# in case of csit running for PAP (groups should be for pap) but starts apex-pdp for dependencies.
if [ -z "$PROJECT" ]; then
- PROJECT=$component
+ export PROJECT=$component
fi
if [ -n "$component" ]; then
docker-compose -f "${COMPOSE_FOLDER}"/docker-compose.yml up -d "${component}"
fi
else
- PROJECT=pap
+ export PROJECT=api # api has groups.json complete with all 3 pdps
if [ "$gui" = true ]; then
echo "Starting application with gui..."
docker-compose -f "${COMPOSE_FOLDER}"/docker-compose.yml \
ROBOT_DOCKER_IMAGE="policy-csit-robot"
POLICY_CLAMP_ROBOT="policy-clamp-test.robot"
POLICY_API_ROBOT="api-test.robot"
-POLICY_PAP_ROBOT="pap-test.robot"
+POLICY_PAP_ROBOT="pap-test.robot pap-slas.robot"
POLICY_APEX_PDP_ROBOT="apex-pdp-test.robot"
POLICY_XACML_PDP_ROBOT="xacml-pdp-test.robot"
POLICY_DROOLS_PDP_ROBOT="drools-pdp-test.robot"
sudo snap remove microk8s;rm -rf $HOME/.kube/config
sudo rm -rf /dockerdata-nfs/mariadb-galera/
echo "K8s Cluster removed"
+ echo "Clean up docker"
+ docker system prune -af
}
echo "Importing robot image into microk8s registry"
docker save -o policy-csit-robot.tar ${ROBOT_DOCKER_IMAGE}:latest
microk8s ctr image import policy-csit-robot.tar
+}
+
+
+function start_csit () {
+ build_robot_image
if [ "${?}" -eq 0 ]; then
- rm -rf policy-csit-robot.tar
- rm -rf tests/models/
+ rm -rf ${WORKSPACE}/csit/resources/policy-csit-robot.tar
+ rm -rf ${WORKSPACE}/csit/resources/tests/models/
echo "---------------------------------------------"
echo "Installing Robot framework pod for running CSIT"
cd ${WORKSPACE}/helm
mkdir -p ${ROBOT_LOG_DIR}
microk8s helm install csit-robot robot --set robot="$ROBOT_FILE" --set "readiness={${READINESS_CONTAINERS[*]}}" --set robotLogDir=$ROBOT_LOG_DIR;
print_robot_log
- fi
+ fi
}
cd ${WORKSPACE}/helm || exit;
microk8s helm dependency build policy
microk8s helm install csit-policy policy
+ microk8s helm install prometheus prometheus
echo "Policy chart installation completed"
echo "-------------------------------------------"
fi
echo "CSIT will be invoked from $ROBOT_FILE"
echo "Readiness containers: ${READINESS_CONTAINERS[*]}"
echo "-------------------------------------------"
- build_robot_image
+ start_csit
else
echo "No project supplied for running CSIT"
fi
+++ /dev/null
-{{/*
-# Copyright © 2022 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if default false (and .Values.global.metrics.enabled .Values.global.metrics.custom_resources) }}
-apiVersion: monitoring.coreos.com/v1
-kind: PrometheusRule
-metadata:
- name: { .Chart.Name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app.kubernetes.io/name: {{ .Chart.Name }}
- helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- app.kubernetes.io/managed-by: Helm
-
- {{- toYaml .Values.metrics.prometheusRules.selector | nindent 4 }}
-spec:
- groups:
- - name: {{ .Chart.Name }}
- rules:
- {{- toYaml .Values.metrics.prometheusRules.rules | nindent 6 }}
-{{- end }}
-
- name: mariadb-galera-actual-config
mountPath: /opt/bitnami/mariadb/conf
{{- end }}
- {{- if default false .Values.global.metrics.enabled }}
- - name: {{ .Chart.Name }}-metrics
- image: {{ .Values.metrics.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.metrics.pullPolicy | quote}}
- env:
- - name: MARIADB_METRICS_EXTRA_FLAGS
- value: {{ default "" (join " " .Values.metrics.extraFlags) | quote }}
- - name: MARIADB_ROOT_USER
- value: {{ .Values.rootUser.user | quote }}
- - name: MARIADB_ROOT_PASSWORD
- valueFrom:
- secretKeyRef:
- name: mariadb-galera-db-root-password
- key: password
- command:
- - sh
- - -c
- - |
- DATA_SOURCE_NAME="$MARIADB_ROOT_USER:$MARIADB_ROOT_PASSWORD@(localhost:3306)/" /bin/mysqld_exporter $MARIADB_METRICS_EXTRA_FLAGS
- ports:
- - name: tcp-metrics
- containerPort: 9104
- livenessProbe:
- httpGet:
- path: /metrics
- port: tcp-metrics
- initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }}
- periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }}
- timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }}
- successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }}
- failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }}
- readinessProbe:
- httpGet:
- path: /metrics
- port: tcp-metrics
- initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }}
- periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }}
- timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }}
- successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }}
- failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }}
- securityContext:
- runAsUser: 10001
- runAsGroup: 10001
- fsGroup: 10001
- resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
- {{- end }}
imagePullSecrets:
- name: default-docker-registry-key
{{- if .Values.schedulerName }}
--- /dev/null
+#
+# ===========LICENSE_START====================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=====================================================
+#
+
+apiVersion: v2
+name: prometheus
+description: Prometheus server to collect all policy components metrics
+keywords:
+- prometheus
+- metrics
+- monitoring
+type: application
+version: 0.1.0
--- /dev/null
+#
+# ===========LICENSE_START====================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=====================================================
+#
+
+# global config
+global:
+ scrape_interval: 60s
+ evaluation_interval: 10s
+
+# Alertmanager configuration
+alerting:
+ alertmanagers:
+ - static_configs:
+ - targets:
+ # - alertmanager:9093
+
+# scrape config
+scrape_configs:
+ - job_name: "api-metrics"
+ metrics_path: /policy/api/v1/metrics
+ static_configs:
+ - targets: ["policy-api:6969"]
+ basic_auth:
+ username: "policyadmin"
+ password: "zb!XztG34"
+
+ - job_name: "pap-metrics"
+ metrics_path: /policy/pap/v1/metrics
+ static_configs:
+ - targets: ["policy-pap:6969"]
+ basic_auth:
+ username: "policyadmin"
+ password: "zb!XztG34"
+
+ - job_name: "apex-pdp-metrics"
+ static_configs:
+ - targets:
+ - "policy-apex-pdp:6969"
+ basic_auth:
+ username: "policyadmin"
+ password: "zb!XztG34"
+
+ # - job_name: "drools-apps-metrics"
+ # static_configs:
+ # - targets:
+ # - "drools-apps:9696"
+ # basic_auth:
+ # username: "demo@people.osaaf.org"
+ # password: "demo123456!"
+
+ - job_name: "drools-pdp-metrics"
+ static_configs:
+ - targets:
+ - "policy-drools-pdp:9696"
+ basic_auth:
+ username: "demo@people.osaaf.org"
+ password: "demo123456!"
+
+ - job_name: "distribution-metrics"
+ static_configs:
+ - targets:
+ - "policy-distribution:6969"
+ basic_auth:
+ username: "policyadmin"
+ password: "zb!XztG34"
+
+ - job_name: "xacml-pdp-metrics"
+ static_configs:
+ - targets:
+ - "policy-xacml-pdp:6969"
+ basic_auth:
+ username: "policyadmin"
+ password: "zb!XztG34"
+
+ - job_name: "acm-metrics"
+ metrics_path: "/onap/policy/clamp/acm/prometheus"
+ static_configs:
+ - targets:
+ - "policy-clamp-runtime-acm:6969"
+ basic_auth:
+ username: "runtimeUser"
+ password: "zb!XztG34"
--- /dev/null
+#
+# ===========LICENSE_START====================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=====================================================
+#
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ .Chart.Name }}
+ namespace: default
+rules:
+- apiGroups: [""]
+ resources:
+ - nodes
+ - services
+ - endpoints
+ - pods
+ verbs: ["get", "list", "watch"]
+- apiGroups:
+ - extensions
+ resources:
+ - ingresses
+ verbs: ["get", "list", "watch"]
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ .Chart.Name }}-read
+ namespace: default
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ .Chart.Name }}-read
+subjects:
+- kind: ServiceAccount
+ name: {{ .Chart.Name }}-read
+ namespace: default
--- /dev/null
+#
+# ===========LICENSE_START====================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=====================================================
+#
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Chart.Name }}-configmap
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ heritage: Helm
+{{- with .Files.Glob "resources/*store" }}
+binaryData:
+{{- range $path, $bytes := . }}
+ {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }}
+{{- end }}
+{{- end }}
+data:
+{{ tpl (.Files.Glob "resources/*.{yaml,yml}").AsConfig . | indent 2 }}
\ No newline at end of file
--- /dev/null
+
+# ===========LICENSE_START====================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=====================================================
+#
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ .Chart.Name }}
+ namespace: default
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/name: {{ .Chart.Name }}
+ helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ app.kubernetes.io/instance: RELEASE
+ app.kubernetes.io/managed-by: Helm
+ annotations:
+ prometheus.io/scrape: "true"
+ prometheus.io/port: "9090"
+ spec:
+ containers:
+ - image: prom/prometheus:v2.32.1
+ name: prometheus
+ args:
+ - '--config.file=/etc/prometheus/prometheus.yml'
+ ports:
+ - containerPort: 9090
+ resources: {}
+ volumeMounts:
+ - mountPath: /etc/prometheus
+ name: prometheusconfig
+ hostname: prometheus
+ restartPolicy: Always
+ volumes:
+ - name: prometheusconfig
+ configMap:
+ name: {{ .Chart.Name }}-configmap
+ defaultMode: 0755
--- /dev/null
+#
+# ===========LICENSE_START====================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=====================================================
+#
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: {{ .Chart.Name }}-read
+ namespace: default
+subjects:
+- kind: ServiceAccount
+ name: {{ .Chart.Name }}-read
+roleRef:
+ kind: Role
+ name: read
+ apiGroup: rbac.authorization.k8s.io
--- /dev/null
+#
+# ===========LICENSE_START====================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=====================================================
+#
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .Chart.Name }}-read
+ namespace: default
-{{/*
-# Copyright © 2022 Nordix Foundation
#
+# ===========LICENSE_START====================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-*/}}
+# ============LICENSE_END=====================================================
+#
-{{- if default false .Values.global.metrics.enabled }}
apiVersion: v1
kind: Service
metadata:
- name: {{ .Chart.Name }}-metrics
+ name: {{ .Chart.Name }}
namespace: default
labels:
app.kubernetes.io/name: {{ .Chart.Name }}
helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
app.kubernetes.io/managed-by: Helm
+ annotations:
+ prometheus.io/scrape: 'true'
+ prometheus.io/port: '9090'
spec:
- type: {{ .Values.metrics.service.type }}
+ type: NodePort
ports:
- - name: tcp-metrics
- port: {{ .Values.metrics.service.port }}
- targetPort: tcp-metrics
+ - port: 9090
+ targetPort: 9090
+ nodePort: 30909
selector:
- matchLabels:
- app.kubernetes.io/name: {{ .Chart.Name }}
-
-{{- end }}
+ app.kubernetes.io/name: {{ .Chart.Name }}
Code Review / policy / docker.git / commitdiff