Added script run-k8s-csit.sh to spin and delete kubernetes cluster in Microk8s.
Added helm charts for mariadb, k8s-participant, runtime-acm and dmaap-simulator.
Issue-ID: POLICY-4457
Signed-off-by: zrrmmua <ramesh.murugan.iyer@est.tech>
Change-Id: I456cb7f291d116dbd5b68a067171214a0e08fb37
--- /dev/null
+#!/bin/bash
+#
+# ============LICENSE_START====================================================
+# Copyright (C) 2022 Nordix Foundation.
+# =============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END======================================================
+
+# This script spins up kubernetes cluster in Microk8s for deploying policy helm charts.
+
+function spin_microk8s_cluster () {
+ echo "Verify if Microk8s cluster is running.."
+ microk8s version
+ exitcode="${?}"
+
+ if [ "$exitcode" -ne 0 ]; then
+ echo "Microk8s cluster not available, Spinning up the cluster.."
+ sudo snap install microk8s --classic --channel=1.25/stable
+
+ if [ "${?}" -ne 0 ]; then
+ echo "Failed to install kubernetes cluster. Aborting.."
+ return 1
+ fi
+ echo "Microk8s cluster installed successfully"
+ sudo usermod -a -G microk8s $USER
+ echo "Enabling DNS and helm3"
+ microk8s.enable dns helm3
+ echo "Creating configuration file for Microk8s"
+ microk8s kubectl config view --raw > $HOME/.kube/config
+ chmod 600 $HOME/.kube/config
+ echo "K8s installation completed"
+ else
+ echo "K8s cluster is already running"
+ return 0
+ fi
+
+}
+
+function teardown_cluster () {
+ echo "Removing k8s cluster and k8s configuration file"
+ sudo snap remove microk8s;rm -rf $HOME/.kube/config
+ echo "K8s Cluster removed"
+}
+
+
+if [ $1 == "install" ]; then
+ spin_microk8s_cluster
+ if [ "${?}" -eq 0 ]; then
+ echo "Installing policy helm charts in the default namespace"
+ cd ../helm/;helm dependency build policy;microk8s helm install dev-policy policy;
+ echo "Policy chart installation completed"
+ fi
+
+elif [ $1 == "uninstall" ]; then
+ teardown_cluster
+else
+ echo "Invalid arguments provided. Usage: $0 [option..] {install | uninstall}"
+fi
+
--- /dev/null
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v2
+description: ONAP Policy
+name: policy
+version: 11.0.0
+
+dependencies:
+ - name: mariadb-galera
+ version: ~11.x-0
+ repository: 'file://components/mariadb-galera'
+ - name: policy-clamp-ac-k8s-ppnt
+ version: ~11.x-0
+ repository: 'file://components/policy-clamp-ac-k8s-ppnt'
+ condition: policy-clamp-ac-k8s-ppnt.enabled
+ - name: policy-clamp-runtime-acm
+ version: ~11.x-0
+ repository: 'file://components/policy-clamp-runtime-acm'
+ condition: policy-clamp-runtime-acm.enabled
+ - name: policy-models-simulator
+ version: ~11.x-0
+ repository: 'file://components/policy-models-simulator'
+ condition: policy-models-simulator.enabled
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
--- /dev/null
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v2
+description: Chart for MariaDB Galera cluster
+name: mariadb-galera
+version: 11.0.0
+keywords:
+ - mariadb
+ - mysql
+ - database
+ - sql
+ - galera
+ - cluster
--- /dev/null
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ if .Values.mariadbConfiguration }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Chart.Name }}-configuration
+ namespace: default
+ labels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ app.kubernetes.io/managed-by: Helm
+data:
+ my.cnf: |
+{{ .Values.mariadbConfiguration | indent 4 }}
+{{- end }}
--- /dev/null
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if default false .Values.global.metrics.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Chart.Name }}-metrics
+ namespace: default
+ labels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ app.kubernetes.io/managed-by: Helm
+spec:
+ type: {{ .Values.metrics.service.type }}
+ ports:
+ - name: tcp-metrics
+ port: {{ .Values.metrics.service.port }}
+ targetPort: tcp-metrics
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+
+{{- end }}
--- /dev/null
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.podDisruptionBudget.create }}
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+ name: {{ .Chart.Name }}
+ namespace: default
+ labels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ app.kubernetes.io/managed-by: Helm
+spec:
+{{- if .Values.podDisruptionBudget.minAvailable }}
+ minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
+{{- end }}
+{{- if .Values.podDisruptionBudget.maxUnavailable }}
+ maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
+{{- end }}
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+{{- end }}
--- /dev/null
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if default false (and .Values.global.metrics.enabled .Values.global.metrics.custom_resources) }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ name: { .Chart.Name }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ app.kubernetes.io/managed-by: Helm
+
+ {{- toYaml .Values.metrics.prometheusRules.selector | nindent 4 }}
+spec:
+ groups:
+ - name: {{ .Chart.Name }}
+ rules:
+ {{- toYaml .Values.metrics.prometheusRules.rules | nindent 6 }}
+{{- end }}
+
--- /dev/null
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+ name: {{ .Chart.Name }}--0
+ namespace: default
+ labels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ app.kubernetes.io/managed-by: Helm
+
+spec:
+ capacity:
+ storage: {{ .Values.persistence.size }}
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ persistentVolumeReclaimPolicy:
+ storageClassName: "mariadb-galera-data"
+ hostPath:
+ path: /dockerdata-nfs/mariadb-galera/data-0
+
+---
+
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+ name: {{ .Chart.Name }}--1
+ namespace: default
+ labels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ app.kubernetes.io/managed-by: Helm
+
+spec:
+ capacity:
+ storage: {{ .Values.persistence.size }}
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ persistentVolumeReclaimPolicy:
+ storageClassName: "mariadb-galera-data"
+ hostPath:
+ path: /dockerdata-nfs/mariadb-galera/data-1
+
+---
+
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+ name: {{ .Chart.Name }}--2
+ namespace: default
+ labels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+
+ helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ app.kubernetes.io/managed-by: Helm
+
+spec:
+ capacity:
+ storage: {{ .Values.persistence.size }}
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ persistentVolumeReclaimPolicy:
+ storageClassName: "mariadb-galera-data"
+ hostPath:
+ path: /dockerdata-nfs/mariadb-galera/data-2
+
--- /dev/null
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: {{ .Chart.Name }}-read
+ namespace: default
+subjects:
+- kind: ServiceAccount
+ name: {{ .Chart.Name }}-read
+roleRef:
+ kind: Role
+ name: read
+ apiGroup: rbac.authorization.k8s.io
+
--- /dev/null
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: mariadb-galera-db-backup-credentials
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ heritage: Helm
+type: Opaque
+stringData:
+ login: {{ .Values.galera.mariabackup.user }}
+ password: {{ .Values.galera.mariabackup.password }}
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: mariadb-galera-db-root-password
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ heritage: Helm
+type: Opaque
+stringData:
+ password: {{ .Values.rootUser.password }}
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: mariadb-galera-db-user-credentials
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ heritage: Helm
+type: Opaque
+stringData:
+ login: {{ .Values.db.user }}
+ password: {{ .Values.db.password }}
+
--- /dev/null
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .Chart.Name }}-read
--- /dev/null
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Chart.Name }}
+ namespace: default
+ labels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ app.kubernetes.io/managed-by: Helm
+spec:
+ ports:
+ - port: 3306
+ targetPort: tcp-mysql
+ protocol: TCP
+ name: tcp-mysql
+ ipFamilyPolicy: PreferDualStack
+ type: ClusterIP
+ selector:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ sessionAffinity: None
+
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Chart.Name }}-headless
+ namespace: default
+ labels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ app.kubernetes.io/managed-by: Helm
+spec:
+ clusterIP: None
+ ports:
+ - port: 4567
+ targetPort: tcp-galera
+ protocol: TCP
+ name: tcp-galera
+ - port: 4568
+ targetPort: tcp-ist
+ protocol: TCP
+ name: tcp-ist
+ - port: 4444
+ targetPort: tcp-sst
+ protocol: TCP
+ name: tcp-sst
+ ipFamilyPolicy: PreferDualStack
+ type: ClusterIP
+ selector:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ sessionAffinity: None
--- /dev/null
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: {{ .Chart.Name }}
+ namespace: default
+ labels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ app.kubernetes.io/managed-by: Helm
+
+spec:
+ podManagementPolicy: {{ .Values.podManagementPolicy }}
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+
+ serviceName: {{ .Chart.Name }}-headless
+ updateStrategy:
+ type: {{ .Values.updateStrategy.type }}
+ {{- if (eq "Recreate" .Values.updateStrategy.type) }}
+ rollingUpdate: null
+ {{- end }}
+ template:
+ metadata:
+ annotations:
+ traffic.sidecar.istio.io/excludeInboundPorts: 4444,4567,4568
+ traffic.sidecar.istio.io/excludeOutboundPorts: 4444,4567,4568
+ traffic.sidecar.istio.io/includeInboundPorts: '*'
+ labels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ app.kubernetes.io/managed-by: Helm
+ name: {{ .Chart.Name }}
+
+ spec:
+ securityContext:
+ runAsUser: 10001
+ runAsGroup: 10001
+ fsGroup: 10001
+ initContainers:
+ # we shouldn't need this but for unknown reason, it's fsGroup is not
+ # applied
+ - name: fix-permission
+ command:
+ - /bin/sh
+ args:
+ - -c
+ - |
+ chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} /data
+ chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} /bootstrap/
+ chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} /tmp/
+ {{- if .Values.mariadbConfiguration }}
+ cp /config/my.cnf /actual/my.cnf
+ chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} /actual
+ {{- end }}
+ image: docker.io/library/busybox:1.34.1
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ securityContext:
+ runAsUser: 0
+ volumeMounts:
+ - name: previous-boot
+ mountPath: /bootstrap
+ - name: mariadb-tmp-folder
+ mountPath: /tmp
+ - name: {{ .Chart.Name }}
+ mountPath: /data
+ {{- if .Values.mariadbConfiguration }}
+ - name: mariadb-galera-starting-config
+ mountPath: /config/my.cnf
+ subPath: my.cnf
+ - name: mariadb-galera-actual-config
+ mountPath: /actual
+ {{- end }}
+ containers:
+ - name: {{ .Chart.Name }}
+ image: {{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy | quote}}
+ command:
+ - bash
+ - -ec
+ - |
+ {{- if (not (empty (.Values.galera.bootstrap.bootstrapFromNode | quote)))}}
+ {{- $fullname := "mariadb-galera" }}
+ {{- $bootstrapFromNode := int .Values.galera.bootstrap.bootstrapFromNode }}
+ # Bootstrap from the indicated node
+ NODE_ID="${MY_POD_NAME#"{{ $fullname }}-"}"
+ if [[ "$NODE_ID" -eq "{{ $bootstrapFromNode }}" ]]; then
+ export MARIADB_GALERA_CLUSTER_BOOTSTRAP=yes
+ export MARIADB_GALERA_FORCE_SAFETOBOOTSTRAP={{ ternary "yes" "no" .Values.galera.bootstrap.forceSafeToBootstrap }}
+ fi
+ {{- end }}
+ exec /opt/bitnami/scripts/mariadb-galera/entrypoint.sh /opt/bitnami/scripts/mariadb-galera/run.sh
+ env:
+ - name: MY_POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: BITNAMI_DEBUG
+ value: {{ ternary "true" "false" .Values.debug | quote }}
+ - name: MARIADB_INIT_SLEEP_TIME
+ value: {{ .Values.init_sleep_time | quote }}
+ - name: MARIADB_GALERA_CLUSTER_NAME
+ value: {{ .Values.galera.name | quote }}
+ - name: MARIADB_GALERA_CLUSTER_ADDRESS
+ value: "gcomm://{{ .Chart.Name }}-headless.default.svc.{{ .Values.global.clusterDomain }}"
+ # Bitnami init script don't behave well in dual stack env.
+ # set it here as long as https://github.com/bitnami/charts/issues/4077 is not solved.
+ - name: MARIADB_GALERA_NODE_ADDRESS
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ - name: MARIADB_ROOT_USER
+ value: {{ .Values.rootUser.user | quote }}
+ - name: MARIADB_ROOT_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: mariadb-galera-db-root-password
+ key: password
+ - name: MARIADB_USER
+ valueFrom:
+ secretKeyRef:
+ name: mariadb-galera-db-user-credentials
+ key: login
+ - name: MARIADB_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: mariadb-galera-db-user-credentials
+ key: password
+ - name: MARIADB_DATABASE
+ value: {{ .Values.db.name | quote }}
+ - name: MARIADB_GALERA_MARIABACKUP_USER
+ valueFrom:
+ secretKeyRef:
+ name: mariadb-galera-db-backup-credentials
+ key: login
+ - name: MARIADB_GALERA_MARIABACKUP_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: mariadb-galera-db-backup-credentials
+ key: password
+ {{- if .Values.extraFlags }}
+ - name: MARIADB_EXTRA_FLAGS
+ value: {{ .Values.extraFlags | quote }}
+ {{- end }}
+ ports:
+ - containerPort: 3306
+ name: tcp-mysql
+ - containerPort: 4567
+ name: tcp-galera
+ - containerPort: 4568
+ name: tcp-ist
+ - containerPort: 4444
+ name: tcp-sst
+ {{- if .Values.livenessProbe.enabled }}
+ livenessProbe:
+ exec:
+ command:
+ - sh
+ - -ec
+ - |
+ exec mysqladmin status -u$MARIADB_ROOT_USER -p$MARIADB_ROOT_PASSWORD
+ initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.livenessProbe.successThreshold }}
+ failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
+ {{- end }}
+ {{- if .Values.readinessProbe.enabled }}
+ readinessProbe:
+ exec:
+ command:
+ - sh
+ - -ec
+ - |
+ exec mysqladmin status -u$MARIADB_ROOT_USER -p$MARIADB_ROOT_PASSWORD
+ initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.readinessProbe.successThreshold }}
+ failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
+ {{- end }}
+ {{- if .Values.startupProbe.enabled }}
+ startupProbe:
+ exec:
+ command:
+ - sh
+ - -ec
+ - |
+ exec mysqladmin status -u$MARIADB_ROOT_USER -p$MARIADB_ROOT_PASSWORD
+ initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.startupProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.startupProbe.successThreshold }}
+ failureThreshold: {{ .Values.startupProbe.failureThreshold }}
+ {{- end }}
+ resources:
+{{ toYaml .Values.resources.small | indent 12 }}
+ volumeMounts:
+ - name: previous-boot
+ mountPath: /opt/bitnami/mariadb/.bootstrap
+ - name: {{ .Chart.Name }}
+ mountPath: /bitnami/mariadb
+ - name: mariadb-tmp-folder
+ mountPath: /opt/bitnami/mariadb/tmp
+ {{- if .Values.mariadbConfiguration }}
+ - name: mariadb-galera-actual-config
+ mountPath: /opt/bitnami/mariadb/conf
+ {{- end }}
+ {{- if default false .Values.global.metrics.enabled }}
+ - name: {{ .Chart.Name }}-metrics
+ image: {{ .Values.metrics.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.metrics.pullPolicy | quote}}
+ env:
+ - name: MARIADB_METRICS_EXTRA_FLAGS
+ value: {{ default "" (join " " .Values.metrics.extraFlags) | quote }}
+ - name: MARIADB_ROOT_USER
+ value: {{ .Values.rootUser.user | quote }}
+ - name: MARIADB_ROOT_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: mariadb-galera-db-root-password
+ key: password
+ command:
+ - sh
+ - -c
+ - |
+ DATA_SOURCE_NAME="$MARIADB_ROOT_USER:$MARIADB_ROOT_PASSWORD@(localhost:3306)/" /bin/mysqld_exporter $MARIADB_METRICS_EXTRA_FLAGS
+ ports:
+ - name: tcp-metrics
+ containerPort: 9104
+ livenessProbe:
+ httpGet:
+ path: /metrics
+ port: tcp-metrics
+ initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }}
+ failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }}
+ readinessProbe:
+ httpGet:
+ path: /metrics
+ port: tcp-metrics
+ initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }}
+ failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }}
+ securityContext:
+ runAsUser: 10001
+ runAsGroup: 10001
+ fsGroup: 10001
+ resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
+ {{- end }}
+ imagePullSecrets:
+ - name: default-docker-registry-key
+ {{- if .Values.schedulerName }}
+ schedulerName: {{ .Values.schedulerName | quote }}
+ {{- end }}
+ {{- if .Values.priorityClassName }}
+ priorityClassName: {{ .Values.priorityClassName }}
+ {{- end }}
+ serviceAccountName: mariadb-galera-read
+ affinity:
+ podAffinity: {}
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - podAffinityTerm:
+ labelSelector:
+ matchLabels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ namespaces:
+ - default
+ topologyKey: kubernetes.io/hostname
+ weight: 1
+ nodeAffinity: {}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end }}
+ {{- if .Values.tolerations }}
+ tolerations:
+{{ toYaml .Values.tolerations | indent 10 }}
+ {{- end }}
+ volumes:
+ - name: previous-boot
+ emptyDir: {}
+ - name: mariadb-tmp-folder
+ emptyDir: {}
+ {{- if .Values.mariadbConfiguration }}
+ - name: mariadb-galera-actual-config
+ emptyDir: {}
+ - name: mariadb-galera-starting-config
+ configMap:
+ name: {{ .Chart.Name }}-configuration
+ {{- end }}
+{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }}
+ - name: {{ .Chart.Name }}
+ persistentVolumeClaim:
+ claimName: {{ .Values.persistence.existingClaim }}
+{{- else if not .Values.persistence.enabled }}
+ - name: {{ .Chart.Name }}
+ emptyDir: {}
+{{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
+ volumeClaimTemplates:
+ - metadata:
+ name: {{ .Chart.Name }}
+ namespace: default
+ labels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ app.kubernetes.io/managed-by: Helm
+
+ spec:
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ storageClassName: mariadb-galera-data
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size }}
+{{- end }}
--- /dev/null
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ persistence:
+ mountPath: /dockerdata-nfs
+ backup:
+ mountPath: /dockerdata-nfs/backup
+ clusterDomain: cluster.local
+ metrics: {}
+ dockerHubRepository: &dockerHubRepository docker.io
+
+passwordStrengthOverride: basic
+
+image: docker.io/bitnami/mariadb-galera:10.5.8
+## Specify a imagePullPolicy
+## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+##
+pullPolicy: Always
+
+## Set to true if you would like to see extra information on logs
+## It turns BASH debugging in minideb-extras-base
+##
+debug: true
+
+## Sometimes, especially when a lot of pods are created at the same time,
+## actions performed on the databases are tried to be done before actual start.
+init_sleep_time: 5
+
+## String to partially override common.names.fullname template (will maintain the release name)
+##
+nameOverride: mariadb-galera
+
+## Use an alternate scheduler, e.g. "stork".
+## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
+##
+# schedulerName:
+
+## StatefulSet controller supports relax its ordering guarantees while preserving its uniqueness and identity guarantees. There are two valid pod management policies: OrderedReady and Parallel
+## ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy
+##
+podManagementPolicy: OrderedReady
+
+
+## Pods Service Account
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+##
+serviceAccount:
+ nameOverride: mariadb-galera
+ roles:
+ - read
+
+## Pod Security Context
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+##
+securityContext:
+ enabled: true
+ user_id: 10001
+ group_id: 10001
+
+## Database credentials for root (admin) user
+##
+rootUser:
+ ## MariaDB admin user
+ user: root
+ ## MariaDB admin password
+ ## Password is ignored if externalSecret is specified.
+ ## If not set, password will be "randomly" generated
+ ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#setting-the-root-password-on-first-run
+ ##
+ password: dOM39tQX
+ # externalSecret:
+
+## Custom db configuration
+##
+db:
+ ## MariaDB username and password
+ ## Password is ignored if externalSecret is specified.
+ ## If not set, password will be "randomly" generated
+ ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#creating-a-database-user-on-first-run
+ ##
+ user: policy-user
+ password: policy-user
+ # externalSecret:
+ ## Database to create
+ ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#creating-a-database-on-first-run
+ ##
+ # name: my_database
+
+## Galera configuration
+##
+galera:
+ ## Galera cluster name
+ ##
+ name: galera
+
+ ## Bootstraping options
+ ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#bootstraping
+ bootstrap:
+ ## Node to bootstrap from, you will need to change this parameter incase you want to bootstrap from other node
+ ##
+ bootstrapFromNode: 0
+ ## Force safe_to_bootstrap in grastate.date file.
+ ## This will set safe_to_bootstrap=1 in the node indicated by bootstrapFromNode.
+ forceSafeToBootstrap: true
+
+ ## Credentials to perform backups
+ ##
+ mariabackup:
+ ## MariaBackup username and password
+ ## Password is ignored if externalSecret is specified.
+ ## If not set, password will be "randomly" generated
+ ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#setting-up-a-multi-master-cluster
+ ##
+ user: mariabackup
+ password: pt49gEq7
+ # externalSecret:
+
+## The backup job will mount the mariadb data pvc in order to run mariabackup.
+## For this reason the db data pvc needs to have accessMode: ReadWriteMany.
+backup:
+ enabled: false
+ cron: "00 00 * * *"
+ retentionPeriod: 3
+ persistence:
+ ## If true, use a Persistent Volume Claim, If false, use emptyDir
+ ##
+ enabled: true
+ # Enable persistence using an existing PVC
+ # existingClaim:
+ ## selector can be used to match an existing PersistentVolume
+ ## selector:
+ ## matchLabels:
+ ## app: my-app
+ selector: {}
+ ## Persistent Volume Storage Class
+ ## If defined, storageClassName: <storageClass>
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack)
+ ##
+ # storageClass: "-"
+ ## Persistent Volume Claim annotations
+ ##
+ annotations:
+ ## Persistent Volume Access Mode
+ ##
+ accessMode: ReadWriteOnce
+ ## Persistent Volume size
+ ##
+ size: 2Gi
+
+## TLS configuration
+##
+tls:
+ ## Enable TLS
+ ##
+ enabled: false
+ ## Name of the secret that contains the certificates
+ ##
+ # certificatesSecret:
+ ## Certificate filename
+ ##
+ # certFilename:
+ ## Certificate Key filename
+ ##
+ # certKeyFilename:
+ ## CA Certificate filename
+ ##
+ # certCAFilename:
+
+## Configure MariaDB with a custom my.cnf file
+## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file
+## Alternatively, you can put your my.cnf under the files/ directory
+##
+mariadbConfiguration: |-
+ [client]
+ port=3306
+ socket=/opt/bitnami/mariadb/tmp/mysql.sock
+ plugin_dir=/opt/bitnami/mariadb/plugin
+
+ [mysqld]
+ lower_case_table_names = 1
+ default_storage_engine=InnoDB
+ basedir=/opt/bitnami/mariadb
+ datadir=/bitnami/mariadb/data
+ plugin_dir=/opt/bitnami/mariadb/plugin
+ tmpdir=/opt/bitnami/mariadb/tmp
+ socket=/opt/bitnami/mariadb/tmp/mysql.sock
+ pid_file=/opt/bitnami/mariadb/tmp/mysqld.pid
+ bind_address=0.0.0.0
+
+ ## Character set
+ collation_server=utf8_unicode_ci
+ init_connect='SET NAMES utf8'
+ character_set_server=utf8
+
+ ## MyISAM
+ key_buffer_size=32M
+ myisam_recover_options=FORCE,BACKUP
+
+ ## Safety
+ skip_host_cache
+ skip_name_resolve
+ max_allowed_packet=16M
+ max_connect_errors=1000000
+ sql_mode=STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,ONLY_FULL_GROUP_BY
+ sysdate_is_now=1
+
+ ## Binary Logging
+ log_bin=mysql-bin
+ expire_logs_days=14
+ # Disabling for performance per http://severalnines.com/blog/9-tips-going-production-galera-cluster-mysql
+ sync_binlog=0
+ # Required for Galera
+ binlog_format=row
+
+ ## Caches and Limits
+ tmp_table_size=32M
+ max_heap_table_size=32M
+ # Re-enabling as now works with Maria 10.1.2
+ query_cache_type=1
+ query_cache_limit=4M
+ query_cache_size=256M
+ max_connections=500
+ thread_cache_size=50
+ open_files_limit=65535
+ table_definition_cache=4096
+ table_open_cache=4096
+
+ ## InnoDB
+ innodb=FORCE
+ innodb_strict_mode=1
+ # Mandatory per https://github.com/codership/documentation/issues/25
+ innodb_autoinc_lock_mode=2
+ # Per https://www.percona.com/blog/2006/08/04/innodb-double-write/
+ innodb_doublewrite=1
+ innodb_flush_method=O_DIRECT
+ innodb_log_files_in_group=2
+ innodb_log_file_size=128M
+ innodb_flush_log_at_trx_commit=1
+ innodb_file_per_table=1
+ # 80% Memory is default reco.
+ # Need to re-evaluate when DB size grows
+ innodb_buffer_pool_size=2G
+ innodb_file_format=Barracuda
+
+ ## Logging
+ log_error=/opt/bitnami/mariadb/logs/mysqld.log
+ slow_query_log_file=/opt/bitnami/mariadb/logs/mysqld.log
+ log_queries_not_using_indexes=1
+ slow_query_log=1
+
+ ## SSL
+ ## Use extraVolumes and extraVolumeMounts to mount /certs filesystem
+ # ssl_ca=/certs/ca.pem
+ # ssl_cert=/certs/server-cert.pem
+ # ssl_key=/certs/server-key.pem
+
+ [galera]
+ wsrep_on=ON
+ wsrep_provider=/opt/bitnami/mariadb/lib/libgalera_smm.so
+ wsrep_sst_method=mariabackup
+ wsrep_slave_threads=4
+ wsrep_cluster_address=gcomm://
+ wsrep_cluster_name=galera
+ wsrep_sst_auth="root:"
+ # Enabled for performance per https://mariadb.com/kb/en/innodb-system-variables/#innodb_flush_log_at_trx_commit
+ innodb_flush_log_at_trx_commit=2
+ # MYISAM REPLICATION SUPPORT #
+ wsrep_replicate_myisam=ON
+ binlog_format=row
+ default_storage_engine=InnoDB
+ innodb_autoinc_lock_mode=2
+ transaction-isolation=READ-COMMITTED
+ wsrep_causal_reads=1
+ wsrep_sync_wait=7
+
+ [mariadb]
+ plugin_load_add=auth_pam
+
+ ## Data-at-Rest Encryption
+ ## Use extraVolumes and extraVolumeMounts to mount /encryption filesystem
+ # plugin_load_add=file_key_management
+ # file_key_management_filename=/encryption/keyfile.enc
+ # file_key_management_filekey=FILE:/encryption/keyfile.key
+ # file_key_management_encryption_algorithm=AES_CTR
+ # encrypt_binlog=ON
+ # encrypt_tmp_files=ON
+
+ ## InnoDB/XtraDB Encryption
+ # innodb_encrypt_tables=ON
+ # innodb_encrypt_temporary_tables=ON
+ # innodb_encrypt_log=ON
+ # innodb_encryption_threads=4
+ # innodb_encryption_rotate_key_age=1
+
+ ## Aria Encryption
+ # aria_encrypt_tables=ON
+ # encrypt_tmp_disk_tables=ON
+
+## MariaDB additional command line flags
+## Can be used to specify command line flags, for example:
+##
+## extraFlags: "--max-connect-errors=1000 --max_connections=155"
+
+## Desired number of cluster nodes
+##
+replicaCount: 3
+
+## updateStrategy for MariaDB Master StatefulSet
+## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+##
+updateStrategy:
+ type: RollingUpdate
+
+## Additional pod annotations for MariaDB Galera pods
+## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+## -> here required to enable mariadb-galera in istio
+##
+podAnnotations:
+ # sidecar.istio.io/inject: "false"
+ traffic.sidecar.istio.io/excludeInboundPorts: "4444,4567,4568"
+ traffic.sidecar.istio.io/includeInboundPorts: '*'
+ traffic.sidecar.istio.io/excludeOutboundPorts: "4444,4567,4568"
+
+## Pod affinity preset
+## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+## Allowed values: soft, hard
+##
+podAffinityPreset: ""
+
+## Pod anti-affinity preset
+## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+## Allowed values: soft, hard
+##
+podAntiAffinityPreset: soft
+
+## Node affinity preset
+## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
+## Allowed values: soft, hard
+##
+nodeAffinityPreset:
+ ## Node affinity type
+ ## Allowed values: soft, hard
+ type: ""
+ ## Node label key to match
+ ## E.g.
+ ## key: "kubernetes.io/e2e-az-name"
+ ##
+ key: ""
+ ## Node label values to match
+ ## E.g.
+ ## values:
+ ## - e2e-az1
+ ## - e2e-az2
+ ##
+ values: []
+
+## Affinity for pod assignment. Evaluated as a template.
+## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
+##
+affinity: {}
+
+## Node labels for pod assignment. Evaluated as a template.
+## ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+
+## Tolerations for pod assignment. Evaluated as a template.
+## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+##
+tolerations: []
+
+## Enable persistence using Persistent Volume Claims
+## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
+##
+persistence:
+ ## If true, use a Persistent Volume Claim, If false, use emptyDir
+ ##
+ enabled: true
+ # Enable persistence using an existing PVC
+ # existingClaim:
+ mountPath: /dockerdata-nfs
+ mountSubPath: "mariadb-galera/data"
+ ## selector can be used to match an existing PersistentVolume
+ ## selector:
+ ## matchLabels:
+ ## app: my-app
+ selector: {}
+ ## Persistent Volume Storage Class
+ ## If defined, storageClassName: <storageClass>
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack)
+ ##
+ # storageClass: "-"
+ ## Persistent Volume Claim annotations
+ ##
+ annotations:
+ ## Persistent Volume Access Mode
+ ## Use ReadWriteMany if backup is enabled, see backup section.
+ ##
+ accessMode: ReadWriteOnce
+ ## Persistent Volume size
+ ##
+ size: 3Gi
+
+## Additional pod labels
+##
+# podLabels:
+# extraLabel: extraValue
+
+## Priority Class Name
+#
+# priorityClassName: 'priorityClass'
+
+## MariaDB Galera containers' resource requests and limits
+## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+##
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 500m
+ memory: 2Gi
+ unlimited: {}
+
+## MariaDB Galera containers' liveness and readiness probes
+## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
+##
+livenessProbe:
+ enabled: true
+ initialDelaySeconds: 1
+ periodSeconds: 10
+ timeoutSeconds: 180
+ successThreshold: 1
+ failureThreshold: 3
+readinessProbe:
+ enabled: true
+ initialDelaySeconds: 1
+ periodSeconds: 10
+ timeoutSeconds: 180
+ successThreshold: 1
+ failureThreshold: 3
+startupProbe:
+ ## Initializing the database could take some time
+ ##
+ enabled: true
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ timeoutSeconds: 180
+ successThreshold: 1
+ # will wait up for initialDelaySeconds + failureThreshold*periodSeconds before
+ # stating startup wasn't good (910s per default)
+ failureThreshold: 90
+
+## Pod disruption budget configuration
+##
+podDisruptionBudget:
+ ## Specifies whether a Pod disruption budget should be created
+ ##
+ create: true
+ minAvailable: 1
+ # maxUnavailable: 1
+
+## Prometheus exporter configuration
+##
+metrics:
+ ## Bitnami MySQL Prometheus exporter image
+ ## ref: https://hub.docker.com/r/bitnami/mysqld-exporter/tags/
+ ##
+ image: docker.io/bitnami/mysqld-exporter:0.12.1-debian-10-r264
+ pullPolicy: Always
+ ## MySQL exporter additional command line flags
+ ## Can be used to specify command line flags
+ ## E.g.:
+ ## extraFlags:
+ ## - --collect.binlog_size
+ ##
+ extraFlags: []
+ ## MySQL Prometheus exporter containers' resource requests and limits
+ ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ ##
+ resources:
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ limits:
+ cpu: 0.5
+ memory: 256Mi
+ requests:
+ cpu: 0.5
+ memory: 256Mi
+ ## MariaDB Galera metrics container's liveness and readiness probes
+ ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
+ ##
+ livenessProbe:
+ enabled: true
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 3
+ readinessProbe:
+ enabled: true
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 3
+ ## MySQL Prometheus exporter service parameters
+ ##
+ service:
+ type: ClusterIP
+ port: 9104
+ annotations:
+ prometheus.io/scrape: "true"
+ prometheus.io/port: "9104"
+
+ ## Prometheus Operator ServiceMonitor configuration
+ ##
+ serviceMonitor:
+ enabled: false
+ ## Namespace in which Prometheus is running
+ ##
+ # namespace: monitoring
+
+ ## Interval at which metrics should be scraped.
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
+ ##
+ # interval: 10s
+
+ ## Timeout after which the scrape is ended
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
+ ##
+ # scrapeTimeout: 10s
+
+ ## ServiceMonitor selector labels
+ ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration
+ ##
+ # selector:
+ # prometheus: kube-prometheus
+
+ ## RelabelConfigs to apply to samples before scraping
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
+ ## Value is evalued as a template
+ ##
+ relabelings: []
+
+ ## MetricRelabelConfigs to apply to samples before ingestion
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
+ ## Value is evalued as a template
+ ##
+ metricRelabelings: []
+ # - sourceLabels:
+ # - "__name__"
+ # targetLabel: "__name__"
+ # action: replace
+ # regex: '(.*)'
+ # replacement: 'example_prefix_$1'
+
+ ## Prometheus Operator PrometheusRule configuration
+ ##
+ prometheusRules:
+ enabled: false
+
+ ## Additional labels to add to the PrometheusRule so it is picked up by the operator.
+ ## If using the [Helm Chart](https://github.com/helm/charts/tree/master/stable/prometheus-operator) this is the name of the Helm release and 'app: prometheus-operator'
+ selector:
+ app: prometheus-operator
+ release: prometheus
+
+ ## Rules as a map.
+ rules: []
+ # - alert: MariaDB-Down
+ # annotations:
+ # message: 'MariaDB instance {{ $labels.instance }} is down'
+ # summary: MariaDB instance is down
+ # expr: absent(up{job="mariadb-galera"} == 1)
+ # labels:
+ # severity: warning
+ # service: mariadb-galera
+ # for: 5m
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2022 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+apiVersion: v2
+description: ONAP Policy Clamp Controlloop K8s Participant
+name: policy-clamp-ac-k8s-ppnt
+version: 11.0.0
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2022 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+spring:
+ autoconfigure:
+ exclude: >
+ org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,
+ org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,
+ org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration
+ security:
+ user:
+ name: ${RESTSERVER_USER}
+ password: ${RESTSERVER_PASSWORD}
+ kafka:
+ consumer:
+ group-id: {{ .Values.config.kafka.consumer.groupId }}
+{{- if .Values.config.useStrimziKafka }}
+ bootstrap-servers: release-{{ .Values.config.kafkaBootstrap }}:9092
+ security.protocol: SASL_PLAINTEXT
+ properties.sasl:
+ mechanism: SCRAM-SHA-512
+ jaas.config: ${JAASLOGIN}
+{{ else }}
+{{ toYaml .Values.config.eventConsumption | nindent 2 }}
+{{- end }}
+
+security:
+ enable-csrf: false
+
+participant:
+ localChartDirectory: /home/policy/local-charts
+ infoFileName: CHART_INFO.json
+ intermediaryParameters:
+ reportingTimeIntervalMs: 120000
+ description: Participant Description
+ participantId:
+ name: K8sParticipant0
+ version: 1.0.0
+ participantType:
+ name: org.onap.policy.clamp.acm.KubernetesParticipant
+ version: 2.3.4
+ clampAutomationCompositionTopics:
+ topicSources:
+ -
+ topic: POLICY-ACRUNTIME-PARTICIPANT
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ fetchTimeout: 15000
+ useHttps: false
+ topicSinks:
+ -
+ topic: POLICY-ACRUNTIME-PARTICIPANT
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ useHttps: false
+
+# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
+# clampAutomationCompositionTopics:
+# topicSources:
+# -
+# topic: policy-acruntime-participant
+# servers:
+# - release-{{ .Values.config.kafkaBootstrap }}:9092
+# topicCommInfrastructure: kafka
+# fetchTimeout: 15000
+# useHttps: true
+# additionalProps:
+# security.protocol: SASL_PLAINTEXT
+# sasl.mechanism: SCRAM-SHA-512
+# sasl.jaas.config: ${JAASLOGIN}
+# topicSinks:
+# -
+# topic: policy-acruntime-participant
+# servers:
+# - release-{{ .Values.config.kafkaBootstrap }}:9092
+# topicCommInfrastructure: kafka
+# useHttps: true
+# additionalProps:
+# security.protocol: SASL_PLAINTEXT
+# sasl.mechanism: SCRAM-SHA-512
+# sasl.jaas.config: ${JAASLOGIN}
+
+management:
+ endpoints:
+ web:
+ exposure:
+ include: health, metrics, prometheus
+
+server:
+ # Configuration of the HTTP/REST server. The parameters are defined and handled by the springboot framework.
+ # See springboot documentation.
+ port: 8083
+ servlet:
+ context-path: /onap/policy/clamp/acm/k8sparticipant
+ ssl:
+ enabled: false
+
+
+logging:
+ # Configuration of logging
+ level:
+ ROOT: INFO
+ org.springframework: ERROR
+ org.springframework.data: ERROR
+ org.springframework.web.reactive.function.client.ExchangeFunctions: ERROR
+ org.onap.policy.clamp.controlloop.participant.kubernetes: INFO
+
+ file:
+ name: /var/log/onap/policy/clamp/application.log
+
+chart:
+ api:
+ enabled: false
+
+# Permitted list of helm repositories. Values are updated from values.yaml
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2022 Nordix Foundation.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/k8s-participant/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/k8s-participant/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/k8s-participant/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/k8s-participant/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/k8s-participant/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/k8s-participant/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
+</configuration>
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2022 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Chart.Name }}-configmap
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ heritage: Helm
+data:
+{{ tpl (.Files.Glob "resources/config/*.{xml,yaml}").AsConfig . | indent 2 }}
+{{- if .Values.repoList }}
+{{ tpl (.Files.Glob "resources/config/KubernetesParticipantParameters.yaml").AsConfig . | indent 2 }}
+{{ toYaml .Values.repoList | indent 4 }}
+{{ tpl (.Files.Glob "resources/config/*.{json,xml,sh}").AsConfig . | indent 2 }}
+{{- end }}
\ No newline at end of file
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2022 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ .Chart.Name }}
+ namespace: default
+ labels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ app.kubernetes.io/instance: RELEASE
+ app.kubernetes.io/managed-by: Helm
+spec:
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ app.kubernetes.io/instance: RELEASE
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ app.kubernetes.io/instance: RELEASE
+ app.kubernetes.io/managed-by: Helm
+ name: {{ .Chart.Name }}
+
+ spec:
+ initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: RESTSERVER_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-restserver-secret
+ key: login
+
+ - name: RESTSERVER_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-restserver-secret
+ key: password
+
+{{- if .Values.config.useStrimziKafka }}
+ - name: JAASLOGIN
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-policy-kafka-user
+ key: sasl.jaas.config
+
+{{- end }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: ac-k8s-ppnt-config
+ - mountPath: /config
+ name: ac-k8s-ppnt-config-processed
+ image: docker.io/dibi/envsubst:1
+ imagePullPolicy: {{ .Values.pullPolicy }}
+ name: {{ .Chart.Name }}-update-config
+ containers:
+ - name: {{ .Chart.Name }}
+ image: {{ .Values.image }}
+ imagePullPolicy: {{ .Values.pullPolicy }}
+ command: ["/opt/app/policy/clamp/bin/kubernetes-participant.sh"]
+ args: ["/opt/app/policy/clamp/etc/mounted/KubernetesParticipantParameters.yaml"]
+ ports:
+ - containerPort: 8083
+ name: http-api
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/policy/clamp/etc/mounted
+ name: ac-k8s-ppnt-config-processed
+ resources:
+{{ toYaml .Values.resources.small | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ serviceAccountName: {{ .Chart.Name }}-create
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: ac-k8s-ppnt-config
+ configMap:
+ name: {{ .Chart.Name }}-configmap
+ defaultMode: 0755
+ - name: ac-k8s-ppnt-config-processed
+ emptyDir:
+ medium: Memory
+ imagePullSecrets:
+ - name: default-docker-registry-key"
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2022 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ .Chart.Name }}-binding
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ heritage: Helm
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cluster-admin
+subjects:
+ - kind: ServiceAccount
+ name: {{ .Chart.Name }}-create
+ namespace: default
+
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2022 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Chart.Name }}-restserver-secret
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ heritage: Helm
+type: Opaque
+stringData:
+ login: {{ .Values.restServer.user }}
+ password: {{ .Values.restServer.password }}
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Chart.Name }}-policy-kafka-user
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ heritage: Helm
+type: Opaque
+stringData:
+ sasl.jaas.config: {{ .Values.config.jaas }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2022 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .Chart.Name }}-create
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2022 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Chart.Name }}
+ namespace: default
+ labels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ app.kubernetes.io/managed-by: Helm
+
+spec:
+ ports:
+ - port: {{ .Values.service.ports.port }}
+ targetPort: {{ .Values.service.ports.port }}
+ nodePort: {{ .Values.service.ports.nodePort }}
+ protocol: TCP
+ name: {{ .Values.service.ports.name }}
+ type: {{ .Values.service.type }}
+ selector:
+ app.kubernetes.io/name: {{ .Chart.Name }}
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2022 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/policy-clamp-ac-k8s-ppnt:6.3.1
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+restServer:
+ user: participantUser
+ password: zb!XztG34
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ port: http-api
+
+readiness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ port: http-api
+
+service:
+ type: NodePort
+ name: policy-clamp-ac-k8s-ppnt
+ useNodePortExt: true
+ ports:
+ name: http-api
+ port: 8083
+ nodePort: 30443
+
+ingress:
+ enabled: false
+
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-clamp-ac-k8s-ppnt
+ roles:
+ - create
+# Update the config here for permitting repositories and protocols
+repoList:
+ helm:
+ repos:
+ -
+ repoName: kong
+ address: https://charts.konghq.com
+ -
+ repoName: bitnami
+ address: https://charts.bitnami.com/bitnami
+
+ protocols:
+ - http
+ - https
+
+config:
+# Event consumption (kafka) properties
+ useStrimziKafka: true
+ kafkaBootstrap: strimzi-kafka-bootstrap
+ kafka:
+ consumer:
+ groupId: policy-group
+ app:
+ listener:
+ acRuntimeTopic: policy-acruntime-participant
+ jaas: KuldHochQipa7,
+# If targeting a custom kafka cluster, ie useStrimziKakfa: false
+# uncomment below config and target your kafka bootstrap servers,
+# along with any other security config.
+#
+# eventConsumption:
+# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
+# spring.kafka.security.protocol: PLAINTEXT
+# spring.kafka.consumer.group-id: policy-group
+#
+# Any new property can be added in the env by setting in overrides in the format mentioned below
+# All the added properties must be in "key: value" format instead of yaml.
+# additional:
+# spring.config.max-size: 200
+# spring.config.min-size: 10
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2022 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+apiVersion: v2
+description: ONAP Policy Clamp Controlloop Runtime
+name: policy-clamp-runtime-acm
+version: 11.0.0
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2022 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+spring:
+ security:
+ user:
+ name: ${RUNTIME_USER}
+ password: ${RUNTIME_PASSWORD}
+ mvc:
+ converters:
+ preferred-json-mapper: gson
+ datasource:
+ url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/clampacm
+ driverClassName: org.mariadb.jdbc.Driver
+ username: ${SQL_USER}
+ password: ${SQL_PASSWORD}
+ hikari:
+ connectionTimeout: 30000
+ idleTimeout: 600000
+ maxLifetime: 1800000
+ maximumPoolSize: 10
+ jpa:
+ hibernate:
+ ddl-auto: update
+ naming:
+ physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
+ implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy
+ properties:
+ hibernate:
+ dialect: org.hibernate.dialect.MariaDB103Dialect
+ format_sql: true
+ kafka:
+ consumer:
+ group-id: {{ .Values.config.kafka.consumer.groupId }}
+{{- if .Values.config.useStrimziKafka }}
+ bootstrap-servers: {{ .Values.config.kafkaBootstrap }}:9092
+ security.protocol: SASL_PLAINTEXT
+ properties.sasl:
+ mechanism: SCRAM-SHA-512
+ jaas.config: ${JAASLOGIN}
+{{ else }}
+{{ toYaml .Values.config.eventConsumption | nindent 2 }}
+{{- end }}
+
+security:
+ enable-csrf: false
+
+server:
+ port: 6969
+ servlet:
+ context-path: /onap/policy/clamp/acm
+ error:
+ path: /error
+ ssl:
+ enabled: false
+
+
+runtime:
+ participantParameters:
+ heartBeatMs: 120000
+ maxMessageAgeMs: 600000
+ maxStatusWaitMs: 100000
+ updateParameters:
+ maxRetryCount: 3
+ maxWaitMs: 100000
+ topicParameterGroup:
+ topicSources:
+ -
+ topic: POLICY-ACRUNTIME-PARTICIPANT
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ useHttps: false
+ fetchTimeout: 15000
+ topicSinks:
+ -
+ topic: POLICY-ACRUNTIME-PARTICIPANT
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ useHttps: false
+
+# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
+# topicParameterGroup:
+# topicSources:
+# -
+# topic: policy-acruntime-participant
+# servers:
+# - {{ .Values.config.kafkaBootstrap }}:9092
+# topicCommInfrastructure: kafka
+# useHttps: true
+# fetchTimeout: 15000
+# additionalProps:
+# security.protocol: SASL_PLAINTEXT
+# sasl.mechanism: SCRAM-SHA-512
+# sasl.jaas.config: ${JAASLOGIN}
+# topicSinks:
+# -
+# topic: policy-acruntime-participant
+# servers:
+# - {{ .Values.config.kafkaBootstrap }}:9092
+# topicCommInfrastructure: kafka
+# useHttps: true
+# additionalProps:
+# security.protocol: SASL_PLAINTEXT
+# sasl.mechanism: SCRAM-SHA-512
+# sasl.jaas.config: ${JAASLOGIN}
+
+management:
+ endpoints:
+ web:
+ exposure:
+ include: health, metrics, prometheus
--- /dev/null
+#!/bin/sh
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+mysql() { /usr/bin/mysql -h ${MYSQL_HOST} -P ${MYSQL_USER} "$@"; };
+
+for db in migration pooling policyadmin policyclamp operationshistory clampacm
+do
+ mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};"
+ mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;"
+done
+
+mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "FLUSH PRIVILEGES;"
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2022 Nordix Foundation.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/policy-clamp-runtime-acm/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/policy-clamp-runtime-acm/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/policy-clamp-runtime-acm/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/policy-clamp-runtime-acm/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/policy-clamp-runtime-acm/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/policy-clamp-runtime-acm/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
+</configuration>
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2022 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Chart.Name }}-configmap
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ heritage: Helm
+{{- with .Files.Glob "resources/config/*store" }}
+binaryData:
+{{- range $path, $bytes := . }}
+ {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }}
+{{- end }}
+{{- end }}
+data:
+{{ tpl (.Files.Glob "resources/config/*.{json,xml,yaml}").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2022 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ .Chart.Name }}
+ namespace: default
+spec:
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ app.kubernetes.io/instance: RELEASE
+ app.kubernetes.io/managed-by: Helm
+ name: {{ .Chart.Name }}
+ spec:
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --job-name
+ - policy-galera-init
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: nexus3.onap.org:10001/onap/oom/readiness:3.0.1
+ imagePullPolicy: {{ .Values.pullPolicy }}
+ name: {{ .Chart.Name }}-readiness
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: SQL_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-db-secret
+ key: login
+
+ - name: SQL_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-db-secret
+ key: password
+
+ - name: RUNTIME_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-runtime-secret
+ key: login
+
+ - name: RUNTIME_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-runtime-secret
+ key: password
+
+{{- if .Values.config.useStrimziKafka }}
+ - name: JAASLOGIN
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-policy-kafka-user
+ key: sasl.jaas.config
+
+{{- end }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: ac-runtime-config
+ - mountPath: /config
+ name: ac-runtime-config-processed
+ image: docker.io/dibi/envsubst:1
+ imagePullPolicy: {{ .Values.pullPolicy }}
+ name: {{ .Chart.Name }}-update-config
+ containers:
+ - name: {{ .Chart.Name }}
+ image: {{ .Values.image }}
+ imagePullPolicy: {{ .Values.pullPolicy }}
+ command: ["/opt/app/policy/clamp/bin/acm-runtime.sh"]
+ args: ["/opt/app/policy/clamp/etc/mounted/acRuntimeParameters.yaml"]
+ ports:
+ - containerPort: 6969
+ name: http-api
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/policy/clamp/etc/mounted
+ name: ac-runtime-config-processed
+ resources:
+{{ toYaml .Values.resources.small | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ serviceAccountName: {{ .Chart.Name }}-read
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: ac-runtime-config
+ configMap:
+ name: {{ .Chart.Name }}-configmap
+ defaultMode: 0755
+ - name: ac-runtime-config-processed
+ emptyDir:
+ medium: Memory
+ imagePullSecrets:
+ - name: "default-docker-registry-key"
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2022 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: {{ .Chart.Name }}-read
+ namespace: default
+subjects:
+- kind: ServiceAccount
+ name: {{ .Chart.Name }}-read
+roleRef:
+ kind: Role
+ name: read
+ apiGroup: rbac.authorization.k8s.io
+
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2022 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Chart.Name }}-runtime-secret
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ heritage: Helm
+type: Opaque
+stringData:
+ login: {{ .Values.config.policyAppUserName }}
+ password: {{ .Values.config.policyAppUserPassword }}
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Chart.Name }}-db-secret
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ heritage: Helm
+type: Opaque
+stringData:
+ login: {{ .Values.db.user }}
+ password: {{ .Values.db.password }}
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Chart.Name }}-policy-kafka-user
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ heritage: Helm
+type: Opaque
+stringData:
+ sasl.jaas.config: {{ .Values.config.jaas }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2022 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .Chart.Name }}-read
+
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2022 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Chart.Name }}
+ namespace: default
+ labels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ app.kubernetes.io/managed-by: Helm
+
+spec:
+ ports:
+ - port: {{ .Values.service.ports.port }}
+ targetPort: {{ .Values.service.ports.port }}
+ nodePort: {{ .Values.service.ports.nodePort }}
+ protocol: TCP
+ name: {{ .Values.service.ports.name }}
+ type: {{ .Values.service.type }}
+ selector:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2022 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: nexus3.onap.org:10001/onap/policy-clamp-runtime-acm:6.3.1
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+config:
+ policyAppUserName: runtimeUser
+ policyAppUserPassword: zb!XztG34
+ jaas: JuzgCumoDahj9*
+
+# Event consumption (kafka) properties
+ useStrimziKafka: true
+ kafkaBootstrap: strimzi-kafka-bootstrap
+ kafka:
+ consumer:
+ groupId: policy-group
+ app:
+ listener:
+ acRuntimeTopic: policy.policy-acruntime-participant
+# If targeting a custom kafka cluster, ie useStrimziKakfa: false
+# uncomment below config and target your kafka bootstrap servers,
+# along with any other security config.
+#
+# eventConsumption:
+# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
+# spring.kafka.security.protocol: PLAINTEXT
+# spring.kafka.consumer.group-id: policy-group
+#
+# Any new property can be added in the env by setting in overrides in the format mentioned below
+# All the added properties must be in "key: value" format instead of yaml.
+# additional:
+# spring.config.max-size: 200
+# spring.config.min-size: 10
+
+db:
+ user: policy-user
+ password: policy-user
+ service:
+ name: mariadb-galera
+ internalPort: 3306
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ port: http-api
+
+readiness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ port: http-api
+
+service:
+ type: NodePort
+ name: policy-clamp-runtime-acm
+ useNodePortExt: true
+ ports:
+ name: http-api
+ port: 6969
+ nodePort: 30442
+
+ingress:
+ enabled: false
+
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-clamp-runtime-acm
+ roles:
+ - read
appVersion: "1.0"
description: A Helm chart for Kubernetes
name: policy-models-simulator
-version: 0.1.0
+version: 11.0.0
"name": "DMaaP simulator",
"providerClass": "org.onap.policy.models.sim.dmaap.rest.DmaapSimRestControllerV1",
"host": "0.0.0.0",
- "port": 3905,
- "https": true
+ "port": 3904,
+ "https": false
},
{
"name": "A&AI simulator",
"providerClass": "org.onap.policy.simulators.AaiSimulatorJaxRs",
"host": "0.0.0.0",
"port": 6666,
- "https": true
- },
- {
- "name": "Guard simulator",
- "providerClass": "org.onap.policy.simulators.GuardSimulatorJaxRs",
- "host": "0.0.0.0",
- "port": 6667,
- "https": true
+ "https": false,
+ "userName": "policy@policy.onap.org",
+ "password": "demo123456!",
+ "resourceLocation": "/opt/app/policy/simulators/etc/mounted/aairesponse/"
},
{
"name": "SDNC simulator",
"providerClass": "org.onap.policy.simulators.SdncSimulatorJaxRs",
"host": "0.0.0.0",
"port": 6668,
- "https": true
+ "https": false
},
{
"name": "SO simulator",
"providerClass": "org.onap.policy.simulators.SoSimulatorJaxRs",
"host": "0.0.0.0",
"port": 6669,
- "https": true
+ "https": false,
+ "userName": "InfraPortalClient",
+ "password": "password1$"
},
{
"name": "VFC simulator",
"providerClass": "org.onap.policy.simulators.VfcSimulatorJaxRs",
"host": "0.0.0.0",
"port": 6670,
- "https": true
+ "https": false
}
],
"topicSinks": [
"topic": "APPC-CL",
"servers": ["${HOST_NAME}"],
"topicCommInfrastructure": "DMAAP",
- "useHttps": true,
- "allowSelfSignedCerts" : true
+ "useHttps": false,
+ "apiKey": "some-key",
+ "apiSecret": "some-secret"
},
{
"topic": "APPC-LCM-WRITE",
"servers": ["${HOST_NAME}"],
"topicCommInfrastructure": "DMAAP",
- "useHttps": true,
- "allowSelfSignedCerts" : true
- },
- {
- "topic": "SDNR-CL",
- "servers": ["${HOST_NAME}"],
- "topicCommInfrastructure": "DMAAP",
- "useHttps": true,
- "allowSelfSignedCerts" : true
+ "useHttps": false,
+ "apiKey": "some-key",
+ "apiSecret": "some-secret"
}
],
"topicSources": [
"topic": "APPC-CL",
"servers": ["${HOST_NAME}"],
"topicCommInfrastructure": "DMAAP",
- "useHttps": true,
- "allowSelfSignedCerts" : true
+ "useHttps": false,
+ "apiKey": "some-key",
+ "apiSecret": "some-secret"
},
{
"topic": "APPC-LCM-READ",
"servers": ["${HOST_NAME}"],
"topicCommInfrastructure": "DMAAP",
- "useHttps": true,
- "allowSelfSignedCerts" : true
- },
- {
- "topic": "SDNR-CL-RSP",
- "servers": ["${HOST_NAME}"],
- "topicCommInfrastructure": "DMAAP",
- "useHttps": true,
- "allowSelfSignedCerts" : true
+ "useHttps": false,
+ "apiKey": "some-key",
+ "apiSecret": "some-secret"
}
],
"topicServers": [
"providerClass": "org.onap.policy.simulators.AppcLcmTopicServer",
"sink": "APPC-LCM-WRITE",
"source": "APPC-LCM-READ"
- },
- {
- "name": "SDNR simulator",
- "providerClass": "org.onap.policy.simulators.SdnrTopicServer",
- "sink": "SDNR-CL",
- "source": "SDNR-CL-RSP"
}
],
"grpcServer": {
"timeout": 30,
"username": "ccsdkapps",
"password": "ccsdkapps",
- "resourceLocation": "/opt/app/policy/simulators/etc/mounted/",
+ "resourceLocation": "/opt/app/policy/simulators/etc/mounted/cdsresponse/",
"successRepeatCount": 0,
"requestedResponseDelayMs": 0
}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- printf "%s" $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
command: ["/opt/app/policy/simulators/bin/simulators.sh"]
args: ["/opt/app/policy/simulators/etc/mounted/simParameters.json"]
ports:
- - containerPort: {{ .Values.service.internalPort }}
- containerPort: {{ .Values.service.internalPort2 }}
- containerPort: {{ .Values.service.internalPort3 }}
- containerPort: {{ .Values.service.internalPort4 }}
- containerPort: {{ .Values.service.internalPort5 }}
- containerPort: {{ .Values.service.internalPort6 }}
+ - containerPort: {{ .Values.service.internalPort7 }}
livenessProbe:
- exec:
- command:
- - /bin/bash
- - -c
- - nodetool status | grep $POD_IP | awk '$1!="UN" { exit 1; }'
- initialDelaySeconds: 120
- periodSeconds: 20
+ tcpSocket:
+ port: 3904
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
readinessProbe:
- exec:
- command:
- - /bin/bash
- - -c
- - nodetool status | grep $POD_IP | awk '$1!="UN" { exit 1; }'
- initialDelaySeconds: 120
- periodSeconds: 20
+ tcpSocket:
+ port: 3904
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
- mountPath: /opt/app/policy/simulators/etc/mounted/
name: simconfig
apiVersion: v1
kind: Service
metadata:
- name: {{ include "policy-models-simulator.fullname" . }}
+ name: message-router
labels:
{{ include "policy-models-simulator.labels" . | indent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- port: {{ .Values.service.externalPort2 }}
targetPort: {{ .Values.service.internalPort2 }}
name: {{ .Values.service.portName }}2
- port: {{ .Values.service.externalPort6 }}
targetPort: {{ .Values.service.internalPort6 }}
name: {{ .Values.service.portName }}6
+ - port: {{ .Values.service.externalPort7 }}
+ targetPort: {{ .Values.service.internalPort7 }}
+ name: {{ .Values.service.portName }}7
selector:
app.kubernetes.io/name: {{ include "policy-models-simulator.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
# runAsNonRoot: true
# runAsUser: 1000
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ port: message-router
+
+readiness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ port: message-router
+
service:
type: ClusterIP
- name: policy-models-simulator
- portName: policy-models-simulator
- externalPort: 3905
- internalPort: 3905
+ name: message-router
+ portName: message-router
externalPort2: 6667
internalPort2: 6667
externalPort3: 6668
internalPort5: 6670
externalPort6: 6680
internalPort6: 6680
+ externalPort7: 3904
+ internalPort7: 3904
ingress:
enabled: false
--- /dev/null
+#!/bin/bash
+{{/*
+#
+# ============LICENSE_START====================================================
+# Copyright (C) 2022 Nordix Foundation.
+# =============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END======================================================
+*/}}
+mysql() { /usr/bin/mysql -h ${MYSQL_HOST} -P ${MYSQL_USER} "$@"; };
+
+for db in migration pooling policyadmin policyclamp operationshistory clampacm
+do
+ mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};"
+ mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;"
+done
+
+mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "FLUSH PRIVILEGES;"
--- /dev/null
+#!/bin/sh
+{{/*
+# ============LICENSE_START====================================================
+# Copyright (C) 2022 Nordix Foundation.
+# =============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+/opt/app/policy/bin/prepare_upgrade.sh ${SQL_DB}
+/opt/app/policy/bin/db-migrator -s ${SQL_DB} -o upgrade
+rc=$?
+/opt/app/policy/bin/db-migrator -s ${SQL_DB} -o report
+exit $rc
--- /dev/null
+{{/*
+# Copyright (C) 2022 Nordix Foundation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Chart.Name }}-db-configmap
+ namespace: default
+ labels:
+ app: policy
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+data:
+{{ tpl (.Files.Glob "resources/config/*.sh").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright (C) 2022 Nordix Foundation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: policy-galera-init
+ namespace: default
+ labels:
+ app: policy-galera-init
+spec:
+ template:
+ metadata:
+ labels:
+ app: policy-galera-init
+ name: policy-galera-init
+ spec:
+ imagePullSecrets:
+ - name: "default-docker-registry-key"
+ initContainers:
+ - name: policy-mariadb-readiness
+ image: {{ .Values.repository }}/{{ .Values.readiness.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /app/ready.py
+ - --container-name
+ - {{ index .Values "mariadb-galera" "service" "name" }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ containers:
+ - name: policy-galera-config
+ image: {{ .Values.dockerRepository }}/{{ .Values.mariadb.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /dbcmd-config/db.sh
+ name: {{ .Chart.Name }}-config
+ subPath: db.sh
+ command:
+ - /bin/sh
+ - -cx
+ - |
+ /dbcmd-config/db.sh
+ env:
+ - name: MYSQL_ROOT_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: mariadb-galera-db-root-password
+ key: password
+ optional: false
+ - name: MYSQL_HOST
+ value: "{{ index .Values "mariadb-galera" "service" "name" }}"
+ - name: MYSQL_USER
+ valueFrom:
+ secretKeyRef:
+ name: mariadb-galera-db-user-credentials
+ key: login
+ optional: false
+ - name: MYSQL_PORT
+ value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}"
+ resources:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ restartPolicy: Never
+ serviceAccount: {{ .Chart.Name }}-read
+ serviceAccountName: {{ .Chart.Name }}-read
+ volumes:
+ - name: {{ .Chart.Name }}-config
+ configMap:
+ name: {{ .Chart.Name }}-db-configmap
+ defaultMode: 0755
+ items:
+ - key: db.sh
+ path: db.sh
+
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: policy-galera-config
+ namespace: default
+ labels:
+ app: policy-galera-config
+spec:
+ template:
+ metadata:
+ labels:
+ app: policy-galera-config
+ name: policy-galera-config
+ spec:
+ imagePullSecrets:
+ - name: "default-docker-registry-key"
+ initContainers:
+ - name: policy-init-readiness
+ image: {{ .Values.repository }}/{{ .Values.readiness.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /app/ready.py
+ args:
+ - --job-name
+ - policy-galera-init
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ containers:
+ - name: policy-galera-db-migrator
+ image: {{ .Values.repository }}/{{ .Values.dbmigrator.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /dbcmd-config/db_migrator_policy_init.sh
+ name: {{ .Chart.Name }}-config
+ subPath: db_migrator_policy_init.sh
+ command:
+ - /bin/sh
+ - -cx
+ - |
+ /dbcmd-config/db_migrator_policy_init.sh
+ env:
+ - name: SQL_HOST
+ value: "{{ index .Values "mariadb-galera" "service" "name" }}"
+ - name: SQL_USER
+ valueFrom:
+ secretKeyRef:
+ name: mariadb-galera-db-user-credentials
+ key: login
+ optional: false
+ - name: SQL_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: mariadb-galera-db-user-credentials
+ key: password
+ optional: false
+ - name: SQL_DB
+ value: {{ .Values.dbmigrator.schema }}
+ - name: POLICY_HOME
+ value: {{ .Values.dbmigrator.policy_home }}
+ - name: SCRIPT_DIRECTORY
+ value: "sql"
+ resources:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ restartPolicy: Never
+ serviceAccountName: {{ .Chart.Name }}-read
+ volumes:
+ - name: {{ .Chart.Name }}-config
+ configMap:
+ name: {{ .Chart.Name }}-db-configmap
+ defaultMode: 0755
+ items:
+ - key: db_migrator_policy_init.sh
+ path: db_migrator_policy_init.sh
+
--- /dev/null
+{{/*
+# Copyright (C) 2022 Nordix Foundation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .Chart.Name }}-read
+
--- /dev/null
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+
+global:
+ aafEnabled: true
+ mariadb:
+ # '&mariadbConfig' means we "store" the values for later use in the file
+ # with '*mariadbConfig' pointer.
+ config: &mariadbConfig
+ mysqlDatabase: policyadmin
+ service: &mariadbService
+ name: &mariadb-galera mariadb-galera
+ internalPort: 3306
+ prometheusEnabled: false
+ kafkaBootstrap: strimzi-kafka-bootstrap
+ policyKafkaUser: policy-kafka-user
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-root-password
+ name: &dbRootPassSecretName 'policy-db-root-password'
+ type: password
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) (hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret"))}}'
+ password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}'
+ policy: generate
+ - uid: db-secret
+ name: &dbSecretName 'policy-db-secret'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "db" "externalSecret"))}}'
+ login: '{{ index .Values "mariadb-galera" "db" "user" }}'
+ password: '{{ index .Values "mariadb-galera" "db" "password" }}'
+ passwordPolicy: generate
+ - uid: policy-app-user-creds
+ name: &policyAppCredsSecret 'policy-app-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.policyAppUserExternalSecret) . }}'
+ login: '{{ .Values.config.policyAppUserName }}'
+ password: '{{ .Values.config.policyAppUserPassword }}'
+ passwordPolicy: generate
+
+db: &dbSecretsHook
+ credsExternalSecret: *dbSecretName
+
+policy-models-simulator:
+ enabled: true
+policy-clamp-ac-k8s-ppnt:
+ enabled: true
+policy-clamp-runtime-acm:
+ enabled: true
+ db: *dbSecretsHook
+ config:
+ appUserExternalSecret: *policyAppCredsSecret
+
+#################################################################
+# DB configuration defaults.
+#################################################################
+
+repository: nexus3.onap.org:10001
+pullPolicy: Always
+
+dockerRepository: docker.io
+
+mariadb:
+ image: mariadb:10.5.8
+
+dbmigrator:
+ image: onap/policy-db-migrator:2.5.1
+ schema: policyadmin
+ policy_home: "/opt/app/policy"
+
+subChartsOnly:
+ enabled: true
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# default number of instances
+#replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ image: onap/oom/readiness:3.0.1
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+
+config:
+ policyAppUserName: runtimeUser
+ useStrimziKafka: true
+ acRuntimeTopic:
+ name: policy-acruntime-participant
+ partitions: 10
+ retentionMs: 7200000
+ segmentBytes: 1073741824
+ consumer:
+ groupId: policy-group
+ policyHeartbeatTopic:
+ name: policy-heartbeat
+ partitions: 10
+ retentionMs: 7200000
+ segmentBytes: 1073741824
+ consumer:
+ groupId: policy-group
+ policyNotificationTopic:
+ name: policy-notification
+ partitions: 10
+ retentionMs: 7200000
+ segmentBytes: 1073741824
+ consumer:
+ groupId: policy-group
+ someConfig: blah
+
+mariadb-galera:
+ # mariadb-galera.config and global.mariadb.config must be equals
+ db:
+ user: policy-user
+ # password:
+ externalSecret: *dbSecretName
+ name: &mysqlDbName policyadmin
+ rootUser:
+ externalSecret: *dbRootPassSecretName
+ nameOverride: *mariadb-galera
+ # mariadb-galera.service and global.mariadb.service must be equals
+ service: *mariadbService
+ #replicaCount: 1
+ persistence:
+ enabled: true
+ mountSubPath: policy/maria/data
+ serviceAccount:
+ nameOverride: *mariadb-galera
+
+# Resource Limit flavor -By Default using small
+# Segregation for Different environment (small, large, or unlimited)
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy
+ roles:
+ - read
Code Review / policy / docker.git / commitdiff