b96b7ce1a217c2e 100644 --- a/services/TS29222_CAPIF_Publish_Service_API/published_apis/core/publisher.py +++ b/services/TS29222_CAPIF_Publish_Service_API/published_apis/core/publisher.py @@ -1,5 +1,4 @@ import redis -import sys class Publisher(): diff --git a/services/TS29222_CAPIF_Publish_Service_API/published_apis/core/resources.py b/services/TS29222_CAPIF_Publish_Service_API/published_apis/core/resources.py index 94e29ec07359c93a78d520f24fa91c88971d65c4..efbe3c2d4cf28cec298ef17b394011dcd6aa66cb 100644 --- a/services/TS29222_CAPIF_Publish_Service_API/published_apis/core/resources.py +++ b/services/TS29222_CAPIF_Publish_Service_API/published_apis/core/resources.py @@ -1,5 +1,5 @@ from abc import ABC, abstractmethod -from ..db.db import MongoDatabse +from db.db import MongoDatabse class Resource(ABC): diff --git a/services/TS29222_CAPIF_Publish_Service_API/published_apis/core/responses.py b/services/TS29222_CAPIF_Publish_Service_API/published_apis/core/responses.py index c1809eda5a7669e869fb2e83fa7ebf2628f4d3f2..c61eae0c65bf15bf261139128c75a495799a927f 100644 --- a/services/TS29222_CAPIF_Publish_Service_API/published_apis/core/responses.py +++ b/services/TS29222_CAPIF_Publish_Service_API/published_apis/core/responses.py @@ -1,37 +1,63 @@ from ..models.problem_details import ProblemDetails from ..encoder import JSONEncoder from flask import Response +from ..util import dict_to_camel_case, clean_empty import json -from bson import json_util + mimetype = "application/json" + def make_response(object, status): res = Response(json.dumps(object, cls=JSONEncoder), status=status, mimetype=mimetype) return res + def internal_server_error(detail, cause): prob = ProblemDetails(title="Internal Server Error", status=500, detail=detail, cause=cause) + prob = prob.to_dict() + prob = clean_empty(prob) + prob = dict_to_camel_case(prob) + return Response(json.dumps(prob, cls=JSONEncoder), status=500, mimetype=mimetype) + def forbidden_error(detail, cause): prob = ProblemDetails(title="Forbidden", status=403, detail=detail, cause=cause) + prob = prob.to_dict() + prob = clean_empty(prob) + prob = dict_to_camel_case(prob) + return Response(json.dumps(prob, cls=JSONEncoder), status=403, mimetype=mimetype) + def bad_request_error(detail, cause, invalid_params): prob = ProblemDetails(title="Bad Request", status=400, detail=detail, cause=cause, invalid_params=invalid_params) + prob = prob.to_dict() + prob = clean_empty(prob) + prob = dict_to_camel_case(prob) + return Response(json.dumps(prob, cls=JSONEncoder), status=400, mimetype=cause) + def not_found_error(detail, cause): prob = ProblemDetails(title="Not Found", status=404, detail=detail, cause=cause) + prob = prob.to_dict() + prob = clean_empty(prob) + prob = dict_to_camel_case(prob) + return Response(json.dumps(prob, cls=JSONEncoder), status=404, mimetype=mimetype) def unauthorized_error(detail, cause): prob = ProblemDetails(title="Unauthorized", status=401, detail=detail, cause=cause) + prob = prob.to_dict() + prob = clean_empty(prob) + prob = dict_to_camel_case(prob) + return Response(json.dumps(prob, cls=JSONEncoder), status=401, mimetype=mimetype) \ No newline at end of file diff --git a/services/TS29222_CAPIF_Publish_Service_API/published_apis/core/serviceapidescriptions.py b/services/TS29222_CAPIF_Publish_Service_API/published_apis/core/serviceapidescriptions.py index 85b9b781bdb61168b69c461a6ed7cafaa94ac490..41ce03de2243a40442ec3cddd04b11eebf5018bf 100644 --- a/services/TS29222_CAPIF_Publish_Service_API/published_apis/core/serviceapidescriptions.py +++ b/services/TS29222_CAPIF_Publish_Service_API/published_apis/core/serviceapidescriptions.py @@ -1,21 +1,11 @@ -import sys - -import pymongo from pymongo import ReturnDocument import secrets from flask import current_app, Flask, Response -import json -from pymongo import response -from ..db.db import MongoDatabse -from ..encoder import JSONEncoder -from ..models.problem_details import ProblemDetails from .resources import Resource -from published_apis.models.service_api_description import ServiceAPIDescription from datetime import datetime from ..util import dict_to_camel_case, clean_empty -from .responses import bad_request_error, internal_server_error, forbidden_error, not_found_error, unauthorized_error, make_response -from bson import json_util +from .responses import internal_server_error, forbidden_error, not_found_error, unauthorized_error, make_response from .auth_manager import AuthManager from .redis_event import RedisEvent from .publisher import Publisher @@ -119,9 +109,10 @@ class PublishServiceOperations(Resource): self.auth_manager.add_auth_service(api_id, apf_id) current_app.logger.debug("Service inserted in database") - res = make_response(object=serviceapidescription, status=201) + + res = make_response(object=dict_to_camel_case(clean_empty(serviceapidescription.to_dict())), status=201) res.headers['Location'] = "http://localhost:8080/published-apis/v1/" + \ - str(apf_id) + "/service-apis/" + str(api_id) + str(apf_id) + "/service-apis/" + str(api_id) if res.status_code == 201: current_app.logger.info("Service published") diff --git a/services/TS29222_CAPIF_Publish_Service_API/published_apis/core/validate_user.py b/services/TS29222_CAPIF_Publish_Service_API/published_apis/core/validate_user.py index 67d434dc13624075dbc1698d90046d9c10326ac8..5eed2c946e1e8388518061b10a862143f6c1b82d 100644 --- a/services/TS29222_CAPIF_Publish_Service_API/published_apis/core/validate_user.py +++ b/services/TS29222_CAPIF_Publish_Service_API/published_apis/core/validate_user.py @@ -4,6 +4,7 @@ from ..models.problem_details import ProblemDetails from ..encoder import JSONEncoder from .resources import Resource from .responses import internal_server_error +from ..util import dict_to_camel_case, clean_empty class ControlAccess(Resource): @@ -18,6 +19,9 @@ class ControlAccess(Resource): if cert_entry is not None: if cert_entry["cert_signature"] != cert_signature or "services" not in cert_entry["resources"] or service_id not in cert_entry["resources"]["services"]: prob = ProblemDetails(title="Unauthorized", detail="User not authorized", cause="You are not the owner of this resource") + prob = prob.to_dict() + prob = clean_empty(prob) + prob = dict_to_camel_case(prob) return Response(json.dumps(prob, cls=JSONEncoder), status=401, mimetype="application/json") except Exception as e: diff --git a/services/TS29222_CAPIF_Publish_Service_API/published_apis/db/db.py b/services/TS29222_CAPIF_Publish_Service_API/published_apis/db/db.py index 23ee4a2500ec3d9ac1c4d796dd021655b7404e5b..643dda4f7a96c4e663d6aac3fd956ba0797bb39b 100644 --- a/services/TS29222_CAPIF_Publish_Service_API/published_apis/db/db.py +++ b/services/TS29222_CAPIF_Publish_Service_API/published_apis/db/db.py @@ -1,8 +1,7 @@ -import atexit import time from pymongo import MongoClient from pymongo.errors import AutoReconnect -from ..config import Config +from config import Config from bson.codec_options import CodecOptions import os from opentelemetry.instrumentation.pymongo import PymongoInstrumentor diff --git a/services/TS29222_CAPIF_Publish_Service_API/published_apis/encoder.py b/services/TS29222_CAPIF_Publish_Service_API/published_apis/encoder.py index c753f45e1f69eda91e19d4328d2447f9e7114fe0..80bad8fa9220ab873e044b7adc0a849746088ad5 100644 --- a/services/TS29222_CAPIF_Publish_Service_API/published_apis/encoder.py +++ b/services/TS29222_CAPIF_Publish_Service_API/published_apis/encoder.py @@ -1,7 +1,7 @@ from connexion.apps.flask_app import FlaskJSONEncoder import six -from published_apis.models.base_model_ import Model +from models.base_model_ import Model class JSONEncoder(FlaskJSONEncoder): diff --git a/services/TS29222_CAPIF_Publish_Service_API/published_apis/util.py b/services/TS29222_CAPIF_Publish_Service_API/published_apis/util.py index 3f53de6f85ebf9316a86066e36089d73a96bd886..c43b2746c4085a6f6de5a3555a19f3848aa0ad40 100644 --- a/services/TS29222_CAPIF_Publish_Service_API/published_apis/util.py +++ b/services/TS29222_CAPIF_Publish_Service_API/published_apis/util.py @@ -1,8 +1,7 @@ import datetime import six -import typing -from published_apis import typing_utils +import typing_utils def clean_empty(d): diff --git a/services/TS29222_CAPIF_Publish_Service_API/published_apis/wsgi.py b/services/TS29222_CAPIF_Publish_Service_API/published_apis/wsgi.py new file mode 100644 index 0000000000000000000000000000000000000000..6026b0fa96078634d3455ab93d71dcdc78774276 --- /dev/null +++ b/services/TS29222_CAPIF_Publish_Service_API/published_apis/wsgi.py @@ -0,0 +1,4 @@ +from app import app + +if __name__ == "__main__": + app.run() diff --git a/services/TS29222_CAPIF_Publish_Service_API/requirements.txt b/services/TS29222_CAPIF_Publish_Service_API/requirements.txt index 1690fde819f27e2ff02595ee11709c734e014a25..1026f856fe9b5ff82124a7279d3b26ecc3521379 100644 --- a/services/TS29222_CAPIF_Publish_Service_API/requirements.txt +++ b/services/TS29222_CAPIF_Publish_Service_API/requirements.txt @@ -20,3 +20,5 @@ cryptography == 42.0.8 redis == 4.5.4 flask_executor == 1.0.0 Werkzeug == 2.2.3 +gunicorn==22.0.0 +packaging==24.0 diff --git a/services/TS29222_CAPIF_Routing_Info_API/Dockerfile b/services/TS29222_CAPIF_Routing_Info_API/Dockerfile index 9911d06b662dc1890945b8ec73c862a5ae5a2fab..cfa4b5dfe4888a1efa8fb9551f707f21c93dd73c 100644 --- a/services/TS29222_CAPIF_Routing_Info_API/Dockerfile +++ b/services/TS29222_CAPIF_Routing_Info_API/Dockerfile @@ -11,6 +11,6 @@ COPY . /usr/src/app EXPOSE 8080 -ENTRYPOINT ["python3"] +ENTRYPOINT ["gunicorn"] -CMD ["-m", "capif_routing_info"] \ No newline at end of file +CMD ["--bind", "0.0.0.0:8080", "--chdir", "/usr/src/app/capif_routing_info", "wsgi:app"] \ No newline at end of file diff --git a/services/TS29222_CAPIF_Routing_Info_API/capif_routing_info/__main__.py b/services/TS29222_CAPIF_Routing_Info_API/capif_routing_info/__main__.py deleted file mode 100644 index e595fa02106ed80d620b8eb00f1d2a421bb1ee5f..0000000000000000000000000000000000000000 --- a/services/TS29222_CAPIF_Routing_Info_API/capif_routing_info/__main__.py +++ /dev/null @@ -1,19 +0,0 @@ -#!/usr/bin/env python3 - -import connexion - -from capif_routing_info import encoder - - -def main(): - app = connexion.App(__name__, specification_dir='./openapi/') - app.app.json_encoder = encoder.JSONEncoder - app.add_api('openapi.yaml', - arguments={'title': 'CAPIF_Routing_Info_API'}, - pythonic_params=True) - - app.run(port=8080) - - -if __name__ == '__main__': - main() diff --git a/services/TS29222_CAPIF_Routing_Info_API/capif_routing_info/app.py b/services/TS29222_CAPIF_Routing_Info_API/capif_routing_info/app.py new file mode 100644 index 0000000000000000000000000000000000000000..89135805b065ac22200eecdbf76b699f7035e680 --- /dev/null +++ b/services/TS29222_CAPIF_Routing_Info_API/capif_routing_info/app.py @@ -0,0 +1,11 @@ +#!/usr/bin/env python3 + +import connexion +import encoder + + +app = connexion.App(__name__, specification_dir='./openapi/') +app.app.json_encoder = encoder.JSONEncoder +app.add_api('openapi.yaml', + arguments={'title': 'CAPIF_Routing_Info_API'}, + pythonic_params=True) diff --git a/services/TS29222_CAPIF_Routing_Info_API/capif_routing_info/controllers/default_controller.py b/services/TS29222_CAPIF_Routing_Info_API/capif_routing_info/controllers/default_controller.py index 7cd07dd74ff2634a9487083283cad4ef354c61ae..13c24a3a52464679a765141f1963cc5bb21248ec 100644 --- a/services/TS29222_CAPIF_Routing_Info_API/capif_routing_info/controllers/default_controller.py +++ b/services/TS29222_CAPIF_Routing_Info_API/capif_routing_info/controllers/default_controller.py @@ -1,9 +1,4 @@ -import connexion -import six - -from capif_routing_info.models.problem_details import ProblemDetails # noqa: E501 -from capif_routing_info.models.routing_info import RoutingInfo # noqa: E501 -from capif_routing_info import util +from ..models.routing_info import RoutingInfo # noqa: E501 def service_apis_service_api_id_get(service_api_id, aef_id, supp_feat=None): # noqa: E501 diff --git a/services/TS29222_CAPIF_Routing_Info_API/capif_routing_info/encoder.py b/services/TS29222_CAPIF_Routing_Info_API/capif_routing_info/encoder.py index b53647004a14457d83693f5909b69425d927d3c8..80bad8fa9220ab873e044b7adc0a849746088ad5 100644 --- a/services/TS29222_CAPIF_Routing_Info_API/capif_routing_info/encoder.py +++ b/services/TS29222_CAPIF_Routing_Info_API/capif_routing_info/encoder.py @@ -1,7 +1,7 @@ from connexion.apps.flask_app import FlaskJSONEncoder import six -from capif_routing_info.models.base_model_ import Model +from models.base_model_ import Model class JSONEncoder(FlaskJSONEncoder): diff --git a/services/TS29222_CAPIF_Routing_Info_API/capif_routing_info/util.py b/services/TS29222_CAPIF_Routing_Info_API/capif_routing_info/util.py index 227076550fea5acb4f1f167a777f366215563261..910388bab6fa518b467b13476102000d2b0a0321 100644 --- a/services/TS29222_CAPIF_Routing_Info_API/capif_routing_info/util.py +++ b/services/TS29222_CAPIF_Routing_Info_API/capif_routing_info/util.py @@ -2,7 +2,7 @@ import datetime import six import typing -from capif_routing_info import typing_utils +import typing_utils def _deserialize(data, klass): diff --git a/services/TS29222_CAPIF_Routing_Info_API/capif_routing_info/wsgi.py b/services/TS29222_CAPIF_Routing_Info_API/capif_routing_info/wsgi.py new file mode 100644 index 0000000000000000000000000000000000000000..6026b0fa96078634d3455ab93d71dcdc78774276 --- /dev/null +++ b/services/TS29222_CAPIF_Routing_Info_API/capif_routing_info/wsgi.py @@ -0,0 +1,4 @@ +from app import app + +if __name__ == "__main__": + app.run() diff --git a/services/TS29222_CAPIF_Routing_Info_API/requirements.txt b/services/TS29222_CAPIF_Routing_Info_API/requirements.txt index 47ce074b7a52cca97a2e4cf8326fa4450bfc42d3..f046aef5ba7b3cb7b43df7dcf0455dc07525603e 100644 --- a/services/TS29222_CAPIF_Routing_Info_API/requirements.txt +++ b/services/TS29222_CAPIF_Routing_Info_API/requirements.txt @@ -4,3 +4,5 @@ python_dateutil >= 2.6.0 setuptools == 68.2.2 Flask == 2.0.3 Werkzeug == 2.2.3 +gunicorn==22.0.0 +packaging==24.0 diff --git a/services/TS29222_CAPIF_Security_API/capif_security/app.py b/services/TS29222_CAPIF_Security_API/capif_security/app.py new file mode 100644 index 0000000000000000000000000000000000000000..975488eeff6a4d89c2b71328d17a0b3ff15c912b --- /dev/null +++ b/services/TS29222_CAPIF_Security_API/capif_security/app.py @@ -0,0 +1,136 @@ +#!/usr/bin/env python3 + +import connexion +import logging +import encoder +from flask_jwt_extended import JWTManager +from config import Config +from core.consumer_messager import Subscriber +from logging.handlers import RotatingFileHandler +import os +from fluent import sender +from flask_executor import Executor +from opentelemetry.instrumentation.flask import FlaskInstrumentor +from opentelemetry import trace +from opentelemetry.exporter.otlp.proto.grpc.trace_exporter import OTLPSpanExporter +from opentelemetry.trace.propagation.tracecontext import TraceContextTextMapPropagator +from opentelemetry.sdk.resources import Resource +from opentelemetry.sdk.trace import TracerProvider +from opentelemetry.sdk.trace.export import BatchSpanProcessor +from opentelemetry.instrumentation.redis import RedisInstrumentor + +NAME = "Security-Service" + + +def configure_monitoring(app, config): + + resource = Resource(attributes={"service.name": NAME}) + + fluent_bit_host = config['monitoring']['fluent_bit_host'] + fluent_bit_port = config['monitoring']['fluent_bit_port'] + fluent_bit_sender = sender.FluentSender('Security-Service', host=fluent_bit_host, port=fluent_bit_port) + propagator = TraceContextTextMapPropagator() + + tracer_provider = TracerProvider(resource=resource) + trace.set_tracer_provider(tracer_provider) + exporter = OTLPSpanExporter(endpoint=f"http://{config['monitoring']['opentelemetry_url']}:{config['monitoring']['opentelemetry_port']}", insecure=True) + span_processor = BatchSpanProcessor( + exporter, + max_queue_size=config['monitoring']['opentelemetry_max_queue_size'], + schedule_delay_millis=config['monitoring']['opentelemetry_schedule_delay_millis'], + max_export_batch_size=config['monitoring']['opentelemetry_max_export_batch_size'], + export_timeout_millis=config['monitoring']['opentelemetry_export_timeout_millis'], + ) + + trace.get_tracer_provider().add_span_processor(span_processor) + + FlaskInstrumentor().instrument_app(app) + + RedisInstrumentor().instrument() + + class FluentBitHandler(logging.Handler): + + def __init__(self): + logging.Handler.__init__(self) + + def emit(self, record): + log_entry = self.format(record) + log_data = { + 'message': log_entry, + 'level': record.levelname, + 'timestamp': record.created, + 'logger': record.name, + 'function': record.funcName, + 'line': record.lineno, + 'container_name': os.environ.get('CONTAINER_NAME', ''), + } + + # # Obtener el trace ID actual + current_context = trace.get_current_span().get_span_context() + + trace_id = current_context.trace_id + traceparent_id = current_context.span_id + log_data['traceID'] = hex(trace_id)[2:] + if traceparent_id != None: + log_data['traceparent'] = hex(traceparent_id)[2:] + fluent_bit_sender.emit('Security-Service', log_data) + + loggers = [app.logger, ] + for l in loggers: + l.addHandler(FluentBitHandler()) + + +def configure_logging(app): + del app.logger.handlers[:] + loggers = [app.logger, ] + handlers = [] + console_handler = logging.StreamHandler() + console_handler.setLevel(logging.DEBUG) + console_handler.setFormatter(verbose_formatter()) + file_handler = RotatingFileHandler(filename="security_logs.log", maxBytes=1024 * 1024 * 100, backupCount=20) + file_handler.setLevel(logging.DEBUG) + file_handler.setFormatter(verbose_formatter()) + handlers.append(console_handler) + handlers.append(file_handler) + + for l in loggers: + for handler in handlers: + l.addHandler(handler) + l.propagate = False + l.setLevel(logging.DEBUG) + + +def verbose_formatter(): + return logging.Formatter( + '{"timestamp": "%(asctime)s", "level": "%(levelname)s", "logger": "%(name)s", "function": "%(funcName)s", "line": %(lineno)d, "message": %(message)s}', + datefmt='%d/%m/%Y %H:%M:%S' + ) + + +with open("/usr/src/app/capif_security/server.key", "rb") as key_file: + key_data = key_file.read() + +app = connexion.App(__name__, specification_dir='./openapi/') +app.app.json_encoder = encoder.JSONEncoder + + +app.app.config['JWT_ALGORITHM'] = 'RS256' +app.app.config['JWT_PRIVATE_KEY'] = key_data +app.add_api('openapi.yaml', + arguments={'title': 'CAPIF_Security_API'}, + pythonic_params=True) + +JWTManager(app.app) +subscriber = Subscriber() + +config = Config() +configure_logging(app.app) + +if eval(os.environ.get("MONITORING").lower().capitalize()): + configure_monitoring(app.app, config.get_config()) + +executor = Executor(app.app) + +@app.app.before_first_request +def up_listener(): + executor.submit(subscriber.listen) diff --git a/services/TS29222_CAPIF_Security_API/capif_security/config.py b/services/TS29222_CAPIF_Security_API/capif_security/config.py index 11e1c4f3626d7440c6cd999ed118afb3c93caa2e..01f9914cc141eb3c49fd73506e9b1c5470edd781 100644 --- a/services/TS29222_CAPIF_Security_API/capif_security/config.py +++ b/services/TS29222_CAPIF_Security_API/capif_security/config.py @@ -5,7 +5,7 @@ import os class Config: def __init__(self): self.cached = 0 - self.file="./config.yaml" + self.file="../config.yaml" self.my_config = {} stamp = os.stat(self.file).st_mtime diff --git a/services/TS29222_CAPIF_Security_API/capif_security/controllers/default_controller.py b/services/TS29222_CAPIF_Security_API/capif_security/controllers/default_controller.py index e37ecde5a07a1f6bd10de046189543967ea02e74..7e04d4df353bd4227d5b7bda72e3cb7236cf1dab 100644 --- a/services/TS29222_CAPIF_Security_API/capif_security/controllers/default_controller.py +++ b/services/TS29222_CAPIF_Security_API/capif_security/controllers/default_controller.py @@ -1,26 +1,20 @@ import connexion -import six - -from capif_security.models.access_token_err import AccessTokenErr # noqa: E501 -from capif_security.models.access_token_rsp import AccessTokenRsp # noqa: E501 -from capif_security.models.access_token_req import AccessTokenReq # noqa: E501 -from capif_security.models.security_notification import SecurityNotification # noqa: E501 -from capif_security.models.service_security import ServiceSecurity # noqa: E501 -from capif_security import util + +from ..models.access_token_req import AccessTokenReq # noqa: E501 +from ..models.security_notification import SecurityNotification # noqa: E501 +from ..models.service_security import ServiceSecurity # noqa: E501 + from ..core.servicesecurity import SecurityOperations -from ..core.consumer_messager import Subscriber + from ..core.publisher import Publisher -import json + from flask import Response, request, current_app -from flask_jwt_extended import jwt_required, get_jwt_identity -from ..encoder import JSONEncoder -from ..models.problem_details import ProblemDetails -import sys + from cryptography import x509 from cryptography.hazmat.backends import default_backend from ..core.validate_user import ControlAccess from functools import wraps -import pymongo + service_security_ops = SecurityOperations() publish_ops = Publisher() diff --git a/services/TS29222_CAPIF_Security_API/capif_security/core/consumer_messager.py b/services/TS29222_CAPIF_Security_API/capif_security/core/consumer_messager.py index 8bb8574b6b109361008aff091078519e7a021e21..43445583236a5743ea1475079a3c329bb0788787 100644 --- a/services/TS29222_CAPIF_Security_API/capif_security/core/consumer_messager.py +++ b/services/TS29222_CAPIF_Security_API/capif_security/core/consumer_messager.py @@ -1,10 +1,5 @@ # subscriber.py import redis -import time -import sys -import json -import asyncio -from threading import Thread from .internal_security_ops import InternalSecurityOps from flask import current_app diff --git a/services/TS29222_CAPIF_Security_API/capif_security/core/internal_security_ops.py b/services/TS29222_CAPIF_Security_API/capif_security/core/internal_security_ops.py index d5cbd968beee2cae29b63b8ad679f0e6d776da1f..d1b28d5938fa8f7c1d2c5d2bf9d4a3a9b3c68fda 100644 --- a/services/TS29222_CAPIF_Security_API/capif_security/core/internal_security_ops.py +++ b/services/TS29222_CAPIF_Security_API/capif_security/core/internal_security_ops.py @@ -1,5 +1,4 @@ -from flask import current_app from .resources import Resource class InternalSecurityOps(Resource): diff --git a/services/TS29222_CAPIF_Security_API/capif_security/core/notification.py b/services/TS29222_CAPIF_Security_API/capif_security/core/notification.py index 5d69adc7b79d47ce637309e3046f3937856e58cc..2efad5f7f28459e561ddcf9d22612275e1435dea 100644 --- a/services/TS29222_CAPIF_Security_API/capif_security/core/notification.py +++ b/services/TS29222_CAPIF_Security_API/capif_security/core/notification.py @@ -1,7 +1,5 @@ import requests -from ..encoder import JSONEncoder -import sys -import json + class Notifications(): diff --git a/services/TS29222_CAPIF_Security_API/capif_security/core/publisher.py b/services/TS29222_CAPIF_Security_API/capif_security/core/publisher.py index f7b0c3c4b25f9abbe24d2dc734a72a93ffe0af01..8292de4d4330b14c17be74e7448403b56fc5b9e3 100644 --- a/services/TS29222_CAPIF_Security_API/capif_security/core/publisher.py +++ b/services/TS29222_CAPIF_Security_API/capif_security/core/publisher.py @@ -1,5 +1,5 @@ import redis -import sys + class Publisher(): diff --git a/services/TS29222_CAPIF_Security_API/capif_security/core/resources.py b/services/TS29222_CAPIF_Security_API/capif_security/core/resources.py index 2ba2a0f944c9ff47009a2d461aafde25751fcd88..53a35e5d60f0fbe6fd7735e0c766bee233f84b47 100644 --- a/services/TS29222_CAPIF_Security_API/capif_security/core/resources.py +++ b/services/TS29222_CAPIF_Security_API/capif_security/core/resources.py @@ -1,7 +1,8 @@ -from abc import ABC, abstractmethod -from ..db.db import MongoDatabse +from abc import ABC +from db.db import MongoDatabse from .notification import Notifications + class Resource(ABC): def __init__(self): diff --git a/services/TS29222_CAPIF_Security_API/capif_security/core/responses.py b/services/TS29222_CAPIF_Security_API/capif_security/core/responses.py index 26e82b68c92cc01fbd9682f119d5d6e3d58711a8..9c2020c79bb6e0cc6e68a084607a61d563c48657 100644 --- a/services/TS29222_CAPIF_Security_API/capif_security/core/responses.py +++ b/services/TS29222_CAPIF_Security_API/capif_security/core/responses.py @@ -2,36 +2,62 @@ from ..models.problem_details import ProblemDetails from ..encoder import JSONEncoder from flask import Response import json -from bson import json_util +from ..util import dict_to_camel_case, clean_empty mimetype = "application/json" + def make_response(object, status): res = Response(json.dumps(object, cls=JSONEncoder), status=status, mimetype=mimetype) return res + def internal_server_error(detail, cause): prob = ProblemDetails(title="Internal Server Error", status=500, detail=detail, cause=cause) + prob = prob.to_dict() + prob = clean_empty(prob) + prob = dict_to_camel_case(prob) + return Response(json.dumps(prob, cls=JSONEncoder), status=500, mimetype=mimetype) + def forbidden_error(detail, cause): prob = ProblemDetails(title="Forbidden", status=403, detail=detail, cause=cause) + prob = prob.to_dict() + prob = clean_empty(prob) + prob = dict_to_camel_case(prob) + return Response(json.dumps(prob, cls=JSONEncoder), status=403, mimetype=mimetype) + def bad_request_error(detail, cause, invalid_params): prob = ProblemDetails(title="Bad Request", status=400, detail=detail, cause=cause, invalid_params=invalid_params) + prob = prob.to_dict() + prob = clean_empty(prob) + prob = dict_to_camel_case(prob) + return Response(json.dumps(prob, cls=JSONEncoder), status=400, mimetype=cause) + def not_found_error(detail, cause): prob = ProblemDetails(title="Not Found", status=404, detail=detail, cause=cause) + prob = prob.to_dict() + prob = clean_empty(prob) + prob = dict_to_camel_case(prob) + return Response(json.dumps(prob, cls=JSONEncoder), status=404, mimetype=mimetype) + def unauthorized_error(detail, cause): prob = ProblemDetails(title="Unauthorized", status=401, detail=detail, cause=cause) + prob = prob.to_dict() + prob = clean_empty(prob) + prob = dict_to_camel_case(prob) + return Response(json.dumps(prob, cls=JSONEncoder), status=401, mimetype=mimetype) \ No newline at end of file diff --git a/services/TS29222_CAPIF_Security_API/capif_security/core/servicesecurity.py b/services/TS29222_CAPIF_Security_API/capif_security/core/servicesecurity.py index 8f48465eddcb2254f53b46545aaa9517ac3450f3..9fe7838a47479a17b0233dd7698c3bb08958c670 100644 --- a/services/TS29222_CAPIF_Security_API/capif_security/core/servicesecurity.py +++ b/services/TS29222_CAPIF_Security_API/capif_security/core/servicesecurity.py @@ -1,31 +1,22 @@ -import sys -import pymongo from pymongo import ReturnDocument -import secrets -import re + import rfc3987 from flask import current_app, Flask, Response from flask_jwt_extended import create_access_token from datetime import datetime, timedelta import json -from ..db.db import MongoDatabse -from ..encoder import JSONEncoder -from ..models.problem_details import ProblemDetails -from ..models.access_token_rsp import AccessTokenRsp -from ..models.access_token_claims import AccessTokenClaims from bson import json_util -import requests from ..core.publisher import Publisher from ..models.access_token_err import AccessTokenErr -from ..models.service_security import ServiceSecurity +from ..models.access_token_rsp import AccessTokenRsp +from ..models.access_token_claims import AccessTokenClaims from ..util import dict_to_camel_case, clean_empty from .responses import not_found_error, make_response, bad_request_error, internal_server_error, forbidden_error -from .notification import Notifications from .resources import Resource -import os from .redis_event import RedisEvent +import os publish_ops = Publisher() @@ -55,9 +46,8 @@ class SecurityOperations(Resource): header = scope[0:4] if header != "3gpp": current_app.logger.error("Bad format scope") - token_error = AccessTokenErr( - error="invalid_scope", error_description="The first characters must be '3gpp'") - return make_response(object=token_error, status=400) + token_error = AccessTokenErr(error="invalid_scope", error_description="The first characters must be '3gpp'") + return make_response(object=clean_empty(token_error.to_dict()), status=400) _, body = scope.split("#") @@ -70,29 +60,27 @@ class SecurityOperations(Resource): for group in groups: aef_id, api_names = group.split(":") if aef_id not in aef_security_context: - current_app.logger.error( - "Bad format Scope, not valid aef id ") - token_error = AccessTokenErr( - error="invalid_scope", error_description="One of aef_id not belongs of your security context") - return make_response(object=token_error, status=400) + current_app.logger.error("Bad format Scope, not valid aef id ") + token_error = AccessTokenErr(error="invalid_scope", error_description="One of aef_id not belongs of your security context") + return make_response(object=clean_empty(token_error.to_dict()), status=400) + api_names = api_names.split(",") for api_name in api_names: service = capif_service_col.find_one( {"$and": [{"api_name": api_name}, {self.filter_aef_id: aef_id}]}) if service is None: - current_app.logger.error( - "Bad format Scope, not valid api name") + current_app.logger.error("Bad format Scope, not valid api name") token_error = AccessTokenErr( - error="invalid_scope", error_description="One of the api names does not exist or is not associated with the aef id provided") - return make_response(object=token_error, status=400) + error="invalid_scope", + error_description="One of the api names does not exist or is not associated with the aef id provided") + return make_response(object=clean_empty(token_error.to_dict()), status=400) return None except Exception as e: current_app.logger.error("Bad format Scope: " + e) - token_error = AccessTokenErr( - error="invalid_scope", error_description="malformed scope") - return make_response(object=token_error, status=400) + token_error = AccessTokenErr(error="invalid_scope", error_description="malformed scope") + return make_response(object=clean_empty(token_error.to_dict()), status=400) def __init__(self): Resource.__init__(self) @@ -208,9 +196,10 @@ class SecurityOperations(Resource): rec.update(service_security.to_dict()) mycol.insert_one(rec) - res = make_response(object=service_security, status=201) + res = make_response(object=dict_to_camel_case(clean_empty(service_security.to_dict())), status=201) res.headers['Location'] = "https://{}/capif-security/v1/trustedInvokers/{}".format( os.getenv('CAPIF_HOSTNAME'), str(api_invoker_id)) + return res except Exception as e: @@ -274,20 +263,20 @@ class SecurityOperations(Resource): invoker = invokers_col.find_one( {"api_invoker_id": access_token_req["client_id"]}) if invoker is None: - client_id_error = AccessTokenErr( - error="invalid_client", error_description="Client Id not found") - return make_response(object=client_id_error, status=400) + client_id_error = AccessTokenErr(error="invalid_client", error_description="Client Id not found") + return make_response(object=clean_empty(client_id_error.to_dict()), status=400) + if access_token_req["grant_type"] != "client_credentials": - client_id_error = AccessTokenErr(error="unsupported_grant_type", error_description="Invalid value for `grant_type` ({0}), must be one of ['client_credentials'] - 'grant_type'" + client_id_error = AccessTokenErr(error="unsupported_grant_type", + error_description="Invalid value for `grant_type` ({0}), must be one of ['client_credentials'] - 'grant_type'" .format(access_token_req["grant_type"])) - return make_response(object=client_id_error, status=400) + return make_response(object=clean_empty(client_id_error.to_dict()), status=400) service_security = mycol.find_one({"api_invoker_id": security_id}) if service_security is None: - current_app.logger.error( - "Not found security context with id: " + security_id) - return not_found_error(detail=security_context_not_found_detail, cause=api_invoker_no_context_cause) + current_app.logger.error("Not found security context with id: " + security_id) + return not_found_error(detail= security_context_not_found_detail, cause=api_invoker_no_context_cause) result = self.__check_scope( access_token_req["scope"], service_security) @@ -307,7 +296,8 @@ class SecurityOperations(Resource): current_app.logger.debug("Created access token") - res = make_response(object=access_token_resp, status=200) + # res = make_response(object=dict_to_camel_case(clean_empty(access_token_resp.to_dict())), status=200) + res = make_response(object=clean_empty(access_token_resp.to_dict()), status=200) return res except Exception as e: exception = "An exception occurred in return token" @@ -363,11 +353,11 @@ class SecurityOperations(Resource): result = mycol.find_one_and_update(old_object, {"$set": service_security}, projection={ '_id': 0, "api_invoker_id": 0}, return_document=ReturnDocument.AFTER, upsert=False) - result = clean_empty(result) + # result = clean_empty(result) current_app.logger.debug("Updated security context") - res = make_response(object=dict_to_camel_case(result), status=200) + res= make_response(object=dict_to_camel_case(clean_empty(result)), status=200) res.headers['Location'] = "https://${CAPIF_HOSTNAME}/capif-security/v1/trustedInvokers/" + str( api_invoker_id) return res diff --git a/services/TS29222_CAPIF_Security_API/capif_security/db/db.py b/services/TS29222_CAPIF_Security_API/capif_security/db/db.py index d5376574d9308c1ebd901ba3d4597f60ce68c3eb..47a9538c9c70be0cb96fee4119eb024db27b79cc 100644 --- a/services/TS29222_CAPIF_Security_API/capif_security/db/db.py +++ b/services/TS29222_CAPIF_Security_API/capif_security/db/db.py @@ -2,7 +2,7 @@ import atexit import time from pymongo import MongoClient from pymongo.errors import AutoReconnect -from ..config import Config +from config import Config from bson.codec_options import CodecOptions import os from opentelemetry.instrumentation.pymongo import PymongoInstrumentor diff --git a/services/TS29222_CAPIF_Security_API/capif_security/encoder.py b/services/TS29222_CAPIF_Security_API/capif_security/encoder.py index 9d6964e4ccb171ae9174d22c6d790d186f42cebf..80bad8fa9220ab873e044b7adc0a849746088ad5 100644 --- a/services/TS29222_CAPIF_Security_API/capif_security/encoder.py +++ b/services/TS29222_CAPIF_Security_API/capif_security/encoder.py @@ -1,7 +1,7 @@ from connexion.apps.flask_app import FlaskJSONEncoder import six -from capif_security.models.base_model_ import Model +from models.base_model_ import Model class JSONEncoder(FlaskJSONEncoder): diff --git a/services/TS29222_CAPIF_Security_API/capif_security/util.py b/services/TS29222_CAPIF_Security_API/capif_security/util.py index 873c290d1d0bd4a1b6e0a9ff18e60630cc836f14..00ceb152b3c95233fec243ca5e3b8304c4b3611c 100644 --- a/services/TS29222_CAPIF_Security_API/capif_security/util.py +++ b/services/TS29222_CAPIF_Security_API/capif_security/util.py @@ -1,8 +1,7 @@ import datetime import six -import typing -from capif_security import typing_utils +import typing_utils def clean_empty(d): diff --git a/services/TS29222_CAPIF_Security_API/capif_security/wsgi.py b/services/TS29222_CAPIF_Security_API/capif_security/wsgi.py new file mode 100644 index 0000000000000000000000000000000000000000..6026b0fa96078634d3455ab93d71dcdc78774276 --- /dev/null +++ b/services/TS29222_CAPIF_Security_API/capif_security/wsgi.py @@ -0,0 +1,4 @@ +from app import app + +if __name__ == "__main__": + app.run() diff --git a/services/TS29222_CAPIF_Security_API/requirements.txt b/services/TS29222_CAPIF_Security_API/requirements.txt index 45a43d6022ea66c9cefbf7616393bee99e9e6c86..376353497a8ae588165cee3489a4d588da822832 100644 --- a/services/TS29222_CAPIF_Security_API/requirements.txt +++ b/services/TS29222_CAPIF_Security_API/requirements.txt @@ -20,4 +20,6 @@ fluent-logger == 0.10.0 opentelemetry-api == 1.17.0 opentelemetry-sdk == 1.17.0 flask_executor == 1.0.0 -Werkzeug == 2.2.3 \ No newline at end of file +Werkzeug == 2.2.3 +gunicorn==22.0.0 +packaging==24.0 diff --git a/services/TS29222_CAPIF_Security_API/security_prepare.sh b/services/TS29222_CAPIF_Security_API/security_prepare.sh index c28b38929ae793399b64b70fab1ccbcccc6aeab0..94bece0582e614c49d6fbab23307984a2ad9875d 100644 --- a/services/TS29222_CAPIF_Security_API/security_prepare.sh +++ b/services/TS29222_CAPIF_Security_API/security_prepare.sh @@ -15,5 +15,5 @@ curl -k -retry 30 \ --request GET "$VAULT_ADDR/v1/secret/data/server_cert/private" 2>/dev/null | jq -r '.data.data.key' -j > /usr/src/app/capif_security/server.key -cd /usr/src/app/ -python3 -m capif_security \ No newline at end of file +gunicorn --bind 0.0.0.0:8080 \ + --chdir /usr/src/app/capif_security wsgi:app \ No newline at end of file diff --git a/services/helper/Dockerfile b/services/helper/Dockerfile index 2bc3b3390f4d6d7f5879af105f65308e7a5d8263..2c521b77a2f232b87dd82c95f7f8fba652d083a7 100644 --- a/services/helper/Dockerfile +++ b/services/helper/Dockerfile @@ -13,4 +13,6 @@ COPY . /usr/src/app EXPOSE 8080 -CMD ["python3", "-m", "helper_service"] +ENTRYPOINT ["gunicorn"] + +CMD ["--bind", "0.0.0.0:8080", "--chdir", "/usr/src/app/helper_service", "wsgi:app"] diff --git a/services/helper/helper_service/__main__.py b/services/helper/helper_service/app.py similarity index 84% rename from services/helper/helper_service/__main__.py rename to services/helper/helper_service/app.py index c2f6e39ff49911f6479b04a1195ff26770b5dfd0..c0af3df2c5ae9f8f58e515f3c8b512bc81ecdfb1 100644 --- a/services/helper/helper_service/__main__.py +++ b/services/helper/helper_service/app.py @@ -1,8 +1,8 @@ from flask import Flask import logging -from .controllers.helper_controller import helper_routes +from controllers.helper_controller import helper_routes from OpenSSL.crypto import PKey, TYPE_RSA, X509Req, dump_certificate_request, FILETYPE_PEM, dump_privatekey -from .config import Config +from config import Config import json import requests @@ -26,7 +26,7 @@ csr_request = dump_certificate_request(FILETYPE_PEM, req) private_key = dump_privatekey(FILETYPE_PEM, key) # Save superadmin private key -key_file = open("helper_service/certs/superadmin.key", 'wb+') +key_file = open("certs/superadmin.key", 'wb+') key_file.write(bytes(private_key)) key_file.close() @@ -44,7 +44,7 @@ response = requests.request("POST", url, headers=headers, data=data, verify = co superadmin_cert = json.loads(response.text)['data']['certificate'] # Save the superadmin certificate -cert_file = open("helper_service/certs/superadmin.crt", 'wb') +cert_file = open("certs/superadmin.crt", 'wb') cert_file.write(bytes(superadmin_cert, 'utf-8')) cert_file.close() @@ -56,12 +56,10 @@ headers = { response = requests.request("GET", url, headers=headers, verify = config["ca_factory"].get("verify", False)) ca_root = json.loads(response.text)['data']['data']['ca'] -cert_file = open("helper_service/certs/ca_root.crt", 'wb') +cert_file = open("certs/ca_root.crt", 'wb') cert_file.write(bytes(ca_root, 'utf-8')) cert_file.close() app.register_blueprint(helper_routes) app.logger.setLevel(logging.DEBUG) -if __name__ == '__main__': - app.run(host='0.0.0.0', port=8080, debug=True) \ No newline at end of file diff --git a/services/helper/helper_service/config.py b/services/helper/helper_service/config.py index 444a23201168fceb276fa44b81f2417d8fc2afa6..f9574a678498483f4e138d4890fc1fa079cebce4 100644 --- a/services/helper/helper_service/config.py +++ b/services/helper/helper_service/config.py @@ -5,7 +5,7 @@ import os class Config: def __init__(self): self.cached = 0 - self.file="./config.yaml" + self.file="../config.yaml" self.my_config = {} stamp = os.stat(self.file).st_mtime diff --git a/services/helper/helper_service/controllers/helper_controller.py b/services/helper/helper_service/controllers/helper_controller.py index 995d33590d5b6b32cb14961ed60e1d35463109a9..f645a564ca88eb238ced5784cdc5ff2450910075 100644 --- a/services/helper/helper_service/controllers/helper_controller.py +++ b/services/helper/helper_service/controllers/helper_controller.py @@ -1,8 +1,8 @@ #!/usr/bin/env python3 from flask import Blueprint, request, current_app, jsonify -from ..core.helper_operations import HelperOperations -from ..config import Config +from core.helper_operations import HelperOperations +from config import Config config = Config().get_config() diff --git a/services/helper/helper_service/core/helper_operations.py b/services/helper/helper_service/core/helper_operations.py index aed9da5ab74357632681679f0b99883b9f4746a7..9e6354675ae348efbd5b9f47c940f6145f371103 100644 --- a/services/helper/helper_service/core/helper_operations.py +++ b/services/helper/helper_service/core/helper_operations.py @@ -1,7 +1,7 @@ from flask import jsonify, current_app import pymongo -from ..db.db import MongoDatabse -from ..config import Config +from db.db import MongoDatabse +from config import Config import requests import os diff --git a/services/helper/helper_service/db/db.py b/services/helper/helper_service/db/db.py index 9820a92705e4c73151ffa216bab58b7d0cb866c0..bb2853ef6638b8d2294edbd8d7d1c2c225c8a061 100644 --- a/services/helper/helper_service/db/db.py +++ b/services/helper/helper_service/db/db.py @@ -1,7 +1,7 @@ import time from pymongo import MongoClient from pymongo.errors import AutoReconnect -from ..config import Config +from config import Config from bson.codec_options import CodecOptions class MongoDatabse(): diff --git a/services/helper/helper_service/wsgi.py b/services/helper/helper_service/wsgi.py new file mode 100644 index 0000000000000000000000000000000000000000..6026b0fa96078634d3455ab93d71dcdc78774276 --- /dev/null +++ b/services/helper/helper_service/wsgi.py @@ -0,0 +1,4 @@ +from app import app + +if __name__ == "__main__": + app.run() diff --git a/services/helper/requirements.txt b/services/helper/requirements.txt index dbe8a486370b495618e6150ca588e0f7b8ae13db..d51eb7e6ea6712e53cacfc8d957f027369e7ce2a 100644 --- a/services/helper/requirements.txt +++ b/services/helper/requirements.txt @@ -6,3 +6,5 @@ flask_jwt_extended == 4.6.0 pyopenssl == 24.1.0 pyyaml == 6.0.1 requests == 2.32.2 +gunicorn==22.0.0 +packaging==24.0 diff --git a/services/register/config.yaml b/services/register/config.yaml index d44e09f8ef82680676b0d15cc1a1edd38ace9da8..f1e1a257290897585780b9fe5e8eac6ae5e2e0ee 100644 --- a/services/register/config.yaml +++ b/services/register/config.yaml @@ -14,10 +14,15 @@ ca_factory: { "verify": False } +ccf: { + "url": "capifcore", + "helper_remove_user": "/helper/deleteEntities/" +} + register: { - register_uuid: '6ba7b810-9dad-11d1-80b4-00c04fd430c8', - refresh_expiration: 30, #days - token_expiration: 10, #mins - admin_users: {admin_user: "admin", + "register_uuid": '6ba7b810-9dad-11d1-80b4-00c04fd430c8', + "refresh_expiration": 30, #days + "token_expiration": 10, #mins + "admin_users": {admin_user: "admin", admin_pass: "password123"} } \ No newline at end of file diff --git a/services/register/register_prepare.sh b/services/register/register_prepare.sh index 4a49b87d7039f7dba68b3f1cce00e77aaa3656c8..2ae8deff25fce905a937fa87767796a9685f8482 100644 --- a/services/register/register_prepare.sh +++ b/services/register/register_prepare.sh @@ -40,5 +40,7 @@ __EOF__ openssl x509 -req -in /usr/src/app/register_service/certs/register.csr -CA /usr/src/app/register_service/certs/registerCA.crt -CAkey /usr/src/app/register_service/certs/registerCA.key -CAcreateserial -out /usr/src/app/register_service/certs/register_cert.crt -days 365 -sha256 -cd /usr/src/app/ -python3 -m register_service \ No newline at end of file +gunicorn --certfile=/usr/src/app/register_service/certs/register_cert.crt \ + --keyfile=/usr/src/app/register_service/certs/register_key.key \ + --bind 0.0.0.0:8080 \ + --chdir /usr/src/app/register_service wsgi:app \ No newline at end of file diff --git a/services/register/register_service/__main__.py b/services/register/register_service/app.py similarity index 81% rename from services/register/register_service/__main__.py rename to services/register/register_service/app.py index 612b031e3c3d2f45a7f66ab34ca85db64db85447..4dc2deda757d7a3b79f02ee3756d5b6715ed2fcc 100644 --- a/services/register/register_service/__main__.py +++ b/services/register/register_service/app.py @@ -1,14 +1,17 @@ + from flask import Flask -from .controllers.register_controller import register_routes +from controllers.register_controller import register_routes from flask_jwt_extended import JWTManager from OpenSSL.crypto import PKey, TYPE_RSA, X509Req, dump_certificate_request, FILETYPE_PEM, dump_privatekey import requests import json -from .config import Config -from .db.db import MongoDatabse +from config import Config +from db.db import MongoDatabse + app = Flask(__name__) + jwt_manager = JWTManager(app) config = Config().get_config() @@ -30,7 +33,7 @@ csr_request = dump_certificate_request(FILETYPE_PEM, req) private_key = dump_privatekey(FILETYPE_PEM, key) # Save superadmin private key -key_file = open("register_service/certs/superadmin.key", 'wb+') +key_file = open("certs/superadmin.key", 'wb+') key_file.write(bytes(private_key)) key_file.close() @@ -48,7 +51,7 @@ response = requests.request("POST", url, headers=headers, data=data, verify = co superadmin_cert = json.loads(response.text)['data']['certificate'] # Save the superadmin certificate -cert_file = open("register_service/certs/superadmin.crt", 'wb') +cert_file = open("certs/superadmin.crt", 'wb') cert_file.write(bytes(superadmin_cert, 'utf-8')) cert_file.close() @@ -60,7 +63,7 @@ headers = { response = requests.request("GET", url, headers=headers, verify = config["ca_factory"].get("verify", False)) ca_root = json.loads(response.text)['data']['data']['ca'] -cert_file = open("register_service/certs/ca_root.crt", 'wb') +cert_file = open("certs/ca_root.crt", 'wb') cert_file.write(bytes(ca_root, 'utf-8')) cert_file.close() @@ -81,11 +84,4 @@ app.config['JWT_ALGORITHM'] = 'RS256' app.config['JWT_PRIVATE_KEY'] = key_data app.config['REGISTRE_SECRET_KEY'] = config["register"]["register_uuid"] -app.register_blueprint(register_routes) - -#---------------------------------------- -# launch -#---------------------------------------- - -if __name__ == "__main__": - app.run(debug=True, host = '0.0.0.0', port=8080, ssl_context= ("/usr/src/app/register_service/certs/register_cert.crt", "/usr/src/app/register_service/certs/register_key.key")) +app.register_blueprint(register_routes) \ No newline at end of file diff --git a/services/register/register_service/config.py b/services/register/register_service/config.py index d04bd1acd87603f491b09f464d8db1d6cdc52ad7..97ab831fc7a69163163f7182f1f8c61bd9e3ffc4 100644 --- a/services/register/register_service/config.py +++ b/services/register/register_service/config.py @@ -5,7 +5,7 @@ import os class Config: def __init__(self): self.cached = 0 - self.file="./config.yaml" + self.file="../config.yaml" self.my_config = {} stamp = os.stat(self.file).st_mtime diff --git a/services/register/register_service/controllers/register_controller.py b/services/register/register_service/controllers/register_controller.py index ded8e8bc9a5fcfb6fa2cfa8bc1f1f033d585b19c..da354690d65706959068276a7e6b81f0cffc3a9d 100644 --- a/services/register/register_service/controllers/register_controller.py +++ b/services/register/register_service/controllers/register_controller.py @@ -1,11 +1,13 @@ #!/usr/bin/env python3 from flask import current_app, Flask, jsonify, request, Blueprint -from ..core.register_operations import RegisterOperations -from ..config import Config + +from core.register_operations import RegisterOperations +from config import Config + from functools import wraps from datetime import datetime, timedelta -from ..db.db import MongoDatabse +from db.db import MongoDatabse from flask_httpauth import HTTPBasicAuth import jwt diff --git a/services/register/register_service/core/register_operations.py b/services/register/register_service/core/register_operations.py index b76d09286d16a0b0e8ab1ca066100f0f6ffb0d55..dac2654c93111669856f3907b81d09b1a05ab2f1 100644 --- a/services/register/register_service/core/register_operations.py +++ b/services/register/register_service/core/register_operations.py @@ -1,11 +1,12 @@ -from flask import Flask, jsonify, request, Response +from flask import Flask, jsonify, request, Response, current_app from flask_jwt_extended import create_access_token -from ..db.db import MongoDatabse +from db.db import MongoDatabse from datetime import datetime -from ..config import Config +from config import Config import requests import uuid + class RegisterOperations: def __init__(self): @@ -38,11 +39,11 @@ class RegisterOperations: exist_user = mycol.find_one({"username": username}) if exist_user is None: - return jsonify("Not exister user with this credentials"), 400 + return jsonify("Not existing user with this credentials"), 400 access_token = create_access_token(identity=(username + " " + exist_user["uuid"])) - cert_file = open("register_service/certs/ca_root.crt", 'rb') + cert_file = open("certs/ca_root.crt", 'rb') ca_root = cert_file.read() cert_file.close() @@ -62,9 +63,9 @@ class RegisterOperations: mycol = self.db.get_col_by_name(self.db.capif_users) try: - - url = f"https://capifcore/helper/deleteEntities/{uuid}" - requests.delete(url, cert=("register_service/certs/superadmin.crt", "register_service/certs/superadmin.key"), verify="register_service/certs/ca_root.crt") + + url = f"https://{self.config["ccf"]["url"]}{self.config["ccf"]["helper_remove_user"]}{uuid}" + requests.delete(url, cert=("certs/superadmin.crt", "certs/superadmin.key"), verify="certs/ca_root.crt") mycol.delete_one({"uuid": uuid}) diff --git a/services/register/register_service/db/db.py b/services/register/register_service/db/db.py index 65a8a83fe4da25f7b992898a60485ccbaa9228d4..fdf448e5be3b675d585bccf141b8e2a6ffe67754 100644 --- a/services/register/register_service/db/db.py +++ b/services/register/register_service/db/db.py @@ -1,9 +1,7 @@ -import atexit import time from pymongo import MongoClient from pymongo.errors import AutoReconnect -from ..config import Config -from bson.codec_options import CodecOptions +from config import Config class MongoDatabse(): diff --git a/services/register/register_service/wsgi.py b/services/register/register_service/wsgi.py new file mode 100644 index 0000000000000000000000000000000000000000..6026b0fa96078634d3455ab93d71dcdc78774276 --- /dev/null +++ b/services/register/register_service/wsgi.py @@ -0,0 +1,4 @@ +from app import app + +if __name__ == "__main__": + app.run() diff --git a/services/register/requirements.txt b/services/register/requirements.txt index e9b85df891a9c4a2364bf7c8fcc98c2562281fcf..e95dfe3e036f4dbe4230e51a43ca3b7d25cb8255 100644 --- a/services/register/requirements.txt +++ b/services/register/requirements.txt @@ -8,3 +8,5 @@ pyyaml == 6.0.1 requests == 2.32.2 bcrypt == 4.0.1 flask_httpauth == 4.8.0 +gunicorn==22.0.0 +packaging==24.0