apiVersion: v2
description: ONAP Policy
name: policy
-version: 16.0.8
+version: 16.0.9
dependencies:
- name: common
apiVersion: v2
description: ONAP Policy OPA PDP (PDP-O)
name: policy-opa-pdp
-version: 16.0.1
+version: 16.0.2
dependencies:
- name: common
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2025 Deutsche Telekom Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+spec:
+ scaleTargetRef:
+ apiVersion: apps/v1
+ kind: Deployment
+ name: {{ include "common.fullname" . }}
+ minReplicas: {{ .Values.autoscaling.minReplicas }}
+ maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+ metrics:
+ {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: cpu
+ target:
+ type: Utilization
+ averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+ {{- end }}
+ {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: memory
+ target:
+ type: Utilization
+ averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+ {{- end }}
+ behavior:
+ scaleDown:
+ stabilizationWindowSeconds: {{ .Values.autoscaling.stabilizationWindowSeconds}}
+ policies:
+ - type: Pods
+ value: {{ .Values.autoscaling.podScaleDownCount }}
+ periodSeconds: {{ .Values.autoscaling.periodSecondsPods }}
+ - type: Percent
+ value: {{ .Values.autoscaling.podScaleDownPercent }}
+ periodSeconds: {{ .Values.autoscaling.periodSecondsPercent }}
+ selectPolicy: {{ .Values.autoscaling.selectPolicy }}
+{{- end }}
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
selector: {{- include "common.selectors" . | nindent 4 }}
+ {{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
+ {{ end }}
+ strategy:
+ type: {{ .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ .Values.updateStrategy.maxSurge }}
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
fieldPath: metadata.uid
- name: GROUPID
value: "{{ .Values.groupIdPrefix }}-$(POD_UID)"
+ - name: PATCH_GROUPID
+ value: "{{ .Values.patchGroupIdPrefix }}-$(POD_UID)"
- name: LOG_LEVEL
value: "{{ .Values.log.loglevel }}"
- name: PAP_TOPIC
value: "{{ .Values.kafka.topic }}"
+ - name: PATCH_TOPIC
+ value: "{{ .Values.kafka.patchtopic }}"
+ - name: USE_KAFKA_FOR_PATCH
+ value: "{{ .Values.useKafkaForPatch }}"
- name: API_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-creds" "key" "login") | indent 10 }}
- name: API_PASSWORD
mountPath: /app/bundles
- name: logs
mountPath: /var/logs
+ - mountPath: /opt/policies/
+ name: opt-policies
+ - mountPath: /opt/data/
+ name: opt-data
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
- name: logs
emptyDir:
sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }}
+ - name: opt-policies
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.optPolicies.sizeLimit }}
+ - name: opt-data
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.optData.sizeLimit }}
{{- include "common.imagePullSecrets" . | nindent 6 }}
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-opa-pdp:1.0.4
+image: onap/policy-opa-pdp:1.0.5
pullPolicy: Always
user: policyadmin
password: zb!XztG34
-config:
- # Event consumption (kafka) properties
- kafka:
- consumer:
- groupId: policy-opa-pdp
- app:
- listener:
- policyPdpPapTopic: policy-pdp-pap
+updateStrategy:
+ type: RollingUpdate
+ # The number of pods that can be unavailable during the update process
+ maxUnavailable: 0
+ # The number of pods that can be created above the desired amount of pods during an update
+ maxSurge: 1
securityContext:
user_id: 1000
kafka:
groupid: "policy-opa-pdp"
topic: "policy-pdp-pap"
+ patchtopic: "opa-pdp-data"
useSASL: "true"
brokers: "onap-strimzi-kafka-bootstrap.onap:9092"
+useKafkaForPatch: false
+
persistence:
enabled: true
volumeReclaimPolicy: Retain
services:
- 'policy-pap'
+autoscaling:
+ enabled: true
+ minReplicas: 1
+ maxReplicas: 3
+ targetCPUUtilizationPercentage: 70
+ stabilizationWindowSeconds: 60
+ podScaleDownCount: 1
+ periodSecondsPods: 60
+ podScaleDownPercent: 10
+ periodSecondsPercent: 60
+ selectPolicy: "Min"
+
service:
type: ClusterIP
name: *componentName
sizeLimit: 100Mi
bundleDir:
sizeLimit: 5Gi
+ optPolicies:
+ sizeLimit: 500Mi
+ optData:
+ sizeLimit: 500Mi
groupIdPrefix: opa-pdp
+patchGroupIdPrefix: opa-pdp-data
#Pods Service Account
serviceAccount:
version: '{{ .Chart.Version | replace "+" "_" }}'
release: prometheus
enabled: true
- port: policy-opa-pdp
+ port: http
interval: 60s
+ path: /metrics
isHttps: false
basicAuth:
enabled: true
- externalSecretNameSuffix: policy-opa-pdp-restserver-creds
+ externalSecretNameSuffix: policy-opa-pdp-api-creds
externalSecretUserKey: login
externalSecretPasswordKey: password
selector:
app: '{{ include "common.name" . }}'
- chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
- release: '{{ include "common.release" . }}'
- heritage: '{{ .Release.Service }}'
+ helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+ app.kubernetes.io/instance: '{{ include "common.release" . }}'
+ app.kubernetes.io/managed-by: '{{ .Release.Service }}'
config:
- # Event consumption (kafka) properties
- kafka:
- consumer:
- groupId: policy-opa-pdp
app:
listener:
policyPdpPapTopic: policy-pdp-pap
type: topic
patternType: prefix
operations: [ Create, Describe, Read, Write ]
+ - name: opa-pdp-data
+ type: topic
+ patternType: prefix
+ operations: [ Create, Describe, Read, Write ]
+
{{/*
# Copyright © 2022 Nordix Foundation
+# Modifications Copyright ©2025 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
config:
retention.ms: {{ .Values.config.policyNotificationTopic.retentionMs }}
segment.bytes: {{ .Values.config.policyNotificationTopic.segmentBytes }}
+---
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+ name: {{ .Values.config.opaPdpDataTopic.name }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ partitions: {{ .Values.config.opaPdpDataTopic.partitions }}
+ config:
+ retention.ms: {{ .Values.config.opaPdpDataTopic.retentionMs }}
+ segment.bytes: {{ .Values.config.opaPdpDataTopic.segmentBytes }}
+
# Global configuration defaults.
#################################################################
global:
- prometheusEnabled: false
+ prometheusEnabled: true
postgres:
localCluster: true
# flag to enable the DB creation via pgo-operator
segmentBytes: 1073741824
consumer:
groupId: policy-group
+ opaPdpDataTopic:
+ name: opa-pdp-data
+ partitions: 10
+ retentionMs: 7200000
+ segmentBytes: 1073741824
someConfig: blah
# application configuration override for postgres
Code Review / oom.git / commitdiff