--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# Modifications Copyright © 2021 Orange
+# Modifications Copyright © 2021, 2024 Nordix Foundation
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+apiVersion: v2
+description: ONAP Policy GUI
+name: policy-gui
+version: 14.0.0
+
+dependencies:
+ - name: repositoryGenerator
+ version: ~13.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~13.x-0
+ repository: '@local'
--- /dev/null
+server:
+ port: 2443
+ ssl:
+ enabled: false
+
+clamp:
+ url:
+ disable-ssl-validation: true
+ disable-ssl-hostname-check: true
+
+apex-editor:
+ upload-url:
+ upload-userid:
+
+management:
+ endpoints:
+ web:
+ exposure:
+ include: health, metrics, prometheus
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+filebeat.prospectors:
+#it is mandatory, in our case it's log
+- input_type: log
+ #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
+ paths:
+ - /var/log/onap/*/*/*/*.log
+ - /var/log/onap/*/*/*.log
+ - /var/log/onap/*/*.log
+ #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
+ ignore_older: 48h
+ # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
+ clean_inactive: 96h
+
+# Name of the registry file. If a relative path is used, it is considered relative to the
+# data path. Else full qualified file name.
+#filebeat.registry_file: ${path.data}/registry
+
+
+output.logstash:
+ #List of logstash server ip addresses with port number.
+ #But, in our case, this will be the loadbalancer IP address.
+ #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
+ hosts: ["{{.Values.config.log.logstashServiceName}}:{{.Values.config.log.logstashPort}}"]
+ #If enable will do load balancing among availabe Logstash, automatically.
+ loadbalance: true
+
+ #The list of root certificates for server verifications.
+ #If certificate_authorities is empty or not set, the trusted
+ #certificate authorities of the host system are used.
+ #ssl.certificate_authorities: $ssl.certificate_authorities
+
+ #The path to the certificate for SSL client authentication. If the certificate is not specified,
+ #client authentication is not available.
+ #ssl.certificate: $ssl.certificate
+
+ #The client certificate key used for client authentication.
+ #ssl.key: $ssl.key
+
+ #The passphrase used to decrypt an encrypted key stored in the configured key file
+ #ssl.key_passphrase: $ssl.key_passphrase
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ policy-gui
+ ================================================================================
+ Copyright (C) 2021-2022 Nordix Foundation.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+ -->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>TRACE</level>
+ </filter>
+ <encoder>
+ <pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n
+ </pattern>
+ </encoder>
+ </appender>
+
+ <appender name="ERROR" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${POLICY_LOGS}/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>${POLICY_LOGS}/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>TRACE</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncError" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ERROR" />
+ </appender>
+
+ <appender name="DEBUG" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${POLICY_LOGS}/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>${POLICY_LOGS}/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncDebug" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DEBUG" />
+ </appender>
+
+ <appender name="NETWORK" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${POLICY_LOGS}/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>${POLICY_LOGS}/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncNetwork" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NETWORK" />
+ </appender>
+
+ <logger name="network" level="TRACE" additivity="false">
+ <appender-ref ref="asyncNetwork" />
+ </logger>
+
+ <logger name="org.apache" level="TRACE" additivity="false">
+ <appender-ref ref="DEBUG" />
+ </logger>
+
+ <!-- Spring related loggers -->
+ <logger name="org.springframework" level="TRACE" additivity="false">
+ <appender-ref ref="DEBUG" />
+ </logger>
+
+ <!-- GUI related loggers -->
+ <logger name="org.onap.policy.gui" level="TRACE" additivity="false">
+ <appender-ref ref="ERROR" />
+ <appender-ref ref="DEBUG" />
+ </logger>
+
+ <!-- logback internals logging -->
+ <logger name="ch.qos.logback.classic" level="INFO" />
+ <logger name="ch.qos.logback.core" level="INFO" />
+
+ <root level="TRACE">
+ <appender-ref ref="asyncDebug" />
+ <appender-ref ref="asyncError" />
+ <appender-ref ref="asyncNetwork" />
+ <appender-ref ref="STDOUT" />
+ </root>
+</configuration>
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.hosts }}
+ http://{{ . }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+ export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
+ export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
+ echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+ NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+ You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
+ export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+ echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+ export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+ echo "Visit https://127.0.0.1:8443 to use your application"
+ kubectl port-forward $POD_NAME 8443:{{ .Values.service.internalPort }}
+{{- end }}
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*.{xml,yaml,yml}").AsConfig . | indent 2 }}
+
+{{ include "common.log.configMap" . }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021-2022 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: POLICY_LOGS
+ value: {{ .Values.log.path }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: policy-gui-config
+ - mountPath: /config
+ name: policy-gui-config-processed
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+ - command:
+ - /app/ready.py
+ args:
+ - --service-name
+ - policy-clamp-runtime-acm
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
+ containers:
+ # side car containers
+ {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }}
+ # main container
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["/opt/app/policy/gui/bin/policy-gui.sh"]
+ env:
+ - name: CLAMP_URL
+ value: http://policy-clamp-runtime-acm:6969
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+ - name: logs
+ mountPath: {{ .Values.log.path }}
+ - mountPath: /opt/app/policy/gui/etc/application.yml
+ name: policy-gui-config-processed
+ subPath: application.yml
+ - mountPath: /opt/app/policy/gui/etc/logback.xml
+ name: policy-gui-config-processed
+ subPath: logback.xml
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: logs
+ emptyDir: {}
+ {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }}
+ - name: policy-gui-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ defaultMode: 0755
+ - name: policy-gui-config-processed
+ emptyDir:
+ medium: Memory
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.ingress" . }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.service" . }}
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021-2022 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global: # global defaults
+ nodePortPrefix: 304
+ centralizedLoggingEnabled: true
+
+subChartsOnly:
+ enabled: true
+
+flavor: small
+
+# application image
+image: onap/policy-gui:3.1.3
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# log configuration
+log:
+ path: /var/log/onap/policy/gui
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+config:
+ log:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+ dataRootDir: /dockerdata-nfs
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 120
+ periodSeconds: 10
+ timeoutSeconds: 3
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ timeoutSeconds: 3
+
+service:
+ type: NodePort
+ name: policy-gui
+ internalPort: 2443
+ ports:
+ - name: http
+ port: 2443
+ nodePort: 43
+
+ # see https://wiki.onap.org/display/DW/OOM+NodePort+List
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "policy-ui"
+ name: "policy-gui"
+ port: 2443
+ config:
+ ssl: "redirect"
+
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: istio-ingress
+ namespace: istio-ingress
+
+ #resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ #
+ # Example:
+ # Configure resource requests and limits
+ # ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ # Minimum memory for development is 2 CPU cores and 4GB memory
+ # Minimum memory for production is 4 CPU cores and 8GB memory
+resources:
+ small:
+ limits:
+ cpu: "1"
+ memory: "700Mi"
+ requests:
+ cpu: "0.5"
+ memory: "700Mi"
+ large:
+ limits:
+ cpu: "2"
+ memory: "1.4Gi"
+ requests:
+ cpu: "1"
+ memory: "1.4Gi"
+ unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-gui
+ roles:
+ - read
# Modifications Copyright © 2018, 2020 AT&T
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021-2024 Nordix Foundation
+# Modifications Copyright © 2024 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP Policy
name: policy
-version: 14.0.1
+version: 14.0.4
dependencies:
- name: common
# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021, 2024 Nordix Foundation
-# Modification (C) 2023 Deutsche Telekom. All rights reserved.
+# Modification (C) 2023-2024 Deutsche Telekom. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP Policy APEX PDP
name: policy-apex-pdp
-version: 14.0.0
+version: 14.0.1
dependencies:
- name: common
# limitations under the License.
*/}}
-{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
+{{ include "common.authorizationPolicy" . }}
# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright (C) 2020 AT&T Intellectual Property.
# Modifications Copyright © 2022 Nordix Foundation
-# Modification (C) 2023 Deutsche Telekom. All rights reserved.
+# Modification (C) 2023-2024 Deutsche Telekom. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- command: ["/bin/sh", "-cx"]
args:
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
containers:
- name: {{ include "common.name" . }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: [ "/bin/sh", "-cx" ]
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: policy-logs
- emptyDir: {}
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }}
- name: apexconfig-input
configMap:
name: {{ include "common.fullname" . }}-configmap
- name: apexconfig
emptyDir:
medium: Memory
+ sizeLimit: 64Mi
{{- include "common.imagePullSecrets" . | nindent 6 }}
# limitations under the License.
*/}}
{{ include "common.kafkauser" . }}
-
# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright (C) 2019-2021 AT&T Intellectual Property.
# Modifications Copyright © 2022 Nordix Foundation
-# Modification (C) 2023 Deutsche Telekom. All rights reserved.
+# Modification (C) 2023-2024 Deutsche Telekom. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
memory: "2Gi"
unlimited: {}
+securityContext:
+ user_id: 100
+ group_id: 102
+
#Pods Service Account
serviceAccount:
nameOverride: policy-apex-pdp
roles:
- read
+dirSizes:
+ logDir:
+ sizeLimit: 500Mi
+
metrics:
serviceMonitor:
# Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021, 2024 Nordix Foundation
-# Modification (C) 2023 Deutsche Telekom. All rights reserved.
+# Modification (C) 2023-2024 Deutsche Telekom. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP Policy Design API
name: policy-api
-version: 14.0.0
+version: 14.0.1
dependencies:
- name: common
# limitations under the License.
*/}}
-{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
+{{ include "common.authorizationPolicy" . }}
{{- end }}
{{- end }}
data:
-{{ tpl (.Files.Glob "resources/config/*.{yaml,xml}").AsConfig . | indent 2 }}
\ No newline at end of file
+{{ tpl (.Files.Glob "resources/config/*.{yaml,xml}").AsConfig . | indent 2 }}
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- command:
- /app/ready.py
fieldPath: metadata.namespace
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
name: {{ include "common.name" . }}-readiness
resources:
limits:
name: apiconfig-processed
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
name: {{ include "common.name" . }}-update-config
containers:
- name: {{ include "common.name" . }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/opt/app/policy/api/bin/policy-api.sh"]
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeout }}
volumeMounts:
+ - name: logs
+ mountPath: /var/log/onap
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ - mountPath: /opt/app/policy/api/etc/logback.xml
+ subPath: logback.xml
+ name: apiconfig-processed
- mountPath: /opt/app/policy/api/etc/mounted
name: apiconfig-processed
resources: {{ include "common.resources" . | nindent 12 }}
- name: apiconfig-processed
emptyDir:
medium: Memory
+ sizeLimit: 64Mi
+ - name: empty-dir
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }}
+ - name: logs
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }}
{{- include "common.imagePullSecrets" . | nindent 6 }}
# ============LICENSE_START=======================================================
# Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright (C) 2022 Bell Canada. All rights reserved.
-# Modification (C) 2023 Deutsche Telekom. All rights reserved.
+# Modification (C) 2023-2024 Deutsche Telekom. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# probe configuration parameters
liveness:
- initialDelaySeconds: 60
+ initialDelaySeconds: 120
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
api: /policy/api/v1/healthcheck
successThreshold: 1
failureThreshold: 3
- timeout: 60
+ timeout: 120
service:
type: ClusterIP
memory: "2Gi"
unlimited: {}
+securityContext:
+ user_id: 100
+ group_id: 102
+
+dirSizes:
+ emptyDir:
+ sizeLimit: 1Gi
+ logDir:
+ sizeLimit: 500Mi
+
#Pods Service Account
serviceAccount:
nameOverride: policy-api
# ============LICENSE_START=======================================================
# Copyright (C) 2022-2024 Nordix Foundation. All rights reserved.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP Policy Clamp A1PMS Participant
name: policy-clamp-ac-a1pms-ppnt
-version: 14.0.0
+version: 14.0.1
dependencies:
- name: common
context-path: /onap/policy/clamp/acm/a1pmsparticipant
ssl:
enabled: false
-
-
# limitations under the License.
*/}}
-{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
+{{ include "common.authorizationPolicy" . }}
{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2022-2023 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- command:
- sh
name: ac-a1pms-ppnt-config-processed
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
name: {{ include "common.name" . }}-update-config
containers:
- name: {{ include "common.name" . }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/opt/app/policy/clamp/bin/a1pms-participant.sh"]
volumeMounts:
- mountPath: /opt/app/policy/clamp/etc/mounted
name: ac-a1pms-ppnt-config-processed
+ - name: logs
+ mountPath: /var/log/onap
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ - mountPath: /opt/app/policy/clamp/etc/logback.xml
+ subPath: logback.xml
+ name: ac-a1pms-ppnt-config-processed
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
- name: ac-a1pms-ppnt-config-processed
emptyDir:
medium: Memory
+ sizeLimit: 64Mi
+ - name: empty-dir
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }}
+ - name: logs
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }}
{{- include "common.imagePullSecrets" . | nindent 6 }}
-{{/*\r
-# ============LICENSE_START=======================================================\r
-# Copyright (C) 2022 Nordix Foundation. All rights reserved.\r
-# ================================================================================\r
-# Licensed under the Apache License, Version 2.0 (the "License");\r
-# you may not use this file except in compliance with the License.\r
-# You may obtain a copy of the License at\r
-#\r
-# http://www.apache.org/licenses/LICENSE-2.0\r
-#\r
-# Unless required by applicable law or agreed to in writing, software\r
-# distributed under the License is distributed on an "AS IS" BASIS,\r
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-# See the License for the specific language governing permissions and\r
-# limitations under the License.\r
-#\r
-# SPDX-License-Identifier: Apache-2.0\r
-# ============LICENSE_END=========================================================\r
-*/}}\r
-\r
-{{ include "common.service" . }}\r
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2022 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.service" . }}
# ============LICENSE_START=======================================================
# Copyright (C) 2022-2023 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
cpu: "1"
memory: "2Gi"
unlimited: {}
+
+securityContext:
+ user_id: 100
+ group_id: 102
+
+dirSizes:
+ emptyDir:
+ sizeLimit: 1Gi
+ logDir:
+ sizeLimit: 500Mi
+
#Pods Service Account
serviceAccount:
nameOverride: *componentName
# ============LICENSE_START=======================================================
# Copyright (C) 2021-2022, 2024 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP Policy Clamp Controlloop Http Participant
name: policy-clamp-ac-http-ppnt
-version: 14.0.0
+version: 14.0.1
dependencies:
- name: common
- name: serviceAccount
version: ~13.x-0
repository: '@local'
-
context-path: /onap/httpparticipant
ssl:
enabled: false
-
# limitations under the License.
*/}}
-{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
+{{ include "common.authorizationPolicy" . }}
{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2021-2023 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- command:
- sh
name: ac-http-ppnt-config-processed
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
name: {{ include "common.name" . }}-update-config
containers:
- name: {{ include "common.name" . }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/opt/app/policy/clamp/bin/http-participant.sh"]
volumeMounts:
- mountPath: /opt/app/policy/clamp/etc/mounted
name: ac-http-ppnt-config-processed
+ - name: logs
+ mountPath: /var/log/onap
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ - mountPath: /opt/app/policy/clamp/etc/logback.xml
+ subPath: logback.xml
+ name: ac-http-ppnt-config-processed
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
- name: ac-http-ppnt-config-processed
emptyDir:
medium: Memory
+ sizeLimit: 64Mi
+ - name: empty-dir
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }}
+ - name: logs
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }}
{{- include "common.imagePullSecrets" . | nindent 6 }}
-{{/*\r
-# ============LICENSE_START=======================================================\r
-# Copyright (C) 2021 Nordix Foundation. All rights reserved.\r
-# ================================================================================\r
-# Licensed under the Apache License, Version 2.0 (the "License");\r
-# you may not use this file except in compliance with the License.\r
-# You may obtain a copy of the License at\r
-#\r
-# http://www.apache.org/licenses/LICENSE-2.0\r
-#\r
-# Unless required by applicable law or agreed to in writing, software\r
-# distributed under the License is distributed on an "AS IS" BASIS,\r
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-# See the License for the specific language governing permissions and\r
-# limitations under the License.\r
-#\r
-# SPDX-License-Identifier: Apache-2.0\r
-# ============LICENSE_END=========================================================\r
-*/}}\r
-\r
-{{ include "common.service" . }}\r
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.service" . }}
# ============LICENSE_START=======================================================
# Copyright (C) 2021-2023 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
cpu: "1"
memory: "2Gi"
unlimited: {}
+
+securityContext:
+ user_id: 100
+ group_id: 102
+
+dirSizes:
+ emptyDir:
+ sizeLimit: 1Gi
+ logDir:
+ sizeLimit: 500Mi
+
#Pods Service Account
serviceAccount:
nameOverride: *componentName
# Copyright (C) 2021 Nordix Foundation. All rights reserved.
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021-2022, 2024 Nordix Foundation
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP Policy Clamp Controlloop K8s Participant
name: policy-clamp-ac-k8s-ppnt
-version: 14.0.0
+version: 14.0.1
dependencies:
- name: common
# limitations under the License.
*/}}
-{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
+{{ include "common.authorizationPolicy" . }}
{{ tpl (.Files.Glob "resources/config/KubernetesParticipantParameters.yaml").AsConfig . | indent 2 }}
{{ toYaml .Values.repoList | indent 4 }}
{{- end }}
-{{ tpl (.Files.Glob "resources/config/*.{json,xml,sh}").AsConfig . | indent 2 }}
\ No newline at end of file
+{{ tpl (.Files.Glob "resources/config/*.{json,xml,sh}").AsConfig . | indent 2 }}
{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2021-2023 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- command:
- sh
name: ac-k8s-ppnt-config-processed
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
name: {{ include "common.name" . }}-update-config
containers:
- name: {{ include "common.name" . }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/opt/app/policy/clamp/bin/kubernetes-participant.sh"]
volumeMounts:
- mountPath: /opt/app/policy/clamp/etc/mounted
name: ac-k8s-ppnt-config-processed
+ - name: logs
+ mountPath: /var/log/onap
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ - mountPath: /opt/app/policy/clamp/etc/logback.xml
+ subPath: logback.xml
+ name: ac-k8s-ppnt-config-processed
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
- name: ac-k8s-ppnt-config-processed
emptyDir:
medium: Memory
+ sizeLimit: 64Mi
+ - name: empty-dir
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }}
+ - name: logs
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }}
{{- include "common.imagePullSecrets" . | nindent 6 }}
- kind: ServiceAccount
name: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}}
namespace: {{ include "common.namespace" . }}
-
# ============LICENSE_START=======================================================
# Copyright (C) 2021-2023 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
memory: "2Gi"
unlimited: {}
+securityContext:
+ user_id: 100
+ group_id: 102
+
+dirSizes:
+ emptyDir:
+ sizeLimit: 1Gi
+ logDir:
+ sizeLimit: 500Mi
+
#Pods Service Account
serviceAccount:
nameOverride: *componentName
- name: *acRuntimeTopic
type: topic
operations: [Read, Write]
-
# ============LICENSE_START=======================================================
# Copyright (C) 2023-2024 Nordix Foundation. All rights reserved.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP Policy Clamp Kserve Participant
name: policy-clamp-ac-kserve-ppnt
-version: 14.0.0
+version: 14.0.1
dependencies:
- name: common
context-path: /onap/policy/clamp/acm/kserveparticipant
ssl:
enabled: false
-
-
# limitations under the License.
*/}}
-{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
+{{ include "common.authorizationPolicy" . }}
{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2023 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- command:
- sh
name: ac-kserve-ppnt-config-processed
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
name: {{ include "common.name" . }}-update-config
containers:
- name: {{ include "common.name" . }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/opt/app/policy/clamp/bin/kserve-participant.sh"]
volumeMounts:
- mountPath: /opt/app/policy/clamp/etc/mounted
name: ac-kserve-ppnt-config-processed
+ - name: logs
+ mountPath: /var/log/onap
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ - mountPath: /opt/app/policy/clamp/etc/logback.xml
+ subPath: logback.xml
+ name: ac-kserve-ppnt-config-processed
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
- name: ac-kserve-ppnt-config-processed
emptyDir:
medium: Memory
+ sizeLimit: 64Mi
+ - name: empty-dir
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }}
+ - name: logs
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }}
{{- include "common.imagePullSecrets" . | nindent 6 }}
-{{/*\r
-# Copyright © 2023 Nordix Foundation\r
-#\r
-# Licensed under the Apache License, Version 2.0 (the "License");\r
-# you may not use this file except in compliance with the License.\r
-# You may obtain a copy of the License at\r
-#\r
-# http://www.apache.org/licenses/LICENSE-2.0\r
-#\r
-# Unless required by applicable law or agreed to in writing, software\r
-# distributed under the License is distributed on an "AS IS" BASIS,\r
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-# See the License for the specific language governing permissions and\r
-# limitations under the License.\r
-*/}}\r
-{{ include "common.kafkauser" . }}\r
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }}
-{{/*\r
-# ============LICENSE_START=======================================================\r
-# Copyright (C) 2023 Nordix Foundation. All rights reserved.\r
-# ================================================================================\r
-# Licensed under the Apache License, Version 2.0 (the "License");\r
-# you may not use this file except in compliance with the License.\r
-# You may obtain a copy of the License at\r
-#\r
-# http://www.apache.org/licenses/LICENSE-2.0\r
-#\r
-# Unless required by applicable law or agreed to in writing, software\r
-# distributed under the License is distributed on an "AS IS" BASIS,\r
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-# See the License for the specific language governing permissions and\r
-# limitations under the License.\r
-#\r
-# SPDX-License-Identifier: Apache-2.0\r
-# ============LICENSE_END=========================================================\r
-*/}}\r
-\r
-apiVersion: rbac.authorization.k8s.io/v1\r
-kind: ClusterRoleBinding\r
-metadata:\r
- name: {{ include "common.namespace" . }}-policy-clamp-ac-kserve-ppnt-binding\r
- namespace: {{ include "common.namespace" . }}\r
- labels:\r
- app: {{ include "common.name" . }}\r
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}\r
- release: {{ include "common.release" . }}\r
- heritage: {{ .Release.Service }}\r
-roleRef:\r
- apiGroup: rbac.authorization.k8s.io\r
- kind: ClusterRole\r
- name: cluster-admin\r
-subjects:\r
- - kind: ServiceAccount\r
- name: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}}\r
- namespace: {{ include "common.namespace" . }}\r
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ include "common.namespace" . }}-policy-clamp-ac-kserve-ppnt-binding
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cluster-admin
+subjects:
+ - kind: ServiceAccount
+ name: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}}
+ namespace: {{ include "common.namespace" . }}
# ============LICENSE_START=======================================================
# Copyright (C) 2023 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
cpu: "1"
memory: "1.4Gi"
unlimited: {}
+
+securityContext:
+ user_id: 100
+ group_id: 102
+
+dirSizes:
+ emptyDir:
+ sizeLimit: 1Gi
+ logDir:
+ sizeLimit: 500Mi
+
#Pods Service Account
serviceAccount:
nameOverride: *componentName
# ============LICENSE_START=======================================================
# Copyright (C) 2021-2022, 2024 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP Policy Clamp Controlloop Policy Participant
name: policy-clamp-ac-pf-ppnt
-version: 14.0.0
+version: 14.0.1
dependencies:
- name: common
context-path: /onap/policyparticipant
ssl:
enabled: false
-
# limitations under the License.
*/}}
-{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
+{{ include "common.authorizationPolicy" . }}
{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2021-2023 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- command:
- sh
name: ac-pf-ppnt-config-processed
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
name: {{ include "common.name" . }}-update-config
containers:
- name: {{ include "common.name" . }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/opt/app/policy/clamp/bin/policy-participant.sh"]
volumeMounts:
- mountPath: /opt/app/policy/clamp/etc/mounted
name: ac-pf-ppnt-config-processed
+ - name: logs
+ mountPath: /var/log/onap
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ - mountPath: /opt/app/policy/clamp/etc/logback.xml
+ subPath: logback.xml
+ name: ac-pf-ppnt-config-processed
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
- name: ac-pf-ppnt-config-processed
emptyDir:
medium: Memory
+ sizeLimit: 64Mi
+ - name: empty-dir
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }}
+ - name: logs
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }}
{{- include "common.imagePullSecrets" . | nindent 6 }}
-{{/*\r
-# ============LICENSE_START=======================================================\r
-# Copyright (C) 2021 Nordix Foundation. All rights reserved.\r
-# ================================================================================\r
-# Licensed under the Apache License, Version 2.0 (the "License");\r
-# you may not use this file except in compliance with the License.\r
-# You may obtain a copy of the License at\r
-#\r
-# http://www.apache.org/licenses/LICENSE-2.0\r
-#\r
-# Unless required by applicable law or agreed to in writing, software\r
-# distributed under the License is distributed on an "AS IS" BASIS,\r
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-# See the License for the specific language governing permissions and\r
-# limitations under the License.\r
-#\r
-# SPDX-License-Identifier: Apache-2.0\r
-# ============LICENSE_END=========================================================\r
-*/}}\r
-\r
-{{ include "common.service" . }}\r
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.service" . }}
# ============LICENSE_START=======================================================
# Copyright (C) 2021-2023 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
cpu: "1"
memory: "2Gi"
unlimited: {}
+
+securityContext:
+ user_id: 100
+ group_id: 102
+
+dirSizes:
+ emptyDir:
+ sizeLimit: 1Gi
+ logDir:
+ sizeLimit: 500Mi
+
#Pods Service Account
serviceAccount:
nameOverride: *componentName
# Copyright (C) 2021, 2024 Nordix Foundation. All rights reserved.
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021-2022 Nordix Foundation
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP Policy Clamp Controlloop Runtime
name: policy-clamp-runtime-acm
-version: 14.0.0
+version: 14.0.1
dependencies:
- name: common
- name: serviceAccount
version: ~13.x-0
repository: '@local'
-
# limitations under the License.
*/}}
-{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
+{{ include "common.authorizationPolicy" . }}
{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2021-2023 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- command:
- /app/ready.py
fieldPath: metadata.namespace
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
name: {{ include "common.name" . }}-galera-config-readiness
resources:
limits:
name: ac-runtime-config-processed
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
name: {{ include "common.name" . }}-update-config
containers:
- name: {{ include "common.name" . }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/opt/app/policy/clamp/bin/acm-runtime.sh"]
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
+ - name: logs
+ mountPath: /var/log/onap
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ - mountPath: /opt/app/policy/clamp/etc/logback.xml
+ subPath: logback.xml
+ name: ac-runtime-config-processed
- mountPath: /opt/app/policy/clamp/etc/mounted
name: ac-runtime-config-processed
resources: {{ include "common.resources" . | nindent 12 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
+ - name: empty-dir
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }}
+ - name: logs
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }}
- name: ac-runtime-config
configMap:
name: {{ include "common.fullname" . }}-configmap
- name: ac-runtime-config-processed
emptyDir:
medium: Memory
+ sizeLimit: 64Mi
{{- include "common.imagePullSecrets" . | nindent 6 }}
# ============LICENSE_START=======================================================
# Copyright (C) 2021-2024 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# probe configuration parameters
liveness:
- initialDelaySeconds: 60
+ initialDelaySeconds: 120
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
memory: "2Gi"
unlimited: {}
+securityContext:
+ user_id: 100
+ group_id: 102
+
+dirSizes:
+ emptyDir:
+ sizeLimit: 1Gi
+ logDir:
+ sizeLimit: 500Mi
+
#Pods Service Account
serviceAccount:
nameOverride: *componentName
customNaming:
toscaElementName: org.onap.policy.clamp.acm.AutomationCompositionElement
- toscaCompositionName: org.onap.policy.clamp.acm.AutomationComposition
\ No newline at end of file
+ toscaCompositionName: org.onap.policy.clamp.acm.AutomationComposition
# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021, 2024 Nordix Foundation
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP Policy Distribution
name: policy-distribution
-version: 14.0.0
+version: 14.0.1
dependencies:
- name: common
# limitations under the License.
*/}}
-{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
+{{ include "common.authorizationPolicy" . }}
{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2020 AT&T Intellectual Property.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- command:
- sh
name: distributionconfig
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
name: {{ include "common.name" . }}-update-config
containers:
- name: {{ include "common.name" . }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
+ - name: logs
+ mountPath: /var/log/onap
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ - mountPath: /opt/app/policy/distribution/etc/logback.xml
+ subPath: logback.xml
+ name: distributionconfig
- mountPath: /opt/app/policy/distribution/etc/mounted
name: distributionconfig
resources: {{ include "common.resources" . | nindent 12 }}
- name: distributionconfig
emptyDir:
medium: Memory
+ sizeLimit: 64Mi
+ - name: empty-dir
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }}
+ - name: logs
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }}
{{- include "common.imagePullSecrets" . | nindent 6 }}
# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright (C) 2019-2021 AT&T Intellectual Property.
# Modifications Copyright (C) 2023 Nordix Foundation
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
memory: "1Gi"
unlimited: {}
+securityContext:
+ user_id: 100
+ group_id: 102
+
+dirSizes:
+ emptyDir:
+ sizeLimit: 1Gi
+ logDir:
+ sizeLimit: 500Mi
+
#Pods Service Account
serviceAccount:
nameOverride: policy-distribution
# Modifications Copyright © 2018, 2020 AT&T Intellectual Property
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021, 2024 Nordix Foundation
+# Modifications Copyright © 2024 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP Drools Policy Engine (PDP-D)
name: policy-drools-pdp
-version: 14.0.0
+version: 14.0.1
dependencies:
- name: common
# limitations under the License.
*/}}
-{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
+{{ include "common.authorizationPolicy" . }}
*/}}
{{ include "common.service" . }}
-
{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018-2020, 2022 AT&T Intellectual Property
+# Modifications Copyright © 2024 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- command:
- /app/ready.py
fieldPath: metadata.namespace
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
name: {{ include "common.name" . }}-db-readiness
resources:
limits:
value: {{ .Values.config.app.listener.policyPdpPapTopic }}
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
name: {{ include "common.name" . }}-readiness
resources:
limits:
{{- end }}
containers:
- name: {{ include "common.name" . }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["sh","-c"]
- name: SQL_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
volumeMounts:
+ - name: logs
+ mountPath: /var/log/onap
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ - mountPath: /opt/app/policy/etc/profile.d/base.conf
+ subPath: base.conf
+ name: drools-config
{{- range $path, $bytes := .Files.Glob "resources/secrets/*" }}
- mountPath: /tmp/policy-install/config/{{ base $path }}
name: drools-secret
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
+ - name: empty-dir
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }}
+ - name: logs
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }}
- name: drools-config
configMap:
name: {{ include "common.fullname" . }}-configmap
# Copyright © 2017 Amdocs
# Copyright © 2017, 2021 Bell Canada
# Modifications Copyright © 2018-2022 AT&T Intellectual Property
+# Modifications Copyright © 2024 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
memory: "1.6Gi"
unlimited: {}
+securityContext:
+ user_id: 100
+ group_id: 102
+
+dirSizes:
+ emptyDir:
+ sizeLimit: 1Gi
+ logDir:
+ sizeLimit: 500Mi
+
#Pods Service Account
serviceAccount:
nameOverride: policy-drools-pdp
# Modifications Copyright © 2018-2020 AT&T
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021, 2024 Nordix Foundation
+# Modifications Copyright © 2024 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP Policy Nexus
name: policy-nexus
-version: 14.0.0
+version: 14.0.1
dependencies:
- name: common
# limitations under the License.
*/}}
-{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
+{{ include "common.authorizationPolicy" . }}
{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018-2020 AT&T Intellectual Property
+# Modifications Copyright © 2024 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- command: ["sh", "-c", "chown -R 200:200 /share"]
image: {{ include "repositoryGenerator.image.busybox" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
name: {{ include "common.name" . }}-init
volumeMounts:
- mountPath: /share
name: nexus-data
containers:
- name: {{ include "common.name" . }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports: {{ include "common.containerPorts" . | nindent 12 }}
# limitations under the License.
*/}}
-{{ include "common.service" . }}
\ No newline at end of file
+{{ include "common.service" . }}
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018-2020 AT&T Intellectual Property
+# Modifications Copyright © 2024 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
memory: "1Gi"
unlimited: {}
+securityContext:
+ user_id: 100
+ group_id: 102
+
#Pods Service Account
serviceAccount:
nameOverride: policy-nexus
# Modified Copyright (C) 2020 AT&T Intellectual Property.
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021, 2024 Nordix Foundation
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP Policy Administration (PAP)
name: policy-pap
-version: 14.0.0
+version: 14.0.1
dependencies:
- name: common
# limitations under the License.
*/}}
-{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
+{{ include "common.authorizationPolicy" . }}
# ============LICENSE_START=======================================================
# Copyright (C) 2020 AT&T Intellectual Property.
# Modifications Copyright (C) 2022 Bell Canada. All rights reserved.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- command:
- /app/ready.py
fieldPath: metadata.namespace
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
name: {{ include "common.name" . }}-db-readiness
resources:
limits:
name: papconfig-processed
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
name: {{ include "common.name" . }}-update-config
containers:
- name: {{ include "common.name" . }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeout }}
volumeMounts:
- - mountPath: /opt/app/policy/pap/etc/mounted
+ - name: logs
+ mountPath: /var/log/onap
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ - mountPath: /opt/app/policy/pap/etc/logback.xml
+ subPath: logback.xml
name: papconfig-processed
+ - name: papconfig-processed
+ mountPath: /opt/app/policy/pap/etc/mounted
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
+ - name: empty-dir
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }}
+ - name: logs
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }}
- name: papconfig
configMap:
name: {{ include "common.fullname" . }}-configmap
- name: papconfig-processed
emptyDir:
medium: Memory
+ sizeLimit: 64Mi
{{- include "common.imagePullSecrets" . | nindent 6 }}
# Modifications Copyright (C) 2019-2021 AT&T Intellectual Property.
# Modifications Copyright (C) 2020-2022 Bell Canada. All rights reserved.
# Modifications Copyright © 2022 Nordix Foundation
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
memory: "2Gi"
unlimited: {}
+securityContext:
+ user_id: 100
+ group_id: 102
+
+dirSizes:
+ emptyDir:
+ sizeLimit: 1Gi
+ logDir:
+ sizeLimit: 500Mi
+
#Pods Service Account
serviceAccount:
nameOverride: policy-pap
type: topic
patternType: prefix
operations: [Create, Describe, Read, Write]
-
# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021, 2024 Nordix Foundation
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP Policy XACML PDP (PDP-X)
name: policy-xacml-pdp
-version: 14.0.0
+version: 14.0.2
dependencies:
- name: common
# limitations under the License.
*/}}
-{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
+{{ include "common.authorizationPolicy" . }}
{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2020 AT&T Intellectual Property.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- command:
- /app/ready.py
fieldPath: metadata.namespace
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
name: {{ include "common.name" . }}-readiness
resources:
limits:
name: pdpxconfig-processed
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
name: {{ include "common.name" . }}-update-config
containers:
- name: {{ include "common.name" . }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"]
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
+ - name: policy-guard
+ mountPath: /opt/app/policy/pdpx/apps/guard
+ - name: pdpxconfig-processed
+ mountPath: /opt/app/policy/pdpx/apps/guard/xacml.properties
+ subPath: xacml.properties
+ - name: policy-match
+ mountPath: /opt/app/policy/pdpx/apps/match
+ - name: pdpxconfig-processed
+ mountPath: /opt/app/policy/pdpx/apps/match/xacml.properties
+ subPath: xacml.properties
+ - name: policy-monitoring
+ mountPath: /opt/app/policy/pdpx/apps/monitoring
+ - name: pdpxconfig-processed
+ mountPath: /opt/app/policy/pdpx/apps/monitoring/xacml.properties
+ subPath: xacml.properties
+ - name: policy-naming
+ mountPath: /opt/app/policy/pdpx/apps/naming
+ - name: pdpxconfig-processed
+ mountPath: /opt/app/policy/pdpx/apps/naming/xacml.properties
+ subPath: xacml.properties
+ - name: policy-native
+ mountPath: /opt/app/policy/pdpx/apps/native
+ - name: pdpxconfig-processed
+ mountPath: /opt/app/policy/pdpx/apps/native/xacml.properties
+ subPath: xacml.properties
+ - name: policy-optimization
+ mountPath: /opt/app/policy/pdpx/apps/optimization
+ - name: pdpxconfig-processed
+ mountPath: /opt/app/policy/pdpx/apps/optimization/xacml.properties
+ subPath: xacml.properties
+ - name: logs
+ mountPath: /var/log/onap
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ - mountPath: /opt/app/policy/pdpx/etc/logback.xml
+ subPath: logback.xml
+ name: pdpxconfig-processed
- mountPath: /opt/app/policy/pdpx/etc/mounted
name: pdpxconfig-processed
resources: {{ include "common.resources" . | nindent 12 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
+ - name: policy-guard
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.policyDir.sizeLimit }}
+ - name: policy-match
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.policyDir.sizeLimit }}
+ - name: policy-monitoring
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.policyDir.sizeLimit }}
+ - name: policy-naming
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.policyDir.sizeLimit }}
+ - name: policy-native
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.policyDir.sizeLimit }}
+ - name: policy-optimization
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.policyDir.sizeLimit }}
+ - name: empty-dir
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }}
+ - name: logs
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }}
- name: pdpxconfig
configMap:
name: {{ include "common.fullname" . }}-configmap
- name: pdpxconfig-processed
emptyDir:
medium: Memory
+ sizeLimit: 64Mi
{{- include "common.imagePullSecrets" . | nindent 6 }}
# ============LICENSE_END=========================================================
*/}}
-{{ include "common.service" . }}
\ No newline at end of file
+{{ include "common.service" . }}
# ============LICENSE_START=======================================================
# Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
memory: "2Gi"
unlimited: {}
+securityContext:
+ user_id: 100
+ group_id: 102
+
+dirSizes:
+ emptyDir:
+ sizeLimit: 1Gi
+ logDir:
+ sizeLimit: 500Mi
+ policyDir:
+ sizeLimit: 100Mi
+
#Pods Service Account
serviceAccount:
nameOverride: *componentName
type: topic
patternType: prefix
operations: [ Create, Describe, Read, Write ]
-
-
# Copyright © 2018 Amdocs, Bell Canada
# Modifications Copyright © 2020 AT&T Intellectual Property
# Modifications Copyright (C) 2022 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}-galera-init
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
{{- include "common.imagePullSecrets" . | nindent 6 }}
initContainers:
{{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_mariadb ) | indent 6 | trim }}
- name: {{ include "common.name" . }}-galera-config
image: {{ include "repositoryGenerator.image.mariadb" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
volumeMounts:
- mountPath: /dbcmd-config/db.sh
name: {{ include "common.fullname" . }}-config
- /bin/sh
- -cx
- |
- {{- if include "common.onServiceMesh" . }}
+ {{- if include "common.requireSidecarKiller" . }}
echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
/dbcmd-config/db.sh
env:
- name: MYSQL_PORT
value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}"
resources: {{ include "common.resources" . | nindent 10 }}
- {{- if (include "common.onServiceMesh" .) }}
+ {{- if (include "common.requireSidecarKiller" .) }}
- name: policy-service-mesh-wait-for-job-container
image: {{ include "repositoryGenerator.image.quitQuit" . }}
imagePullPolicy: Always
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+ resources:
+ limits:
+ cpu: 100m
+ memory: 500Mi
+ requests:
+ cpu: 10m
+ memory: 10Mi
{{- end }}
restartPolicy: Never
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}-pg-init
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
{{- include "common.imagePullSecrets" . | nindent 6 }}
initContainers:
{{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_postgres ) | indent 6 | trim }}
- name: {{ include "common.name" . }}-pg-config
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.postgresImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
volumeMounts:
- mountPath: /docker-entrypoint-initdb.d/db-pg.sh
name: {{ include "common.fullname" . }}-config
- /bin/sh
- -cx
- |
- {{- if include "common.onServiceMesh" . }}
+ {{- if include "common.requireSidecarKiller" . }}
echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
/docker-entrypoint-initdb.d/db-pg.sh
env:
- name: PG_PORT
value: "{{ .Values.postgres.service.internalPort }}"
resources: {{ include "common.resources" . | nindent 10 }}
- {{- if (include "common.onServiceMesh" .) }}
+ {{- if (include "common.requireSidecarKiller" .) }}
- name: policy-service-mesh-wait-for-job-container
image: {{ include "repositoryGenerator.image.quitQuit" . }}
imagePullPolicy: Always
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+ resources:
+ limits:
+ cpu: 100m
+ memory: 500Mi
+ requests:
+ cpu: 10m
+ memory: 10Mi
{{- end }}
restartPolicy: Never
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}-galera-config
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
{{- include "common.imagePullSecrets" . | nindent 6 }}
initContainers:
- name: {{ include "common.name" . }}-init-readiness
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
memory: "20Mi"
containers:
- name: {{ include "common.name" . }}-galera-db-migrator
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- mountPath: /dbcmd-config/db_migrator_policy_init.sh
name: {{ include "common.fullname" . }}-config
subPath: db_migrator_policy_init.sh
+ - mountPath: /opt/app/policy/etc/db
+ name: db-conf
command:
- /bin/sh
- -cx
- |
- {{- if include "common.onServiceMesh" . }}
+ {{- if include "common.requireSidecarKiller" . }}
echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
/dbcmd-config/db_migrator_policy_init.sh
env:
- name: SCRIPT_DIRECTORY
value: "sql"
resources: {{ include "common.resources" . | nindent 10 }}
- {{- if (include "common.onServiceMesh" .) }}
+ {{- if (include "common.requireSidecarKiller" .) }}
- name: policy-service-mesh-wait-for-job-container
image: {{ include "repositoryGenerator.image.quitQuit" . }}
imagePullPolicy: Always
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+ resources:
+ limits:
+ cpu: 100m
+ memory: 500Mi
+ requests:
+ cpu: 10m
+ memory: 10Mi
{{- end }}
restartPolicy: Never
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
items:
- key: db_migrator_policy_init.sh
path: db_migrator_policy_init.sh
+ - name: db-conf
+ emptyDir:
+ medium: Memory
+ sizeLimit: 64Mi
{{ end }}
{{ if .Values.global.postgres.localCluster }}
---
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}-pg-config
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
{{- include "common.imagePullSecrets" . | nindent 6 }}
initContainers:
- name: {{ include "common.name" . }}-init-readiness
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
memory: "20Mi"
containers:
- name: {{ include "common.name" . }}-pg-db-migrator
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- mountPath: /dbcmd-config/db_migrator_pg_policy_init.sh
name: {{ include "common.fullname" . }}-config
subPath: db_migrator_pg_policy_init.sh
+ - mountPath: /opt/app/policy/etc/db
+ name: db-conf
command:
- /bin/sh
- -cx
- |
- {{- if include "common.onServiceMesh" . }}
+ {{- if include "common.requireSidecarKiller" . }}
echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
/dbcmd-config/db_migrator_pg_policy_init.sh
env:
- name: PGPASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
resources: {{ include "common.resources" . | nindent 10 }}
- {{- if (include "common.onServiceMesh" .) }}
+ {{- if (include "common.requireSidecarKiller" .) }}
- name: policy-service-mesh-wait-for-job-container
image: {{ include "repositoryGenerator.image.quitQuit" . }}
imagePullPolicy: Always
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+ resources:
+ limits:
+ cpu: 100m
+ memory: 500Mi
+ requests:
+ cpu: 10m
+ memory: 10Mi
{{- end }}
restartPolicy: Never
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
items:
- key: db_migrator_pg_policy_init.sh
path: db_migrator_pg_policy_init.sh
+ - name: db-conf
+ emptyDir:
+ medium: Memory
+ sizeLimit: 64Mi
{{ end }}
{{/*
# Copyright © 2022-2023 Nordix Foundation
+# Modifications Copyright © 2024 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- resource:
type: group
name: {{ .Values.config.policyPdpPapTopic.consumer.groupId }}
- operation: All
+ operations:
+ - All
- resource:
type: topic
name: {{ .Values.config.policyPdpPapTopic.name }}
- operation: All
+ operations:
+ - All
- resource:
type: topic
name: {{ .Values.config.policyHeartbeatTopic.name }}
- operation: All
+ operations:
+ - All
- resource:
type: topic
name: {{ .Values.config.policyNotificationTopic.name }}
- operation: All
+ operations:
+ - All
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018-2020 AT&T Intellectual Property
# Modifications Copyright (C) 2021-2024 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
memory: "2Gi"
unlimited: {}
+securityContext:
+ user_id: 100
+ group_id: 65533
+
#Pods Service Account
serviceAccount:
nameOverride: policy
Code Review / oom.git / commitdiff