Code Review / oom.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
[UUI] Update image version 16.0.1 of components of UUI
[oom.git] / kubernetes / policy / components / policy-drools-pdp / templates / statefulset.yaml
diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml
old mode 100755 (executable)
new mode 100644 (file)
index 7dee453..d7bcccf
--- a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml
+++ b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml
@@ -1,6 +1,8 @@
 {{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018-2020, 2022 AT&T Intellectual Property
 {{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018-2020, 2022 AT&T Intellectual Property
+# Modifications Copyright (C) 2024-2025 Nordix Foundation.
+# Modifications Copyright © 2024-2025 Deutsche Telekom
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -17,70 +19,87 @@
 
 apiVersion: apps/v1
 kind: StatefulSet
 
 apiVersion: apps/v1
 kind: StatefulSet
-metadata:
-  name: {{ include "common.fullname" . }}
-  namespace: {{ include "common.namespace" . }}
-  labels:
-    app: {{ include "common.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
-    release: {{ include "common.release" . }}
-    heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
 spec:
 spec:
+  selector: {{- include "common.selectors" . | nindent 4 }}
   serviceName: {{ include "common.servicename" . }}
   replicas: {{ .Values.replicaCount }}
   serviceName: {{ include "common.servicename" . }}
   replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      app: {{ include "common.name" . }}
   template:
   template:
-    metadata:
-      labels:
-        app: {{ include "common.name" . }}
-        release: {{ include "common.release" . }}
+    metadata: {{- include "common.templateMetadata" . | nindent 6 }}
     spec:
     spec:
+      {{ include "common.podSecurityContext" . | indent 6 | trim }}
       initContainers:
       initContainers:
+      {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
+{{- if not .Values.nexus.offline }}
       - command:
         - /app/ready.py
         args:
       - command:
         - /app/ready.py
         args:
-        - --job-name
-        - {{ include "common.release" . }}-policy-galera-config
+        - --service-name
+        - {{ .Values.nexus.name }}
         env:
         - name: NAMESPACE
           valueFrom:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
         env:
         - name: NAMESPACE
           valueFrom:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
+        - name: KAFKA_URL
+          value: {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
+        - name: SASL
+          value: {{ .Values.kafkaUser.authenticationType | upper }}
+        - name: GROUP_ID
+          value: {{ .Values.config.kafka.consumer.groupId }}
+        - name: PAP_TOPIC
+          value: {{ .Values.config.app.listener.policyPdpPapTopic }}
         image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        name: {{ include "common.name" . }}-db-readiness
-{{- if not .Values.nexus.offline }}
+        {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+        name: {{ include "common.name" . }}-readiness
+        resources:
+          limits:
+            cpu: "100m"
+            memory: "500Mi"
+          requests:
+            cpu: "3m"
+            memory: "20Mi"
+{{- end }}
       - command:
       - command:
-        - /app/ready.py
+          - sh
         args:
         args:
-        - --container-name
-        - {{ .Values.nexus.name }}
+          - -c
+          - JAASLOGIN=`echo $JAASLOGIN | tr -d '"'`; cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done
         env:
         env:
-        - name: NAMESPACE
+        - name: KAFKA_URL
+          value: {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
+        - name: SASL
+          value: {{ .Values.kafkaUser.authenticationType | upper }}
+        - name: GROUP_ID
+          value: {{ .Values.config.kafka.consumer.groupId }}
+      {{- if .Values.global.useStrimziKafka }}
+        - name: JAASLOGIN
           valueFrom:
           valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-        image: {{ include "repositoryGenerator.image.readiness" . }}
+            secretKeyRef:
+              name: {{ include "common.name" . }}-ku
+              key: sasl.jaas.config
+      {{- end }}
+        volumeMounts:
+          - mountPath: /config-input
+            name: drools-config
+          - mountPath: /config
+            name: drools-config-processed
+        image: {{ include "repositoryGenerator.image.envsubst" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        name: {{ include "common.name" . }}-readiness
-{{- end }}
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
+        {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+        name: {{ include "common.name" . }}-update-config
       containers:
         - name: {{ include "common.name" . }}
       containers:
         - name: {{ include "common.name" . }}
+          {{ include "common.containerSecurityContext" . | indent 10 | trim }}
           image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           command: ["sh","-c"]
           image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
           imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
           command: ["sh","-c"]
-          args: ["if [ -f {{ .Values.certInitializer.credsPath }}/.ci ]; then \
-                  source {{ .Values.certInitializer.credsPath }}/.ci; fi;\
-                  cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\
-                  /opt/app/policy/bin/pdpd-cl-entrypoint.sh boot"]
-          ports:
-          - containerPort: {{ .Values.service.externalPort }}
-          - containerPort: {{ .Values.service.externalPort2 }}
+          args:
+            - ls /tmp/policy-install;
+              /opt/app/policy/bin/pdpd-cl-entrypoint.sh boot
+          ports: {{ include "common.containerPorts" . | nindent 12  }}
           {{- if eq .Values.liveness.enabled true }}
           livenessProbe:
             httpGet:
           {{- if eq .Values.liveness.enabled true }}
           livenessProbe:
             httpGet:
@@ -92,7 +111,7 @@ spec:
           {{- end }}
           readinessProbe:
             tcpSocket:
           {{- end }}
           readinessProbe:
             tcpSocket:
-              port: {{ .Values.service.externalPort }}
+              port: {{ .Values.service.internalPort }}
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
           env:
             initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
             periodSeconds: {{ .Values.readiness.periodSeconds }}
           env:
@@ -103,36 +122,58 @@ spec:
           - name: SQL_PASSWORD
             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
           volumeMounts:
           - name: SQL_PASSWORD
             {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
           volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
-          {{- range $path, $bytes := .Files.Glob "resources/secrets/*" }}
-          - mountPath: /tmp/policy-install/config/{{ base $path }}
-            name: drools-secret
-            subPath: {{ base $path }}
-          {{- end }}
-          {{- range $path, $bytes := .Files.Glob "resources/configmaps/*" }}
-          - mountPath: /tmp/policy-install/config/{{ base $path }}
+          - name: logs
+            mountPath: /var/log/onap
+          - name: empty-dir
+            mountPath: /tmp
+            subPath: tmp-dir
+          - mountPath: /opt/app/policy/etc/profile.d/base.conf
+            subPath: base.conf
+            name: drools-config-processed
+          - mountPath: /opt/app/policy/etc/profile.d/credentials.conf
+            subPath: credentials.conf
+            name: drools-config-processed
+          - mountPath: /opt/app/policy/etc/profile.d/feature-pooling-messages.conf
+            subPath: feature-pooling-messages.conf
+            name: drools-config-processed
+          - mountPath: /opt/app/policy/config/feature-lifecycle.properties
+            subPath: feature-lifecycle.properties
+            name: drools-config-processed
+          - mountPath: /opt/app/policy/config/engine-system.properties
+            subPath: engine-system.properties
+            name: drools-config-processed
+          - mountPath: /opt/app/policy/config/feature-distributed-locking.properties
+            subPath: feature-distributed-locking.properties
+            name: drools-config-processed
+          - mountPath: /opt/app/policy/config/logback.xml
+            subPath: logback.xml
             name: drools-config
             name: drools-config
-            subPath: {{ base $path }}
-          {{- end }}
-          resources:
-{{ include "common.resources" . }}
+          - mountPath: /opt/app/policy/config/settings.xml
+            subPath: settings.xml
+            name: drools-config-processed
+          resources: {{ include "common.resources" . | nindent 12 }}
         {{- if .Values.nodeSelector }}
         {{- if .Values.nodeSelector }}
-        nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
+      nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
         {{- end -}}
         {{- if .Values.affinity }}
         {{- end -}}
         {{- if .Values.affinity }}
-        affinity:
-{{ toYaml .Values.affinity | indent 10 }}
+      affinity:
+{{ toYaml .Values.affinity | indent 8 }}
         {{- end }}
       serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes:
         {{- end }}
       serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes:
-{{ include "common.certInitializer.volumes" . | indent 8 }}
         - name: localtime
           hostPath:
             path: /etc/localtime
         - name: localtime
           hostPath:
             path: /etc/localtime
+        - name: empty-dir
+          emptyDir:
+            sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }}
+        - name: logs
+          emptyDir:
+            sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }}
         - name: drools-config
           configMap:
             name: {{ include "common.fullname" . }}-configmap
         - name: drools-config
           configMap:
             name: {{ include "common.fullname" . }}-configmap
@@ -142,6 +183,10 @@ spec:
               path: {{ base $path }}
               mode: 0755
             {{- end }}
               path: {{ base $path }}
               mode: 0755
             {{- end }}
+        - name: drools-config-processed
+          emptyDir:
+            medium: Memory
+            sizeLimit: 64Mi
         - name: drools-secret
           secret:
             secretName: {{ include "common.fullname" . }}-secret
         - name: drools-secret
           secret:
             secretName: {{ include "common.fullname" . }}-secret
@@ -151,5 +196,4 @@ spec:
               path: {{ base $path }}
               mode: 0644
             {{- end }}
               path: {{ base $path }}
               mode: 0644
             {{- end }}
-      imagePullSecrets:
-      - name: "{{ include "common.namespace" . }}-docker-registry-key"
+      {{- include "common.imagePullSecrets" . | nindent 6 }}
Introduces the ONAP Platform OOM (ONAP Operations Manager) to efficiently Deploy, Manage, Operate the ONAP platform and its components (e.g. MSO, DCAE, SDC, etc.) and infrastructure (VMs, Containers).